diff --git a/include/download.mk b/include/download.mk index a638e69382..c69d84939c 100644 --- a/include/download.mk +++ b/include/download.mk @@ -27,7 +27,7 @@ define dl_method $(strip \ $(if $(filter git,$(2)),$(call dl_method_git,$(1),$(2)), $(if $(2),$(2), \ - $(if $(filter @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \ + $(if $(filter @OPENWRT @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \ $(if $(filter git://%,$(1)),$(call dl_method_git,$(1),$(2)), \ $(if $(filter svn://%,$(1)),svn, \ $(if $(filter cvs://%,$(1)),cvs, \ diff --git a/package/boot/fconfig/Makefile b/package/boot/fconfig/Makefile index 9b806fe97c..5784477bf4 100644 --- a/package/boot/fconfig/Makefile +++ b/package/boot/fconfig/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=20080329 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=4ff0e8f07e35e46b705c0dbe9d9544ede01ea092a69e3f7db03e55a3f2bb8eb7 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) diff --git a/package/boot/uboot-sunxi/Makefile b/package/boot/uboot-sunxi/Makefile index 18e5430cbf..1b9b06c8b0 100644 --- a/package/boot/uboot-sunxi/Makefile +++ b/package/boot/uboot-sunxi/Makefile @@ -340,7 +340,7 @@ UBOOT_TARGETS := \ nanopi_neo_plus2 \ nanopi_neo2 \ nanopi_r1 \ - nanopi_r1s_h5 \ + nanopi_r1s_h5 \ orangepi_zero \ orangepi_r1 \ orangepi_one \ diff --git a/package/ctcgfw/cdnspeedtest/Makefile b/package/ctcgfw/cdnspeedtest/Makefile new file mode 100644 index 0000000000..df92a21f2f --- /dev/null +++ b/package/ctcgfw/cdnspeedtest/Makefile @@ -0,0 +1,77 @@ +# +# Copyright (C) 2021 ImmortalWrt +# +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=CloudflareSpeedTest +PKG_VERSION:=1.4.8 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/XIU2/CloudflareSpeedTest/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=5e822fb24348dbb75aeb33c3e9f558d629892089bc918186d5e68c3341e70049 + +PKG_LICENSE:=GPL-3.0 +PKG_LICENSE_FILE:=LICENSE +PKG_MAINTAINER:=CN_SZTL + +PKG_CONFIG_DEPENDS:= \ + CONFIG_CDNSPEEDTEST_COMPRESS_GOPROXY \ + CONFIG_CDNSPEEDTEST_COMPRESS_UPX + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +GO_PKG:=CloudflareSpeedTest +GO_PKG_LDFLAGS:=-s -w + +include $(INCLUDE_DIR)/package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk + +define Package/cdnspeedtest + SECTION:=net + CATEGORY:=Network + TITLE:=Getting the fastest ips to your network of CDN + URL:=https://github.com/XIU2/CloudflareSpeedTest + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/cdnspeedtest/config +config CDNSPEEDTEST_COMPRESS_GOPROXY + bool "Compiling with GOPROXY proxy" + default n + +config CDNSPEEDTEST_COMPRESS_UPX + bool "Compress executable files with UPX" + default y +endef + +ifeq ($(CONFIG_CDNSPEEDTEST_COMPRESS_GOPROXY),y) + export GO111MODULE=on + export GOPROXY=https://goproxy.io +endif + +define Build/Compile + $(call GoPackage/Build/Compile) +ifeq ($(CONFIG_CDNSPEEDTEST_COMPRESS_UPX),y) + $(STAGING_DIR_HOST)/bin/upx --lzma --best $(GO_PKG_BUILD_BIN_DIR)/CloudflareSpeedTest +endif +endef + +define Package/cdnspeedtest/install + $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/CloudflareSpeedTest $(1)/usr/bin/cdnspeedtest + + $(INSTALL_DIR) $(1)/usr/share/CloudflareSpeedTest + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ip.txt $(1)/usr/share/CloudflareSpeedTest/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/ipv6.txt $(1)/usr/share/CloudflareSpeedTest/ +endef + +$(eval $(call BuildPackage,cdnspeedtest)) diff --git a/package/ctcgfw/go-nats/Makefile b/package/ctcgfw/go-nats/Makefile new file mode 100644 index 0000000000..cd34c5c82a --- /dev/null +++ b/package/ctcgfw/go-nats/Makefile @@ -0,0 +1,74 @@ +# +# Copyright (C) 2021 ImmortalWrt +# +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=go-nats +PKG_VERSION:=0.0.1 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/enobufs/go-nats.git +PKG_SOURCE_DATE:=2019-09-23 +PKG_SOURCE_VERSION:=4effc32e0f4006da0636b24f4468cf32ce494d71 +PKG_MIRROR_HASH:=52156d096ba21fdc18316040749b20868e500d7bd785a0d33533610ba7f7169b + +PKG_LICENSE:=MIT +PKG_LICENSE_FILE:=LICENSE +PKG_MAINTAINER:=CN_SZTL + +PKG_CONFIG_DEPENDS:= \ + CONFIG_GO_NATS_COMPRESS_GOPROXY \ + CONFIG_GO_NATS_COMPRESS_UPX + +PKG_BUILD_DEPENDS:=golang/host +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +GO_PKG:=github.com/enobufs/go-nats +GO_PKG_LDFLAGS:=-s -w + +include $(INCLUDE_DIR)/package.mk +include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk + +define Package/go-nats + SECTION:=net + CATEGORY:=Network + TITLE:=A NAT type discovery tool + URL:=https://github.com/enobufs/go-nats + DEPENDS:=$(GO_ARCH_DEPENDS) +endef + +define Package/go-nats/description + A NAT type discovery tool using STUN written purely in Go. +endef + +define Package/go-nats/config +config GO_NATS_COMPRESS_GOPROXY + bool "Compiling with GOPROXY proxy" + default n + +config GO_NATS_COMPRESS_UPX + bool "Compress executable files with UPX" + default y +endef + +ifeq ($(CONFIG_GO_NATS_COMPRESS_GOPROXY),y) + export GO111MODULE=on + export GOPROXY=https://goproxy.io +endif + +define Build/Compile + $(call GoPackage/Build/Compile) +ifeq ($(CONFIG_GO_NATS_COMPRESS_UPX),y) + $(STAGING_DIR_HOST)/bin/upx --lzma --best $(GO_PKG_BUILD_BIN_DIR)/go-nats +endif +endef + +$(eval $(call GoBinPackage,go-nats)) +$(eval $(call BuildPackage,go-nats)) diff --git a/package/ctcgfw/gotop/Makefile b/package/ctcgfw/gotop/Makefile index 463d6dcb31..149290092c 100644 --- a/package/ctcgfw/gotop/Makefile +++ b/package/ctcgfw/gotop/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gotop PKG_VERSION:=4.1.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/xxxserxxx/gotop/tar.gz/v$(PKG_VERSION)? @@ -29,10 +29,8 @@ PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 GO_PKG:=github.com/xxxserxxx/gotop -GO_PKG_BUILD_PKG:=github.com/xxxserxxx/gotop/cmd/gotop GO_PKG_LDFLAGS:=-s -w -GO_PKG_LDFLAGS_X:= \ - main.Version=$(PKG_VERSION) +GO_PKG_LDFLAGS_X:=main.Version=$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk @@ -73,4 +71,4 @@ endif endef $(eval $(call GoBinPackage,gotop)) -$(eval $(call BuildPackage,gotop)) \ No newline at end of file +$(eval $(call BuildPackage,gotop)) diff --git a/package/ctcgfw/rtl8188eu/Makefile b/package/ctcgfw/rtl8188eu/Makefile new file mode 100644 index 0000000000..a9d22950a1 --- /dev/null +++ b/package/ctcgfw/rtl8188eu/Makefile @@ -0,0 +1,74 @@ +# +# Copyright (C) 2021 ImmortalWrt +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=rtl8188eu +PKG_RELEASE=1 + +PKG_SOURCE_URL:=https://github.com/aircrack-ng/rtl8188eus.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_DATE:=2020-08-01 +PKG_SOURCE_VERSION:=ae1d233fe6a34a321ca1da2202bec34b1a4b41cd +PKG_MIRROR_HASH:=995d021dec4bef7ce5227239b64aee88ea6d1002464bc7a62cc2ed766607ea89 + +PKG_MAINTAINTER:=ImmortalWrt +PKG_BUILD_PARALLEL:=1 + +STAMP_CONFIGURED_DEPENDS := $(STAGING_DIR)/usr/include/mac80211-backport/backport/autoconf.h + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/rtl8188eu + SUBMENU:=Wireless Drivers + TITLE:=Realtek 8188EU(S)/8188ETV support + DEPENDS:=+kmod-cfg80211 +kmod-usb-core +@DRIVER_11N_SUPPORT +@DRIVER_11AC_SUPPORT + FILES:=$(PKG_BUILD_DIR)/rtl8188eu.ko + AUTOLOAD:=$(call AutoProbe,rtl8188eu) +endef + +NOSTDINC_FLAGS = \ + -I$(PKG_BUILD_DIR) \ + -I$(PKG_BUILD_DIR)/include \ + -I$(STAGING_DIR)/usr/include/mac80211-backport \ + -I$(STAGING_DIR)/usr/include/mac80211-backport/uapi \ + -I$(STAGING_DIR)/usr/include/mac80211 \ + -I$(STAGING_DIR)/usr/include/mac80211/uapi \ + -include backport/autoconf.h \ + -include backport/backport.h + +EXTRA_CFLAGS:= \ + -DRTW_SINGLE_WIPHY \ + -DRTW_USE_CFG80211_STA_EVENT \ + -DCONFIG_IOCTL_CFG80211 \ + -DCONFIG_CONCURRENT_MODE + +ifeq ($(CONFIG_BIG_ENDIAN),y) +EXTRA_CFLAGS += -DCONFIG_BIG_ENDIAN +else +EXTRA_CFLAGS += -DCONFIG_LITTLE_ENDIAN +endif + +EXTRA_KCONFIG:= \ + CONFIG_RTL8188EU=m \ + USER_MODULE_NAME=rtl8188eu + +MAKE_OPTS:= \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)" \ + NOSTDINC_FLAGS="$(NOSTDINC_FLAGS)" \ + USER_EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ + $(EXTRA_KCONFIG) + +define Build/Compile + +$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \ + $(MAKE_OPTS) \ + modules +endef + +$(eval $(call KernelPackage,rtl8188eu)) diff --git a/package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch b/package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch new file mode 100644 index 0000000000..187a6788ed --- /dev/null +++ b/package/ctcgfw/rtl8188eu/patches/001-use-kernel-byteorder.patch @@ -0,0 +1,15 @@ +Fix compile problem when rtw_byteorder.h and asm/byteorder.h gets +included in addition for example indirectly, do not use realtek own copy +of the byteorder headers. + +--- a/include/drv_types.h ++++ b/include/drv_types.h +@@ -24,7 +24,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include diff --git a/package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch b/package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch new file mode 100644 index 0000000000..fc8b53f3c2 --- /dev/null +++ b/package/ctcgfw/rtl8188eu/patches/010-disable-default-build-x86.patch @@ -0,0 +1,11 @@ +--- a/Makefile ++++ b/Makefile +@@ -91,7 +91,7 @@ CONFIG_RTW_SDIO_PM_KEEP_POWER = y + ###################### MP HW TX MODE FOR VHT ####################### + CONFIG_MP_VHT_HW_TX_MODE = n + ###################### Platform Related ####################### +-CONFIG_PLATFORM_I386_PC = y ++CONFIG_PLATFORM_I386_PC = n + CONFIG_PLATFORM_ARM_RPI = n + CONFIG_PLATFORM_ARM64_RPI = n + CONFIG_PLATFORM_ANDROID_X86 = n diff --git a/package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch b/package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch new file mode 100644 index 0000000000..76baf2a24a --- /dev/null +++ b/package/ctcgfw/rtl8188eu/patches/020-remove-repeat-flies.patch @@ -0,0 +1,39 @@ +From 9b2b0ec1bc2d31ddf93ed74d63fdfa6044e329a4 Mon Sep 17 00:00:00 2001 +From: Ben Greear +Date: Fri, 9 Nov 2018 16:21:43 -0800 +Subject: [PATCH] Fix build against openwrt backports tree. + +Like breaks builds elsewhere, can fix it up later. + +Signed-off-by: Ben Greear +--- + include/drv_conf.h | 4 +++- + .../{wireless.h => old_unused_rtl_wireless.h} | 0 + include/{autoconf.h => rtl_autoconf.h} | 0 + 3 files changed, 3 insertions(+), 1 deletions(-) + rename include/linux/{wireless.h => old_unused_rtl_wireless.h} (100%) + rename include/{autoconf.h => rtl_autoconf.h} (100%) + +diff --git a/include/drv_conf.h b/include/drv_conf.h +index 0d20a7e..f0a9f88 100644 +--- a/include/drv_conf.h ++++ b/include/drv_conf.h +@@ -14,7 +14,9 @@ + *****************************************************************************/ + #ifndef __DRV_CONF_H__ + #define __DRV_CONF_H__ +-#include "autoconf.h" ++ ++#include ++#include "rtl_autoconf.h" + #include "hal_ic_cfg.h" + + #if defined(PLATFORM_LINUX) && defined (PLATFORM_WINDOWS) +diff --git a/include/linux/wireless.h b/include/linux/old_unused_rtl_wireless.h +similarity index 100% +rename from include/linux/wireless.h +rename to include/linux/old_unused_rtl_wireless.h +diff --git a/include/autoconf.h b/include/rtl_autoconf.h +similarity index 100% +rename from include/autoconf.h +rename to include/rtl_autoconf.h diff --git a/package/ctcgfw/rtl8812au-ac/Makefile b/package/ctcgfw/rtl8812au-ac/Makefile index 4b3bd62e49..dfbaf06cc2 100644 --- a/package/ctcgfw/rtl8812au-ac/Makefile +++ b/package/ctcgfw/rtl8812au-ac/Makefile @@ -51,13 +51,6 @@ NOSTDINC_FLAGS = \ NOSTDINC_FLAGS += -DCONFIG_IOCTL_CFG80211 -DRTW_USE_CFG80211_STA_EVENT \ -DRTW_SINGLE_WIPHY -DCONFIG_CONCURRENT_MODE -D_LINUX_BYTEORDER_SWAB_H -ifeq ($(CONFIG_BIG_ENDIAN), y) -NOSTDINC_FLAGS += -DCONFIG_BIG_ENDIAN -endif -ifeq ($(CONFIG_LITTLE_ENDIAN), y) -NOSTDINC_FLAGS += -DCONFIG_LITTLE_ENDIAN -endif - PKG_MAKE_FLAGS += USER_MODULE_NAME=rtl8812au KERNEL_MAKE_FLAGS += CONFIG_88XXAU=m diff --git a/package/firmware/b43legacy-firmware/Makefile b/package/firmware/b43legacy-firmware/Makefile index 9b9c0070b2..ecbfc32293 100644 --- a/package/firmware/b43legacy-firmware/Makefile +++ b/package/firmware/b43legacy-firmware/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=3.130.20.0 PKG_RELEASE:=1 PKG_SOURCE:=wl_apsta-$(PKG_VERSION).o -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=7dba610b1d96dd14e901bcbce14cd6ecd1b1ac6f5c0035b0d6b6dc46a7c3ef90 include $(INCLUDE_DIR)/package.mk diff --git a/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile b/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile index a076fe2596..649325601c 100644 --- a/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile +++ b/package/firmware/lantiq/dsl-vrx200-firmware-xdsl/Makefile @@ -10,7 +10,7 @@ PKG_NAME:=dsl_vr9_firmware_xdsl PKG_VERSION:=05.08.01.08.01.06_05.08.00.0B.01.01_osc PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=44cd94130571fe42dfa8f0f9d44597d104e9e77962617fe38646b7a0b4184a2b PKG_BUILD_DEPENDS:=bsdiff/host diff --git a/package/kernel/acx-mac80211/Makefile b/package/kernel/acx-mac80211/Makefile index 6ceb5727f9..0b9142336c 100644 --- a/package/kernel/acx-mac80211/Makefile +++ b/package/kernel/acx-mac80211/Makefile @@ -114,55 +114,55 @@ endef define Download/tiacx100 FILE:=tiacx100 - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=4f05913c940c2455b267545b12d93ad81fa5eebb0cbee22a2c7588c50525b4f0 endef define Download/tiacx100r0d FILE:=tiacx100r0D - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=6a4a7fbb24a328a88261bc2a507b2a0bf63c91e831e3f1a8caa4f6599b2215e6 endef define Download/tiacx100r11 FILE:=tiacx100r11 - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=e005a93a0b463e01edba2b79038b54c29a7932efee61c851a2ac644b8a4e5dd4 endef define Download/tiacx100r15 FILE:=tiacx100r15 - URL:=http://acx100.erley.org/fw/acx100_1.9.8.b/ + URL:=@OPENWRT HASH:=c6f40bead5ef45720e2d72bbe4d998367c2c7857eb7716234aedeb2ad98bcdde endef define Download/tiacx111c16 FILE:=tiacx111c16 - URL:=http://acx100.erley.org/fw/acx111_2.3.1.31/ + URL:=@OPENWRT HASH:=cc6108d577ebc55b924ff6bab44eeee3456d284c63819277cb5460338b2f1bd7 endef define Download/tiacx111c16_1 FILE:=tiacx111c16_1.2.1_34 - URL:=http://sites.google.com/site/atorkhov/files/ + URL:=@OPENWRT HASH:=672ed9d02565ab44da450c52f0ced3be99a3a3901f73454455da8e1f98ada220 endef define Download/tiacx111c17 FILE:=tiacx111c17 - URL:=http://acx100.erley.org/fw/acx111_2.3.1.31/ + URL:=@OPENWRT HASH:=2bb900a5886dbea2d3504623d9f3ac8abbb2e9fdfcf0fe233e77951dff748a40 endef define Download/tiacx111c19 FILE:=tiacx111c19 - URL:=http://acx100.erley.org/fw/acx111_2.3.1.31/ + URL:=@OPENWRT HASH:=383d86a8cfddf92400d661b4e43a9b855350fa656edd4f75b4aff7fab2d00e90 endef define Download/tiacx111usbc1b FILE:=tiacx111usbc1B - URL:=http://acx100.erley.org/fw/acx111_2.4.0.70-USB/ + URL:=@OPENWRT HASH:=f3c9e574de7073014ab6eef9a0f6412c53ae521b67723360af753c41401ed4d5 endef diff --git a/package/kernel/broadcom-wl/Makefile b/package/kernel/broadcom-wl/Makefile index 661c7f0589..7188c4900e 100644 --- a/package/kernel/broadcom-wl/Makefile +++ b/package/kernel/broadcom-wl/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=5.10.56.27.3 PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)_$(ARCH).tar.bz2 -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT ifeq ($(ARCH),mipsel) PKG_HASH:=26a8c370f48fc129d0731cfd751c36cae1419b0bc8ca35781126744e60eae009 diff --git a/package/kernel/lantiq/ltq-adsl/Makefile b/package/kernel/lantiq/ltq-adsl/Makefile index 1a9128fc58..b2e1ccb640 100644 --- a/package/kernel/lantiq/ltq-adsl/Makefile +++ b/package/kernel/lantiq/ltq-adsl/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=3.24.4.4 PKG_RELEASE:=3 PKG_SOURCE:=drv_dsl_cpe_api_danube-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/ltq-dsl-$(BUILD_VARIANT)/drv_dsl_cpe_api-$(PKG_VERSION) -PKG_SOURCE_URL:=https://mirror2.openwrt.org/sources/ +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=eb2ed59715d3bf4e8a1460bbbe2f1660039e0a9f9d72afb1b2b16590094eb33c PKG_MAINTAINER:=John Crispin diff --git a/package/kernel/lantiq/ltq-tapi/Makefile b/package/kernel/lantiq/ltq-tapi/Makefile index 072041c589..a04f7d38e5 100644 --- a/package/kernel/lantiq/ltq-tapi/Makefile +++ b/package/kernel/lantiq/ltq-tapi/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=3.13.0 PKG_RELEASE:=4 PKG_SOURCE:=drv_tapi-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=109374d52872716570fca3fef3b93c9a93159a804dfd42484b19152b825af5c0 PKG_MAINTAINER:=John Crispin diff --git a/package/kernel/lantiq/ltq-vdsl-mei/Makefile b/package/kernel/lantiq/ltq-vdsl-mei/Makefile index 5d15f2650b..4a305d9c27 100644 --- a/package/kernel/lantiq/ltq-vdsl-mei/Makefile +++ b/package/kernel/lantiq/ltq-vdsl-mei/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=4 PKG_BASE_NAME:=drv_mei_cpe PKG_SOURCE:=$(PKG_BASE_NAME)-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION) -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=94f6904364348b7f74087e721968abc28b2564fb9bd8899aa930d36490387662 PKG_FIXUP:=autoreconf PKG_FLAGS:=nonshared diff --git a/package/kernel/lantiq/ltq-vdsl/Makefile b/package/kernel/lantiq/ltq-vdsl/Makefile index d518bd647d..c09c88057f 100644 --- a/package/kernel/lantiq/ltq-vdsl/Makefile +++ b/package/kernel/lantiq/ltq-vdsl/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=3 PKG_BASE_NAME:=drv_dsl_cpe_api PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION) -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=b4966a60653acc49254b168c6cc9c49eb36c54548e763617788aa4f252a29f21 PKG_LICENSE:=GPL-2.0 BSD-2-Clause PKG_LICENSE_FILES:=LICENSE diff --git a/package/kernel/lantiq/ltq-vmmc/Makefile b/package/kernel/lantiq/ltq-vmmc/Makefile index 586d9f6c75..c733345cfa 100644 --- a/package/kernel/lantiq/ltq-vmmc/Makefile +++ b/package/kernel/lantiq/ltq-vmmc/Makefile @@ -14,7 +14,7 @@ PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_HASH:=707f515eb727c032418c4da67d7e86884bb56cdc2a606e8f6ded6057d8767e57 -PKG_SOURCE_URL:=https://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_MAINTAINER:=John Crispin PKG_CHECK_FORMAT_SECURITY:=0 diff --git a/package/kernel/mac80211/broadcom.mk b/package/kernel/mac80211/broadcom.mk index 5233e60384..268a6e6cee 100644 --- a/package/kernel/mac80211/broadcom.mk +++ b/package/kernel/mac80211/broadcom.mk @@ -51,7 +51,7 @@ ifneq ($(CONFIG_B43_FW_5_10),) PKG_B43_FWV4_VERSION:=5.10.56.27.3 PKG_B43_FWV4_OBJECT:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)/driver/wl_apsta/wl_prebuilt.o PKG_B43_FWV4_SOURCE:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)_mipsel.tar.bz2 - PKG_B43_FWV4_SOURCE_URL:=http://mirror2.openwrt.org/sources/ + PKG_B43_FWV4_SOURCE_URL:=@OPENWRT PKG_B43_FWV4_HASH:=26a8c370f48fc129d0731cfd751c36cae1419b0bc8ca35781126744e60eae009 else ifneq ($(CONFIG_B43_FW_4_178),) @@ -59,7 +59,7 @@ ifneq ($(CONFIG_B43_FW_4_178),) PKG_B43_FWV4_VERSION:=4.178.10.4 PKG_B43_FWV4_OBJECT:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)/linux/wl_apsta.o PKG_B43_FWV4_SOURCE:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION).tar.bz2 - PKG_B43_FWV4_SOURCE_URL:=http://mirror2.openwrt.org/sources/ + PKG_B43_FWV4_SOURCE_URL:=@OPENWRT PKG_B43_FWV4_HASH:=32f6ad98facbb9045646fdc8b54bb03086d204153253f9c65d0234a5d90ae53f else ifneq ($(CONFIG_B43_FW_5_100_138),) @@ -74,7 +74,7 @@ else PKG_B43_FWV4_VERSION:=4.150.10.5 PKG_B43_FWV4_OBJECT:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION)/driver/wl_apsta_mimo.o PKG_B43_FWV4_SOURCE:=$(PKG_B43_FWV4_NAME)-$(PKG_B43_FWV4_VERSION).tar.bz2 - PKG_B43_FWV4_SOURCE_URL:=http://mirror2.openwrt.org/sources/ + PKG_B43_FWV4_SOURCE_URL:=@OPENWRT PKG_B43_FWV4_HASH:=a9f4e276a4d8d3a1cd0f2eb87080ae89b77f0a7140f06d4e9e2135fc44fdd533 endif endif diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua index 9e00fc95c3..7e5f9200fa 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/client-config.lua @@ -461,7 +461,7 @@ o.default = 2 o.rmempty = true o = s:option(Value, "seed", translate("Obfuscate password (optional)")) -o:depends({type = "vless", transport = "kcp"}) +o:depends({v2ray_protocol = "vless", transport = "kcp"}) o.rmempty = true o = s:option(Flag, "congestion", translate("Congestion")) diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index dcc6aca40c..ff01fca663 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.6.0-stable -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) diff --git a/package/libs/wolfssl/patches/010-CVE-2021-3336.patch b/package/libs/wolfssl/patches/010-CVE-2021-3336.patch new file mode 100644 index 0000000000..abb9bfdd9b --- /dev/null +++ b/package/libs/wolfssl/patches/010-CVE-2021-3336.patch @@ -0,0 +1,53 @@ +From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001 +From: Sean Parkinson +Date: Thu, 21 Jan 2021 08:24:38 +1000 +Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify + +--- + src/tls13.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/src/tls13.c ++++ b/src/tls13.c +@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF + #ifdef HAVE_ED25519 + if (args->sigAlgo == ed25519_sa_algo && + !ssl->peerEd25519KeyPresent) { +- WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify"); ++ WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + #ifdef HAVE_ED448 + if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) { +- WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify"); ++ WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + #ifdef HAVE_ECC + if (args->sigAlgo == ecc_dsa_sa_algo && + !ssl->peerEccDsaKeyPresent) { +- WOLFSSL_MSG("Oops, peer sent ECC key but not in verify"); ++ WOLFSSL_MSG("Peer sent ECC sig but not ECC cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + #ifndef NO_RSA + if (args->sigAlgo == rsa_sa_algo) { +- WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature"); ++ WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate"); + ERROR_OUT(INVALID_PARAMETER, exit_dcv); + } + if (args->sigAlgo == rsa_pss_sa_algo && + (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) { +- WOLFSSL_MSG("Oops, peer sent RSA key but not in verify"); ++ WOLFSSL_MSG("Peer sent RSA sig but not RSA cert"); ++ ret = SIG_VERIFY_E; ++ goto exit_dcv; + } + #endif + diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile index 38dbea2570..81dbc80417 100644 --- a/package/lienol/luci-app-passwall/Makefile +++ b/package/lienol/luci-app-passwall/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=4 -PKG_RELEASE:=13 -PKG_DATE:=20210207 +PKG_RELEASE:=14 +PKG_DATE:=20210209 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua index 9bb67237c2..2c124ab5f4 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua @@ -226,61 +226,71 @@ if node_section then local rules = {} ucursor:foreach(appname, "shunt_rules", function(e) local name = e[".name"] - local _node_id = node[name] or nil - if _node_id and _node_id ~= "nil" then - local _node = ucursor:get_all(appname, _node_id) - local is_proxy = node[name .. "_proxy"] - local relay_port - if is_proxy and is_proxy == "1" then - new_port = get_new_port() - relay_port = new_port - table.insert(inbounds, { - tag = "proxy_" .. name, - listen = "127.0.0.1", - port = new_port, - protocol = "dokodemo-door", - settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} - }) - if _node.tls_serverName == nil then - _node.tls_serverName = _node.address - end - _node.address = "127.0.0.1" - _node.port = new_port - end - local _outbound = gen_outbound(_node, name, relay_port) - if _outbound then - table.insert(outbounds, _outbound) + local _node_id = node[name] or "nil" + local outboundTag + if _node_id == "_direct" then + outboundTag = "direct" + elseif _node_id == "_blackhole" then + outboundTag = "blackhole" + else + if _node_id ~= "nil" then + local _node = ucursor:get_all(appname, _node_id) + local is_proxy = node[name .. "_proxy"] + local relay_port if is_proxy and is_proxy == "1" then - table.insert(rules, { - type = "field", - inboundTag = {"proxy_" .. name}, - outboundTag = "default" + new_port = get_new_port() + relay_port = new_port + table.insert(inbounds, { + tag = "proxy_" .. name, + listen = "127.0.0.1", + port = new_port, + protocol = "dokodemo-door", + settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} }) + if _node.tls_serverName == nil then + _node.tls_serverName = _node.address + end + _node.address = "127.0.0.1" + _node.port = new_port end - if e.domain_list then - local _domain = {} - string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_domain, w) - end) - table.insert(rules, { - type = "field", - outboundTag = name, - domain = _domain - }) - end - if e.ip_list then - local _ip = {} - string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_ip, w) - end) - table.insert(rules, { - type = "field", - outboundTag = name, - ip = _ip - }) + local _outbound = gen_outbound(_node, name, relay_port) + if _outbound then + table.insert(outbounds, _outbound) + if is_proxy and is_proxy == "1" then + table.insert(rules, { + type = "field", + inboundTag = {"proxy_" .. name}, + outboundTag = "default" + }) + end + outboundTag = name end end end + if outboundTag then + if e.domain_list then + local _domain = {} + string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + table.insert(_domain, w) + end) + table.insert(rules, { + type = "field", + outboundTag = outboundTag, + domain = _domain + }) + end + if e.ip_list then + local _ip = {} + string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + table.insert(_ip, w) + end) + table.insert(rules, { + type = "field", + outboundTag = outboundTag, + ip = _ip + }) + end + end end) local default_node_id = node.default_node or nil @@ -448,6 +458,10 @@ if inbounds or outbounds then tag = "direct", settings = {domainStrategy = "UseIPv4"} }) + table.insert(outbounds, { + protocol = "blackhole", + tag = "blackhole" + }) local xray = { log = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 917f2d8b13..299a324956 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -115,56 +115,52 @@ if has_xray and #nodes_table > 0 then shunt_list[#shunt_list + 1] = v end end - if #normal_list > 0 and #shunt_list > 0 then + for k, v in pairs(shunt_list) do uci:foreach(appname, "shunt_rules", function(e) local id = e[".name"] - o = s:taboption("Main", ListValue, id .. "_node", string.format('* %s', api.url("shunt_rules", id), translate(e.remarks))) - for k, v in pairs(shunt_list) do - o:depends("tcp_node", v.id) - o.cfgvalue = function(self, section) - return m:get(v.id, id) or "nil" - end - o.write = function(self, section, value) - m:set(v.id, id, value) - end - end + o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* %s', api.url("shunt_rules", id), translate(e.remarks))) + o:depends("tcp_node", v.id) o:value("nil", translate("Close")) + o:value("_direct", translate("Direct Connection")) + o:value("_blackhole", translate("Blackhole")) for k, v in pairs(normal_list) do o:value(v.id, v.remarks_name) end + o.cfgvalue = function(self, section) + return m:get(v.id, id) or "nil" + end + o.write = function(self, section, value) + m:set(v.id, id, value) + end end) local id = "default_node" - o = s:taboption("Main", ListValue, id, "* " .. translate("Default")) - for k, v in pairs(shunt_list) do - o:depends("tcp_node", v.id) - o.cfgvalue = function(self, section) - return m:get(v.id, id) or "nil" - end - o.write = function(self, section, value) - m:set(v.id, id, value) - end - end + o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default")) + o:depends("tcp_node", v.id) o:value("nil", translate("Close")) for k, v in pairs(normal_list) do o:value(v.id, v.remarks_name) end + o.cfgvalue = function(self, section) + return m:get(v.id, id) or "nil" + end + o.write = function(self, section, value) + m:set(v.id, id, value) + end local id = "main_node" - o = s:taboption("Main", ListValue, id, "* " .. translate("Default") .. translate("Preproxy")) - for k, v in pairs(shunt_list) do - o:depends("tcp_node", v.id) - o.cfgvalue = function(self, section) - return m:get(v.id, id) or "nil" - end - o.write = function(self, section, value) - m:set(v.id, id, value) - end - end + o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default") .. translate("Preproxy")) + o:depends("tcp_node", v.id) o:value("nil", translate("Close")) for k, v in pairs(normal_list) do o:value(v.id, v.remarks_name) end + o.cfgvalue = function(self, section) + return m:get(v.id, id) or "nil" + end + o.write = function(self, section, value) + m:set(v.id, id, value) + end end end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua index 0d4a61beb9..eba5bfefd7 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua @@ -82,7 +82,6 @@ o.default = "5" o.rmempty = false ---- Export ---[[ o = s:option(ListValue, "export", translate("Export Of Multi WAN")) o:value(0, translate("Auto")) local ifaces = e.net:devices() @@ -97,7 +96,6 @@ for _, iface in ipairs(ifaces) do end o.default = 0 o.rmempty = false -]]-- ---- Mode o = s:option(ListValue, "backup", translate("Mode")) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua index 3f5be4a493..4f3c4b6f51 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua @@ -128,14 +128,21 @@ balancing_node:depends("protocol", "_balancing") -- 分流 uci:foreach(appname, "shunt_rules", function(e) - o = s:option(ListValue, e[".name"], '' .. translate(e.remarks) .. "") + o = s:option(ListValue, e[".name"], string.format('* %s', api.url("shunt_rules", e[".name"]), translate(e.remarks))) o:value("nil", translate("Close")) - for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end + o:value("_direct", translate("Direct Connection")) + o:value("_blackhole", translate("Blackhole")) o:depends("protocol", "_shunt") - o = s:option(Flag, e[".name"] .. "_proxy", translate(e.remarks) .. translate("Preproxy"), translate("Use the default node for the transit.")) - o.default = 0 - o:depends("protocol", "_shunt") + if #nodes_table > 0 then + _proxy = s:option(Flag, e[".name"] .. "_proxy", translate(e.remarks) .. translate("Preproxy"), translate("Use the default node for the transit.")) + _proxy.default = 0 + + for k, v in pairs(nodes_table) do + o:value(v.id, v.remarks) + _proxy:depends(e[".name"], v.id) + end + end end) shunt_tips = s:option(DummyValue, "shunt_tips", " ") diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua index 3f87aeb380..5a3e2b5450 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua @@ -8,6 +8,12 @@ s = m:section(TypedSection, "global_delay", translate("Delay Settings")) s.anonymous = true s.addremove = false +---- Delay Start +o = s:option(Value, "start_delay", translate("Delay Start"), + translate("Units:seconds")) +o.default = "1" +o.rmempty = true + ---- Open and close Daemon o = s:option(Flag, "start_daemon", translate("Open and close Daemon")) o.default = 1 @@ -109,6 +115,14 @@ s = m:section(TypedSection, "global_other", translate("Other Settings")) s.anonymous = true s.addremove = false +---- IPv6 TProxy +o = s:option(Flag, "ipv6_tproxy", translate("IPv6 TProxy"), + "" .. translate( + "Experimental feature.Make sure that your node supports IPv6.") .. + "") +o.default = 0 +o.rmempty = false + o = s:option(MultiValue, "status", translate("Status info")) o:value("big_icon", translate("Big icon")) -- 大图标 o:value("show_check_port", translate("Show node check")) -- 显示节点检测 diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua index bebcfb7ea0..5025bf5853 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua @@ -49,6 +49,10 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end o.default = 0 o:depends("auto_update", 1) +o = s:option(Value, "xray_location_asset", translate("Location of Xray asset"), translate("This variable specifies a directory where geoip.dat and geosite.dat files are.")) +o.default = "/usr/share/xray/" +o.rmempty = false + s = m:section(TypedSection, "shunt_rules", "Xray" .. translate("Shunt") .. translate("Rule")) s.template = "cbi/tblsection" s.anonymous = false diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua index db9e5a1772..2a4fd8d008 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua @@ -45,7 +45,7 @@ o.validate = function(self, value) local ipmasks= {} string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if not datatypes.ipmask4(ipmask) then + if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!") end end @@ -83,7 +83,7 @@ o.validate = function(self, value) local ipmasks= {} string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if not datatypes.ipmask4(ipmask) then + if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!") end end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua index 62200646c5..9128db9e64 100755 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua @@ -155,7 +155,7 @@ local function start() end local function stop() - cmd(string.format("ps -w | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &", CONFIG_PATH)) + cmd(string.format("top -bn1 | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1", CONFIG_PATH)) cmd("iptables -D INPUT -j PSW-SERVER 2>/dev/null") cmd("iptables -F PSW-SERVER 2>/dev/null") cmd("iptables -X PSW-SERVER 2>/dev/null") diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm index 935cb14641..f532e88ef9 100644 --- a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm +++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm @@ -4,111 +4,144 @@ local auto_switch = api.uci_get_type("auto_switch", "enable", 0) -%> \ No newline at end of file diff --git a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po index 0d209c6863..50e4c9713f 100644 --- a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po +++ b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po @@ -412,6 +412,12 @@ msgstr "V2ray 分流" msgid "Preproxy" msgstr "前置代理" +msgid "Direct Connection" +msgstr "直连" + +msgid "Blackhole" +msgstr "黑洞" + msgid "Use the default node for the transit." msgstr "使用默认节点代理转发。" @@ -742,6 +748,12 @@ msgstr "周" msgid "oclock" msgstr "点" +msgid "Location of Xray asset" +msgstr "Xray 资源文件目录" + +msgid "This variable specifies a directory where geoip.dat and geosite.dat files are." +msgstr "此变量指定geoip.dat和geosite.dat文件所在的目录。" + msgid "Update..." msgstr "更新中" @@ -1054,6 +1066,12 @@ msgstr "节点数量" msgid "You can only set up a maximum of %s nodes for the time being, Used for access control." msgstr "目前最多只能设置%s个节点,用于给访问控制使用。" +msgid "IPv6 TProxy" +msgstr "IPv6透明代理(TProxy)" + +msgid "Experimental feature.Make sure that your node supports IPv6." +msgstr "实验特性,请确保你的节点支持IPv6" + msgid "Status info" msgstr "状态信息" diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall index b1388face2..c35a0a2fe3 100644 --- a/package/lienol/luci-app-passwall/root/etc/config/passwall +++ b/package/lienol/luci-app-passwall/root/etc/config/passwall @@ -36,6 +36,7 @@ config global_forwarding config global_other option status 'big_icon show_check_port show_ip111' option nodes_ping 'auto_ping tcping' + option ipv6_tproxy '0' config global_rules option auto_update '0' @@ -66,6 +67,26 @@ config global_subscribe config auto_switch option testing_time '1' option enable '0' + +config nodes '696cd32c1d5149ee95fd1b3accbad6df' + option remarks '分流总节点' + option type 'Xray' + option protocol '_shunt' + option youtube 'nil' + option netflix 'nil' + option TVB 'nil' + option Telegram 'nil' + option default_node 'nil' + option default_proxy '0' + option domainStrategy 'IPIfNonMatch' + +config shunt_rules 'Telegram' + option remarks 'Telegram' + option ip_list '149.154.160.0/20 +91.108.4.0/22 +91.108.56.0/24 +109.239.140.0/24 +67.198.55.0/24' config shunt_rules 'youtube' option remarks 'youtube' diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 8af513d37a..110a44abff 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -10,6 +10,7 @@ TMP_PATH=/var/etc/$CONFIG TMP_BIN_PATH=$TMP_PATH/bin TMP_ID_PATH=$TMP_PATH/id TMP_PORT_PATH=$TMP_PATH/port +TMP_ROUTE_PATH=$TMP_PATH/route LOCK_FILE=/var/lock/$CONFIG.lock LOG_FILE=/var/log/$CONFIG.log APP_PATH=/usr/share/$CONFIG @@ -305,7 +306,7 @@ load_config() { DNS_CACHE=$(config_t_get global dns_cache 0) LOCAL_DNS=$(config_t_get global up_china_dns default | sed 's/:/#/g') if [ "${LOCAL_DNS}" = "default" ]; then - DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep ".server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',') + DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',') if [ -z "${DEFAULT_DNS}" ]; then DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v "0.0.0.0" | grep -v "127.0.0.1" | grep -v "^::$" | head -2) | tr ' ' ',') fi @@ -313,7 +314,8 @@ load_config() { IS_DEFAULT_DNS=1 fi PROXY_IPV6=$(config_t_get global_forwarding proxy_ipv6 0) - mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH $TMP_PORT_PATH + export XRAY_LOCATION_ASSET=$(config_t_get global_rules xray_location_asset "/usr/share/xray/") + mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH $TMP_PORT_PATH $TMP_ROUTE_PATH return 0 } @@ -595,8 +597,36 @@ node_switch() { local log_file=$TMP_PATH/${1}.log eval current_port=\$${1}_REDIR_PORT local port=$(cat $TMP_PORT_PATH/${1}) + + local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') + for id in $ids; do + [ "$(config_n_get $id enabled 0)" == "0" ] && continue + [ "$(config_n_get $id node nil)" != "tcp" ] && continue + local socks_port=$(config_n_get $id port) + local http_port=$(config_n_get $id http_port 0) + top -bn1 | grep -E "$TMP_PATH" | grep -i "SOCKS" | grep "$id" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + tcp_node_socks=1 + tcp_node_socks_port=$socks_port + tcp_node_socks_id=$id + [ "$http_port" != "0" ] && { + tcp_node_http=1 + tcp_node_http_port=$http_port + tcp_node_http_id=$id + } + break + done + run_redir $node "0.0.0.0" $port $config_file $1 $log_file echo $node > $TMP_ID_PATH/${1} + + [ "$1" = "TCP" ] && { + [ "$(config_t_get global udp_node nil)" = "tcp_" ] && { + top -bn1 | grep -E "$TMP_PATH" | grep -i "UDP" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + UDP_NODE=$node + start_redir UDP + } + } + #local node_net=$(echo $1 | tr 'A-Z' 'a-z') #uci set $CONFIG.@global[0].${node_net}_node=$node #uci commit $CONFIG @@ -658,10 +688,10 @@ clean_log() { clean_crontab() { touch /etc/crontabs/root - #sed -i "/${CONFIG}/d" /etc/crontabs/root >/dev/null 2>&1 & - sed -i "/$(echo "/etc/init.d/${CONFIG}" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 & - sed -i "/$(echo "lua ${APP_PATH}/rule_update.lua log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 & - sed -i "/$(echo "lua ${APP_PATH}/subscribe.lua start log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 & + #sed -i "/${CONFIG}/d" /etc/crontabs/root >/dev/null 2>&1 + sed -i "/$(echo "/etc/init.d/${CONFIG}" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 + sed -i "/$(echo "lua ${APP_PATH}/rule_update.lua log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 + sed -i "/$(echo "lua ${APP_PATH}/subscribe.lua start log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 } start_crontab() { @@ -721,7 +751,6 @@ start_crontab() { stop_crontab() { clean_crontab - ps | grep "$APP_PATH/test.sh" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & /etc/init.d/cron restart #echolog "清除定时执行命令。" } @@ -914,7 +943,9 @@ add_dnsmasq() { local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil) - [ "$shunt_node_id" = "nil" ] && continue + if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then + continue + fi local shunt_node=$(config_n_get $shunt_node_id address nil) [ "$shunt_node" = "nil" ] && continue config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/998-shunt_host.conf" @@ -928,8 +959,8 @@ add_dnsmasq() { [ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}" [ -n "$CHINADNS_NG" ] && unset fwd_dns [ ! -f "${TMP_PATH}/gfwlist.txt" ] && sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt" - sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" - #sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" + #sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" + sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" echolog " - [$?]防火墙域名表(gfwlist):${fwd_dns:-默认}" else #回国模式 @@ -1035,6 +1066,44 @@ del_dnsmasq() { rm -rf $TMP_DNSMASQ_PATH } +add_ip2route() { + local ip=$(get_host_ip "ipv4" $1) + [ -z "$ip" ] && { + echolog " - 无法解析${1},路由表添加失败!" + return 1 + } + local remarks="${1}" + [ "$remarks" != "$ip" ] && remarks="${1}(${ip})" + local interface=$2 + local retries=5 + local failcount=0 + while [ "$failcount" -lt $retries ]; do + unset msg + ip route show dev ${interface} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + let "failcount++" + echolog " - 找不到出口接口:$interface,1分钟后再重试(${failcount}/${retries}),${ip}" + [ "$failcount" -ge $retries ] && return 1 + sleep 1m + else + route add -host ${ip} dev ${interface} >/dev/null 2>&1 + echolog " - ${remarks}添加路由表${interface}接口成功!" + echo "$ip" >> $TMP_ROUTE_PATH/${interface} + break + fi + done +} + +delete_ip2route() { + [ -d "${TMP_ROUTE_PATH}" ] && { + for interface in $(ls ${TMP_ROUTE_PATH}); do + for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do + route del -host ${ip} dev ${interface} >/dev/null 2>&1 + done + done + } +} + start_haproxy() { local haproxy_path haproxy_file item items lport sort_items @@ -1109,28 +1178,10 @@ start_haproxy() { server $bip:$bport $bip:$bport weight $lbweight check inter 1500 rise 1 fall 3 $bbackup EOF - #暂时不开启此功能,以后抽时间改成后台执行,防止卡luci。 -:</dev/null 2>&1 - if [ $? -ne 0 ]; then - let "failcount++" - echolog " - 找不到出口接口:$export,1分钟后再重试(${failcount}/3),${bip}" - [ "$failcount" -ge 3 ] && exit 0 - sleep 1m - else - route add -host ${bip} dev ${export} - msg="[$?] 从 ${export} 接口路由," - echo "$bip" >>/tmp/balancing_ip - break - fi - done + add_ip2route ${bip} ${export} > /dev/null 2>&1 & fi - echolog " | - ${msg}出口节点:${bip}:${bport},权重:${lbweight}" -! + echolog " | - 出口节点:${bip}:${bport},权重:${lbweight}" done # 控制台配置 @@ -1156,7 +1207,7 @@ start_haproxy() { } kill_all() { - kill -9 $(pidof "$@") >/dev/null 2>&1 & + kill -9 $(pidof "$@") >/dev/null 2>&1 } force_stop() { @@ -1195,7 +1246,15 @@ restart_dnsmasq() { } boot() { - [ "$ENABLED" == 1 ] && start + [ "$ENABLED" == 1 ] && { + local delay=$(config_t_get global_delay start_delay 1) + if [ "$delay" -gt 0 ]; then + echolog "执行启动延时 $delay 秒后再启动!" + sleep $delay && start >/dev/null 2>&1 & + else + start + fi + } return 0 } @@ -1226,12 +1285,12 @@ stop() { set_lock clean_log source $APP_PATH/iptables.sh stop + delete_ip2route kill_all v2ray-plugin obfs-local - top -bn1 | grep -v "grep" | grep $CONFIG/test.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & - top -bn1 | grep -v "grep" | grep $CONFIG/monitor.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & - top -bn1 | grep -v -E "grep|${TMP_PATH}_server" | grep -E "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & - top -bn1 | grep -v "grep" | grep "sleep 1m" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & + top -bn1 | grep -v "grep" | grep "sleep" | grep -E "9s|58s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + top -bn1 | grep -v "grep" | grep -v "app.sh" | grep "${CONFIG}/" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 rm -rf $TMP_DNSMASQ_PATH $TMP_PATH + unset XRAY_LOCATION_ASSET stop_crontab del_dnsmasq /etc/init.d/dnsmasq restart >/dev/null 2>&1 diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh index 8f033a45a6..6df408ddae 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -4,14 +4,24 @@ IPSET_LANIPLIST="laniplist" IPSET_VPSIPLIST="vpsiplist" IPSET_SHUNTLIST="shuntlist" IPSET_GFW="gfwlist" -#IPSET_GFW6="gfwlist6" IPSET_CHN="chnroute" -IPSET_CHN6="chnroute6" IPSET_BLACKLIST="blacklist" IPSET_BLACKLIST2="blacklist2" IPSET_BLACKLIST3="blacklist3" IPSET_WHITELIST="whitelist" +IPSET_LANIPLIST_6="laniplist6" +IPSET_VPSIPLIST_6="vpsiplist6" +IPSET_SHUNTLIST_6="shuntlist6" +IPSET_GFW6="gfwlist6" +IPSET_CHN6="chnroute6" +IPSET_BLACKLIST_6="blacklist_6" +IPSET_BLACKLIST2_6="blacklist2_6" +IPSET_BLACKLIST3_6="blacklist3_6" +IPSET_WHITELIST_6="whitelist_6" + +PROXY_IPV6=0 + FORCE_INDEX=2 ipt_n="iptables -t nat" @@ -79,6 +89,26 @@ get_redirect_ipt() { esac } +get_redirect_ip6t() { + case "$1" in + disable) + echo "-j RETURN" + ;; + global) + echo "$(REDIRECT $2 $3)" + ;; + gfwlist) + echo "$(dst $IPSET_GFW6) $(REDIRECT $2 $3)" + ;; + chnroute) + echo "$(dst $IPSET_CHN6 !) $(REDIRECT $2 $3)" + ;; + returnhome) + echo "$(dst $IPSET_CHN6) $(REDIRECT $2 $3)" + ;; + esac +} + get_action_chain_name() { case "$1" in disable) @@ -113,6 +143,24 @@ gen_laniplist() { EOF } +gen_laniplist_6() { + cat <<-EOF + ::/128 + ::1/128 + ::ffff:0:0/96 + ::ffff:0:0:0/96 + 64:ff9b::/96 + 100::/64 + 2001::/32 + 2001:20::/28 + 2001:db8::/32 + 2002::/16 + fc00::/7 + fe80::/10 + ff00::/8 + EOF +} + load_acl() { local items=$(get_enabled_anonymous_secs "@acl_rule") [ -n "$items" ] && { @@ -156,16 +204,24 @@ load_acl() { fi [ "$tcp_no_redir_ports" != "disable" ] && { $ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN msg2="${msg2}[$?]除${tcp_no_redir_ports}外的" } msg2="${msg2}所有端口" $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port $is_tproxy) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $tcp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $tcp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY) + fi } echolog " - ${msg2}" } $ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -j RETURN [ "$udp_proxy_mode" != "disable" ] && { msg2="${msg}使用UDP节点 [$(get_action_chain_name $udp_proxy_mode)]" @@ -174,16 +230,24 @@ load_acl() { msg2="${msg2}(TPROXY:${udp_port})代理" [ "$udp_no_redir_ports" != "disable" ] && { $ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN msg2="${msg2}[$?]除${udp_no_redir_ports}外的" } msg2="${msg2}所有端口" $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ipt $udp_proxy_mode $udp_port TPROXY) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $udp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $udp_port TPROXY) + $ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $udp_proxy_mode $udp_port TPROXY) + fi } echolog " - ${msg2}" } $ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN + $ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN done } @@ -191,7 +255,11 @@ load_acl() { local ipt_tmp=$ipt_n local is_tproxy msg if [ "$TCP_PROXY_MODE" != "disable" ]; then - [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { + $ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + $ip6t_m -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + } + ipt_tmp=$ipt_n unset is_tproxy msg [ "$TCP_NODE" != "nil" ] && { @@ -210,11 +278,19 @@ load_acl() { $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT $is_tproxy) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $TCP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $TCP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT TPROXY) + fi + echolog "${msg}" } fi $ipt_n -A PSW $(comment "默认") -p tcp -j RETURN $ipt_m -A PSW $(comment "默认") -p tcp -j RETURN + $ip6t_m -A PSW $(comment "默认") -p tcp -j RETURN # 加载UDP默认代理模式 if [ "$UDP_PROXY_MODE" != "disable" ]; then @@ -226,10 +302,18 @@ load_acl() { $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY) + $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $UDP_PROXY_MODE/6 $UDP_REDIR_PORT TPROXY) + fi + echolog "${msg}" } fi $ipt_m -A PSW $(comment "默认") -p udp -j RETURN + $ip6t_m -A PSW $(comment "默认") -p udp -j RETURN unset is_tproxy msg } @@ -243,7 +327,7 @@ filter_haproxy() { filter_vpsip() { uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - #uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIP6LIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R echolog "加入所有节点到ipset[$IPSET_VPSIPLIST]直连完成" } @@ -364,24 +448,37 @@ add_firewall_rule() { ipset -! create $IPSET_VPSIPLIST nethash ipset -! create $IPSET_SHUNTLIST nethash ipset -! create $IPSET_GFW nethash - #ipset -! create $IPSET_GFW6 nethash family inet6 ipset -! create $IPSET_CHN nethash - ipset -! create $IPSET_CHN6 nethash family inet6 ipset -! create $IPSET_BLACKLIST nethash ipset -! create $IPSET_BLACKLIST2 nethash ipset -! create $IPSET_BLACKLIST3 nethash ipset -! create $IPSET_WHITELIST nethash + ipset -! create $IPSET_LANIPLIST_6 nethash family inet6 + ipset -! create $IPSET_VPSIPLIST_6 nethash family inet6 + ipset -! create $IPSET_SHUNTLIST_6 nethash family inet6 + ipset -! create $IPSET_GFW6 nethash family inet6 + ipset -! create $IPSET_CHN6 nethash family inet6 + ipset -! create $IPSET_BLACKLIST_6 nethash family inet6 + ipset -! create $IPSET_BLACKLIST2_6 nethash family inet6 + ipset -! create $IPSET_BLACKLIST3_6 nethash family inet6 + ipset -! create $IPSET_WHITELIST_6 nethash family inet6 + local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R done cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/direct_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/chnroute6 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/direct_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/proxy_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/direct_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R ipset -! -R <<-EOF $(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /") @@ -390,14 +487,31 @@ add_firewall_rule() { echolog "系统不兼容,终止执行!" return 1 } + + ipset -! -R <<-EOF + $(gen_laniplist_6 | sed -e "s/^/add $IPSET_LANIPLIST_6 /") + EOF +# [ $? -eq 0 ] || { +# echolog "系统不兼容IPv6,终止执行!" +# return 1 +# } # 忽略特殊IP段 local lan_ifname lan_ip lan_ifname=$(uci -q -p /var/state get network.lan.ifname) [ -n "$lan_ifname" ] && { lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}') - #echolog "本机网段互访直连:${lan_ip}" - [ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 & + lan_ip6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') + #echolog "本机IPv4网段互访直连:${lan_ip}" + #echolog "本机IPv6网段互访直连:${lan_ip6}" + + [ -n "$lan_ip" ] && ipset -! -R <<-EOF + $(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST /") + EOF + + [ -n "$lan_ip6" ] && ipset -! -R <<-EOF + $(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST_6 /") + EOF } local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1) @@ -408,16 +522,25 @@ add_firewall_rule() { #echolog " - 追加到白名单:${ispip}" done } - + + local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u ) + [ -n "$ISP_DNS" ] && { + #echolog "处理 ISP IPv6 DNS 例外..." + for ispip6 in $ISP_DNS; do + ipset -! add $IPSET_WHITELIST_6 $ispip6 >/dev/null 2>&1 & + #echolog " - 追加到白名单:${ispip6}" + done + } + # 过滤所有节点IP filter_vpsip > /dev/null 2>&1 & filter_haproxy > /dev/null 2>&1 & - + $ipt_n -N PSW $ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN $ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN $ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN - + $ipt_n -N PSW_OUTPUT $ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN $ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN @@ -427,7 +550,7 @@ add_firewall_rule() { $ipt_m -A PSW $(dst $IPSET_LANIPLIST) -j RETURN $ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN $ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN - + $ipt_m -N PSW_OUTPUT $ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN $ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN @@ -435,7 +558,48 @@ add_firewall_rule() { ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 - + + local NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z') + local ipv6_tproxy=$(config_t_get global_other ipv6_tproxy 0) + + if [ $NODE_TYPE == "xray" ] && [ $ipv6_tproxy == "1" ]; then + PROXY_IPV6=1 + echolog "节点类型:$NODE_TYPE,开启实验性IPv6透明代理(TProxy)..." + else + [ $enble_ipv6=="1" ] && echolog "节点类型:$NODE_TYPE,暂不支持IPv6透明代理(TProxy)..." + fi + + #$ip6t_n -N PSW + #$ip6t_n -A PREROUTING -j PSW + + #$ip6t_n -N PSW_OUTPUT + #$ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT + + $ip6t_m -N PSW + $ip6t_m -A PSW $(dst $IPSET_LANIPLIST_6) -j RETURN + $ip6t_m -A PSW $(dst $IPSET_VPSIPLIST_6) -j RETURN + $ip6t_m -A PSW $(dst $IPSET_WHITELIST_6) -j RETURN + $ip6t_m -A PREROUTING -j PSW + + $ip6t_m -N PSW_OUTPUT + $ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST_6) -j RETURN + $ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST_6) -j RETURN + $ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST_6) -j RETURN + $ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT + + ip -6 rule add fwmark 1 table 100 + ip -6 route add local ::/0 dev lo table 100 + + [ -n "$lan_ifname" ] && { + lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段 + [ -n "$lan_ipv6" ] && { + for ip in $lan_ipv6; do + $ip6t_m -A PSW -d $ip -j RETURN + $ip6t_m -A PSW_OUTPUT -d $ip -j RETURN + done + } + } + # 加载路由器自身代理 TCP if [ "$TCP_NODE" != "nil" ]; then local ipt_tmp=$ipt_n @@ -469,11 +633,18 @@ add_firewall_rule() { $ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN + $ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS" } $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $LOCALHOST_TCP_PROXY_MODE 1 MARK) + fi fi local PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING ADBYBY) @@ -485,33 +656,14 @@ add_firewall_rule() { PR_INDEX=$((PR_INDEX + 1)) $ipt_n -I PREROUTING $PR_INDEX -p tcp -j PSW echolog "使用链表 PREROUTING 排列索引${PR_INDEX}[$?]" - - $ip6t_n -N PSW - $ip6t_n -A PREROUTING -j PSW - $ip6t_n -N PSW_OUTPUT - $ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT - - $ip6t_m -N PSW - $ip6t_m -A PREROUTING -j PSW - $ip6t_m -N PSW_OUTPUT - $ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT - [ -n "$lan_ifname" ] && { - lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段 - [ -n "$lan_ipv6" ] && { - for ip in $lan_ipv6; do - $ip6t_n -A PSW -d $ip -j RETURN - $ip6t_n -A PSW_OUTPUT -d $ip -j RETURN - done - } - } - - if [ "$PROXY_IPV6" == "1" ]; then - local msg="IPv6 配置不当,无法代理" - $ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT) - $ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT) - msg="${msg},转发 IPv6 TCP 流量到节点[$?]" - echolog "$msg" - fi + +# if [ "$PROXY_IPV6" == "1" ]; then +# local msg="IPv6 配置不当,无法代理" +# $ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT) +# $ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT) +# msg="${msg},转发 IPv6 TCP 流量到节点[$?]" +# echolog "$msg" +# fi # 过滤Socks节点 [ "$SOCKS_ENABLED" = "1" ] && { @@ -551,7 +703,7 @@ add_firewall_rule() { filter_node $node $stream $port > /dev/null 2>&1 & fi done - + # 加载路由器自身代理 UDP if [ "$UDP_NODE" != "nil" ]; then echolog "加载路由器自身 UDP 代理..." @@ -577,15 +729,21 @@ add_firewall_rule() { $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK) + + if [ "$PROXY_IPV6" == "1" ]; then + $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT 1 MARK) + $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $LOCALHOST_UDP_PROXY_MODE 1 MARK) + fi fi - + $ipt_m -A PREROUTING -j PSW - + # 加载ACLS load_acl - + # dns_hijack "force" - + echolog "防火墙规则加载完成!" } @@ -606,9 +764,11 @@ del_firewall_rule() { $ip6t_m -D PREROUTING -j PSW 2>/dev/null $ip6t_m -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null + $ip6t_m -D OUTPUT -p udp -j PSW_OUTPUT 2>/dev/null ib_nat_exist=$(expr $ib_nat_exist - 1) done + fi $ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null $ipt_n -F PSW_OUTPUT 2>/dev/null && $ipt_n -X PSW_OUTPUT 2>/dev/null @@ -622,17 +782,29 @@ del_firewall_rule() { ip rule del fwmark 1 lookup 100 2>/dev/null ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null + ip -6 rule del fwmark 1 table 100 2>/dev/null + ip -6 route del local ::/0 dev lo table 100 2>/dev/null + ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 & ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 & #ipset -F $IPSET_SHUNTLIST >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST >/dev/null 2>&1 & #ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 & - #ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & #ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 & - #ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & #ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 & #ipset -F $IPSET_BLACKLIST2 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2 >/dev/null 2>&1 & #ipset -F $IPSET_BLACKLIST3 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3 >/dev/null 2>&1 & ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 & + + ipset -F $IPSET_LANIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_VPSIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST_6 >/dev/null 2>&1 & + #ipset -F $IPSET_SHUNTLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST_6 >/dev/null 2>&1 & + #ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & + #ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST_6 >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST2_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2_6 >/dev/null 2>&1 & + #ipset -F $IPSET_BLACKLIST3_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3_6 >/dev/null 2>&1 & + ipset -F $IPSET_WHITELIST_6 >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST_6 >/dev/null 2>&1 & + echolog "删除相关防火墙规则完成。" } @@ -641,13 +813,21 @@ flush_ipset() { ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 & ipset -F $IPSET_SHUNTLIST >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST >/dev/null 2>&1 & ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 & - #ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 & - ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 & ipset -F $IPSET_BLACKLIST2 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2 >/dev/null 2>&1 & ipset -F $IPSET_BLACKLIST3 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3 >/dev/null 2>&1 & ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 & + + ipset -F $IPSET_LANIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_VPSIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_SHUNTLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 & + ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 & + ipset -F $IPSET_BLACKLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST_6 >/dev/null 2>&1 & + ipset -F $IPSET_BLACKLIST2_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2_6 >/dev/null 2>&1 & + ipset -F $IPSET_BLACKLIST3_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3_6 >/dev/null 2>&1 & + ipset -F $IPSET_WHITELIST_6 >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST_6 >/dev/null 2>&1 & } flush_include() { diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh index 81e9e429d0..991dc28752 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh @@ -1,7 +1,9 @@ #!/bin/sh CONFIG=passwall -RUN_BIN_PATH=/var/etc/${CONFIG}/bin +TMP_PATH=/var/etc/$CONFIG +TMP_BIN_PATH=$TMP_PATH/bin +TMP_ID_PATH=$TMP_PATH/id config_n_get() { local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null) @@ -23,59 +25,71 @@ ENABLED=$(config_t_get global enabled 0) [ "$ENABLED" != 1 ] && return 1 ENABLED=$(config_t_get global_delay start_daemon 0) [ "$ENABLED" != 1 ] && return 1 -sleep 1m +sleep 58s while [ "$ENABLED" -eq 1 ] do - #tcp - TCP_NODE=$(config_t_get global tcp_node nil) - if [ "$TCP_NODE" != "nil" ]; then - #kcptun - use_kcp=$(config_n_get $TCP_NODE use_kcp 0) - if [ $use_kcp -gt 0 ]; then - icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH/kcptun" | grep -i "tcp" | wc -l) + #TCP + [ -f "$TMP_ID_PATH/TCP" ] && { + TCP_NODE=$(cat $TMP_ID_PATH/TCP) + if [ "$TCP_NODE" != "nil" ]; then + #kcptun + use_kcp=$(config_n_get $TCP_NODE use_kcp 0) + if [ $use_kcp -gt 0 ]; then + icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH/kcptun" | grep -i "tcp" | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi + fi + icount=$(top -bn1 | grep -v -E 'grep|kcptun' | grep "$TMP_BIN_PATH" | grep -i "TCP" | wc -l) if [ $icount = 0 ]; then - /etc/init.d/passwall restart + /etc/init.d/$CONFIG restart exit 0 fi fi - icount=$(top -bn1 | grep -v -E 'grep|kcptun' | grep "$RUN_BIN_PATH" | grep -i "TCP" | wc -l) - if [ $icount = 0 ]; then - /etc/init.d/passwall restart - exit 0 - fi - fi + } #udp - UDP_NODE=$(config_t_get global udp_node nil) - if [ "$UDP_NODE" != "nil" ]; then - [ "$UDP_NODE" == "tcp" ] && continue - [ "$UDP_NODE" == "tcp_" ] && UDP_NODE=$TCP_NODE1 - icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH" | grep -i "UDP" | wc -l) - if [ $icount = 0 ]; then - /etc/init.d/passwall restart - exit 0 + [ -f "$TMP_ID_PATH/UDP" ] && { + UDP_NODE=$(cat $TMP_ID_PATH/UDP) + if [ "$UDP_NODE" != "nil" ]; then + [ "$UDP_NODE" == "tcp" ] && continue + [ "$UDP_NODE" == "tcp_" ] && UDP_NODE=$TCP_NODE + icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH" | grep -i "UDP" | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi fi - fi + } #dns dns_mode=$(config_t_get global dns_mode) if [ "$dns_mode" != "nonuse" ] && [ "$dns_mode" != "custom" ]; then icount=$(netstat -apn | grep 7913 | wc -l) if [ $icount = 0 ]; then - /etc/init.d/passwall restart - exit 0 - fi - fi - - #haproxy - use_haproxy=$(config_t_get global_haproxy balancing_enable 0) - if [ $use_haproxy -gt 0 ]; then - icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH/haproxy" | wc -l) - if [ $icount = 0 ]; then - /etc/init.d/passwall restart + /etc/init.d/$CONFIG restart exit 0 fi fi - sleep 1m + [ -f "$TMP_BIN_PATH/chinadns-ng" ] && { + icount=$(top -bn1 | grep -v grep | grep $TMP_BIN_PATH/chinadns-ng | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi + } + + #haproxy + use_haproxy=$(config_t_get global_haproxy balancing_enable 0) + if [ $use_haproxy -gt 0 ]; then + icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH/haproxy" | wc -l) + if [ $icount = 0 ]; then + /etc/init.d/$CONFIG restart + exit 0 + fi + fi + + sleep 58s done diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip index fd5eb772df..eecd323ecd 100644 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/proxy_ip @@ -11,3 +11,8 @@ 1.0.0.1 9.9.9.9 149.112.112.112 +2001:67c:4e8::/48 +2001:b28:f23c::/48 +2001:b28:f23d::/48 +2001:b28:f23f::/48 +2001:b28:f242::/48 \ No newline at end of file diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua index bc0abbd1c5..24614020ca 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua @@ -70,6 +70,7 @@ do local node_id = t.node CONFIG[#CONFIG + 1] = { log = true, + id = t[".name"], remarks = "Socks节点列表[" .. i .. "]", currentNodeId = node_id, currentNode = node_id and ucic2:get_all(application, node_id) or nil, @@ -106,7 +107,7 @@ do set = function(o) for kk, vv in pairs(CONFIG) do if (vv.remarks == "TCP备用节点的列表") then - log("刷新自动切换的TCP备用节点的列表") + --log("刷新自动切换的TCP备用节点的列表") ucic2:set_list(application, "@auto_switch[0]", "tcp_node", vv.new_nodes) end end @@ -133,7 +134,7 @@ do local default_node_id = node.default_node CONFIG[#CONFIG + 1] = { - log = false, + log = true, currentNodeId = default_node_id, currentNode = default_node_id and ucic2:get_all(application, default_node_id) or nil, remarks = "分流默认节点", @@ -145,7 +146,7 @@ do local main_node_id = node.main_node CONFIG[#CONFIG + 1] = { - log = false, + log = true, currentNodeId = main_node_id, currentNode = main_node_id and ucic2:get_all(application, main_node_id) or nil, remarks = "分流默认前置代理节点", @@ -182,7 +183,7 @@ do set = function(o) for kk, vv in pairs(CONFIG) do if (vv.remarks == "负载均衡节点列表" .. node_id) then - log("刷新负载均衡节点列表") + --log("刷新负载均衡节点列表") ucic2:foreach(application, uciType, function(node2) if node2[".name"] == node[".name"] then local index = node2[".index"] @@ -586,31 +587,24 @@ local function curl(url) end local function truncate_nodes() - local function clear(type) - local node_num = ucic2:get(application, "@global_other[0]", type .. "_node_num") or 1 - for i = 1, node_num, 1 do - local node = ucic2:get(application, "@global[0]", type .. "_node" .. i) - if node then - local is_sub_node = ucic2:get(application, node, "is_sub") or 0 - if is_sub_node == "1" then - ucic2:set(application, '@global[0]', type .. "_node" .. i, "nil") + for _, config in pairs(CONFIG) do + if config.nodes and type(config.nodes) == "table" then + for kk, vv in pairs(config.nodes) do + if vv.currentNode.is_sub and vv.currentNode.is_sub == "1" then + else + vv.set(vv, vv.currentNodeId) + end + end + config.set(config) + else + if config.currentNode.is_sub and config.currentNode.is_sub == "1" then + config.set(config, "nil") + if config.id then + ucic2:delete(application, config.id) end end end end - clear("tcp") - clear("udp") - - ucic2:foreach(application, "socks", function(t) - local node = t.node - if node then - local is_sub_node = ucic2:get(application, node, "is_sub") or 0 - if is_sub_node == "1" then - ucic2:set(application, t[".name"], "node", "nil") - end - end - end) - ucic2:foreach(application, uciType, function(node) if (node.is_sub or node.hashkey) and node.add_mode ~= '导入' then ucic2:delete(application, node['.name']) @@ -624,84 +618,96 @@ end local function select_node(nodes, config) local server if config.currentNode then - for id, node in pairs(nodes) do - -- 特别优先级 分流 + 备注 - if config.currentNode.protocol and config.currentNode.protocol == '_shunt' then + -- 特别优先级 分流 + 备注 + if config.currentNode.protocol and config.currentNode.protocol == '_shunt' then + for index, node in pairs(nodes) do if node.remarks == config.currentNode.remarks then log('更新【' .. config.remarks .. '】分流匹配节点:' .. node.remarks) - server = id + server = node[".name"] break end end - -- 特别优先级 负载均衡 + 备注 - if config.currentNode.protocol and config.currentNode.protocol == '_balancing' then + end + -- 特别优先级 负载均衡 + 备注 + if config.currentNode.protocol and config.currentNode.protocol == '_balancing' then + for index, node in pairs(nodes) do if node.remarks == config.currentNode.remarks then log('更新【' .. config.remarks .. '】负载均衡匹配节点:' .. node.remarks) - server = id + server = node[".name"] break end end - -- 第一优先级 cfgid - if not server then - if id == config.currentNode['.name'] then + end + -- 第一优先级 cfgid + if not server then + for index, node in pairs(nodes) do + if node[".name"] == config.currentNode['.name'] then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第一匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end - -- 第二优先级 类型 + IP + 端口 - if not server then + end + -- 第二优先级 类型 + IP + 端口 + if not server then + for index, node in pairs(nodes) do if config.currentNode.type and config.currentNode.address and config.currentNode.port then if node.type and node.address and node.port then if node.type == config.currentNode.type and (node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port) then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第二匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end end end - -- 第三优先级 IP + 端口 - if not server then + end + -- 第三优先级 IP + 端口 + if not server then + for index, node in pairs(nodes) do if config.currentNode.address and config.currentNode.port then if node.address and node.port then if node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第三匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end end end - -- 第四优先级 IP - if not server then + end + -- 第四优先级 IP + if not server then + for index, node in pairs(nodes) do if config.currentNode.address then if node.address then if node.address == config.currentNode.address then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第四匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end end end - -- 第五优先级备注 - if not server then + end + -- 第五优先级备注 + if not server then + for index, node in pairs(nodes) do if config.currentNode.remarks then if node.remarks then if node.remarks == config.currentNode.remarks then if config.log == nil or config.log == true then log('更新【' .. config.remarks .. '】第五匹配节点:' .. node.remarks) end - server = id + server = node[".name"] break end end @@ -752,7 +758,7 @@ local function update_node(manual) local nodes = {} local ucic3 = luci.model.uci.cursor() ucic3:foreach(application, uciType, function(node) - nodes[node['.name']] = node + nodes[#nodes + 1] = node end) for _, config in pairs(CONFIG) do diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh index a16395d16e..51f5f730fa 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh @@ -88,12 +88,13 @@ test_auto_switch() { } else local tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp) - /usr/share/${CONFIG}/app.sh run_socks "auto_switch" "$main_node" "127.0.0.1" "$tmp_port" "/var/etc/${CONFIG}/auto_switch.json" + /usr/share/${CONFIG}/app.sh run_socks "auto_switch" "$main_node" "127.0.0.1" "$tmp_port" "/var/etc/${CONFIG}/test.json" local curlx="socks5h://127.0.0.1:$tmp_port" fi - sleep 10s + sleep 9s proxy_status=$(test_url "https://www.google.com/generate_204" 3 3 "-x $curlx") - top -bn1 | grep -v "grep" | grep "/var/etc/${CONFIG}/auto_switch.json" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + top -bn1 | grep -v "grep" | grep "/var/etc/${CONFIG}/test.json" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 + rm -rf "/var/etc/${CONFIG}/test.json" if [ "$proxy_status" -eq 200 ]; then #主节点正常,切换到主节点 echolog "自动切换检测:${TYPE}主节点正常,切换到主节点!" @@ -125,7 +126,7 @@ test_auto_switch() { fi fi /usr/share/${CONFIG}/app.sh node_switch ${TYPE} ${new_node} - sleep 10s + sleep 9s # 切换节点后等待10秒后再检测一次,如果还是不通继续切,直到可用为止 status2=$(test_proxy) if [ "$status2" -eq 0 ]; then @@ -141,11 +142,12 @@ test_auto_switch() { start() { ENABLED=$(config_t_get global enabled 0) - [ "$ENABLED" != 1 ] && _return 1 + [ "$ENABLED" != 1 ] && return 1 ENABLED=$(config_t_get auto_switch enable 0) - [ "$ENABLED" != 1 ] && _return 1 + [ "$ENABLED" != 1 ] && return 1 delay=$(config_t_get auto_switch testing_time 1) - sleep ${delay}m + #sleep ${delay}m + sleep 9s while [ "$ENABLED" -eq 1 ] do TCP_NODE=$(config_t_get auto_switch tcp_node nil) diff --git a/package/network/config/ltq-adsl-app/Makefile b/package/network/config/ltq-adsl-app/Makefile index 2d3e4314eb..2e4792266c 100644 --- a/package/network/config/ltq-adsl-app/Makefile +++ b/package/network/config/ltq-adsl-app/Makefile @@ -13,7 +13,7 @@ PKG_VERSION:=3.24.4.4 PKG_RELEASE:=10 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_BUILD_DIR:=$(BUILD_DIR)/dsl_cpe_control-$(PKG_VERSION) -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources/ +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=af0bdf45cc7a62e2b38d39aad4924dd83c24fae170ae5bbd8190c2a3d9106257 PKG_MAINTAINER:=John Crispin PKG_LICENSE:=BSD-3-Clause diff --git a/package/network/config/ltq-vdsl-app/Makefile b/package/network/config/ltq-vdsl-app/Makefile index bf9287bc79..0968811984 100644 --- a/package/network/config/ltq-vdsl-app/Makefile +++ b/package/network/config/ltq-vdsl-app/Makefile @@ -12,7 +12,7 @@ PKG_VERSION:=4.17.18.6 PKG_RELEASE:=6 PKG_BASE_NAME:=dsl_cpe_control PKG_SOURCE:=$(PKG_BASE_NAME)_vrx-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=da8bb929526a61aea0e153ef524331fcd472a1ebbc6d88ca017735a4f82ece02 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BASE_NAME)-$(PKG_VERSION) PKG_LICENSE:=BSD-2-Clause diff --git a/scripts/download.pl b/scripts/download.pl index 6296174212..e67cc571ea 100755 --- a/scripts/download.pl +++ b/scripts/download.pl @@ -194,6 +194,8 @@ foreach my $mirror (@ARGV) { for (1 .. 5) { push @mirrors, "https://downloads.sourceforge.net/$1"; } + } elsif ($mirror =~ /^\@OPENWRT$/) { + # use OpenWrt source server directly } elsif ($mirror =~ /^\@APACHE\/(.+)$/) { push @mirrors, "https://mirrors.cloud.tencent.com/apache/$1"; push @mirrors, "https://mirrors.aliyun.com/apache/$1"; diff --git a/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts b/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts index db86a79dce..861af2831a 100644 --- a/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts +++ b/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-r619ac.dts @@ -6,7 +6,6 @@ #include / { - model = "P&W R619AC"; compatible = "p2w,r619ac"; @@ -222,7 +221,7 @@ status = "okay"; pinctrl-0 = <&pcie_pins>; pinctrl-names = "default"; - perst-gpio = <&tlmm 4 GPIO_ACTIVE_LOW>; + perst-gpio = <&tlmm 4 GPIO_ACTIVE_HIGH>; wake-gpio = <&tlmm 40 GPIO_ACTIVE_HIGH>; /* Free slot for use */ diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk index aaeb253353..9a2878ea05 100644 --- a/toolchain/glibc/common.mk +++ b/toolchain/glibc/common.mk @@ -7,13 +7,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=glibc -PKG_VERSION:=2.32 +PKG_VERSION:=2.33 PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) -PKG_SOURCE_VERSION:=760e1d287825fa91d4d5a0cc921340c740d803e2 -PKG_MIRROR_HASH:=3ea50e679a241faec8d0e90c9db84a19a42e03dd08328aee406a9ec56393104d +PKG_SOURCE_VERSION:=17f0ff097887008b2d3dca270c8ffbb4b43a8749 +PKG_MIRROR_HASH:=c208569b844f22a6fb446fb02b392c5f280d7a29263a4d5401c47157fc7ac169 PKG_SOURCE_URL:=https://sourceware.org/git/glibc.git PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz diff --git a/tools/lzma-old/Makefile b/tools/lzma-old/Makefile index 4ccd336ed0..21e7428c07 100644 --- a/tools/lzma-old/Makefile +++ b/tools/lzma-old/Makefile @@ -10,7 +10,7 @@ PKG_NAME:=lzma-old PKG_VERSION:=4.32 PKG_SOURCE:=lzma-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=49053e4bb5e0646a841d250d9cb81f7714f5fff04a133216c4748163567acc3d HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/lzma-$(PKG_VERSION) diff --git a/tools/lzma/Makefile b/tools/lzma/Makefile index 04c427a3a9..b87289e385 100644 --- a/tools/lzma/Makefile +++ b/tools/lzma/Makefile @@ -10,7 +10,7 @@ PKG_NAME:=lzma PKG_VERSION:=4.65 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=https://downloads.openwrt.org/sources +PKG_SOURCE_URL:=@OPENWRT PKG_HASH:=dcbdb5f4843eff638e4a5e8be0e2486a3c5483df73c70823618db8e66f609ec2 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION)