首頁 探索 說明
註冊 登入
OpenWrt
/
helloworld
镜像来自 https://github.com/fw876/helloworld.git
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Fix processing dnsmasq and iptables bug

Mattraks 5 年之前
父節點
c2f2076c00
當前提交
3516001d5b
共有 7 個文件被更改,包括 56 次插入64 次删除
分割檢視 顯示文件統計
  1. 2 2
      luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua
  2. 1 1
      luci-app-ssr-plus/root/etc/init.d/shadowsocksr
  3. 33 50
      luci-app-ssr-plus/root/usr/bin/ssr-rules
  4. 6 8
      luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh
  5. 12 1
      luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh
  6. 1 1
      luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh
  7. 1 1
      luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua

+ 2 - 2
luci-app-ssr-plus/luasrc/controller/shadowsocksr.lua
查看文件 

@@ -99,7 +99,7 @@ function refresh_data()
 
 				if type == "gfw_data" or type == "ad_data" then
 
 					luci.sys.exec("/usr/share/shadowsocksr/gfw2ipset.sh")
 
 				else
 
-					luci.sys.exec("/etc/init.d/shadowsocksr restart &")
 
+					luci.sys.exec("/usr/share/shadowsocksr/chinaipset.sh /tmp/etc/china_ssr.txt")
 
 				end
 
 			end
 
 		else
 
@@ -111,7 +111,7 @@ function refresh_data()
 
 		update(uci:get_first("shadowsocksr", "global", "gfwlist_url", "https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt"), "/etc/ssr/gfw_list.conf", set, "/tmp/dnsmasq.ssr/gfw_list.conf")
 
 	end
 
 	if set == "ip_data" then
 
-		update(uci:get_first("shadowsocksr", "global", "chnroute_url","https://ispip.clang.cn/all_cn.txt"), "/etc/ssr/china_ssr.txt", set)
 
+		update(uci:get_first("shadowsocksr", "global", "chnroute_url","https://ispip.clang.cn/all_cn.txt"), "/etc/ssr/china_ssr.txt", set, "/tmp/etc/china_ssr.txt")
 
 	end
 
 	if set == "ad_data" then
 
 		update(uci:get_first("shadowsocksr", "global", "adblock_url","https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt"), "/etc/ssr/ad.conf", set, "/tmp/dnsmasq.ssr/ad.conf")

+ 1 - 1
luci-app-ssr-plus/root/etc/init.d/shadowsocksr
查看文件 

@@ -799,7 +799,7 @@ stop() {
 
 	ps -w | grep -v "grep" | grep "sleep $(uci_get_by_type global switch_time)s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 
 	ps -w | grep -v "grep" | grep "sleep 30s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 
 	killall -q -9 ss-redir ss-local obfs-local ssr-redir ssr-local ssr-server v2ray v2ray-plugin trojan naive microsocks ipt2socks dns2socks redsocks2 pdnsd
 
-	rm -f /var/lock/ssr-chinaipset.lock /var/lock/ssr-monitor.lock
 
+	rm -f /var/lock/ssr-monitor.lock
 
 	if [ -f "/tmp/dnsmasq.d/dnsmasq-ssr.conf" ]; then
 
 		rm -rf /tmp/dnsmasq.d/dnsmasq-ssr.conf /tmp/dnsmasq.ssr /tmp/dnsmasq.oversea
 
 		/etc/init.d/dnsmasq restart >/dev/null 2>&1

+ 33 - 50
luci-app-ssr-plus/root/usr/bin/ssr-rules
查看文件 

@@ -39,8 +39,10 @@ Valid options are:
 
     -U                      enable udprelay mode, using different IP
 
                             and ports for TCP and UDP
 
     -f                      flush the rules
 
-    -g                      gfw list mode
 
-    -r                      return china mode
 
+    -g                      gfwlist mode
 
+    -r                      router mode
 
+    -c                      oversea mode
 
+    -z                      all mode
 
     -h                      show this help message and exit
 
 EOF
 
 exit $1
 
@@ -79,40 +81,36 @@ flush_r() {
 
 }
 
 
 ipset_r() {
 
+	[ -f "$IGNORE_LIST" ] && /usr/share/shadowsocksr/chinaipset.sh $IGNORE_LIST
 
+	$IPT -N SS_SPEC_WAN_AC
 
+	$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
 
 	ipset -N gmlan hash:net 2>/dev/null
 
 	for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done
 
 	case "$RUNMODE" in
 
 	router)
 
 		ipset -! -R <<-EOF || return 1
 
 			create ss_spec_wan_ac hash:net
 
-			$(gen_iplist | sed -e "s/^/add ss_spec_wan_ac /")
 
+			$(gen_spec_iplist | sed -e "s/^/add ss_spec_wan_ac /")
 
 		EOF
 
-		ipset -N gfwlist hash:net 2>/dev/null
 
-		$IPT -N SS_SPEC_WAN_AC
 
-		$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
 
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN
 
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
 
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 
 		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
 
 		;;
 
 	gfw)
 
 		ipset -N gfwlist hash:net 2>/dev/null
 
-		$IPT -N SS_SPEC_WAN_AC
 
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
 
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
 
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 
-		$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
 
 		;;
 
 	oversea)
 
 		ipset -N oversea hash:net 2>/dev/null
 
-		$IPT -N SS_SPEC_WAN_AC
 
-		ipset -N gmlan hash:net 2>/dev/null
 
-		for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done
 
+		$IPT -I SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW
 
+		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW
 
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW
 
-		$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
 
 		;;
 
 	all)
 
-		$IPT -N SS_SPEC_WAN_AC
 
 		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
 
-		$IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN
 
 		;;
 
 	esac
 
 	ipset -N fplan hash:net 2>/dev/null
 
@@ -190,10 +188,12 @@ ac_rule() {
 
 	EOF
 
 	$IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET \
 
 	-m comment --comment "$TAG" -j SS_SPEC_WAN_AC
 
-	if [ "$OUTPUT" = 1 ]; then
 
+	case "$OUTPUT" in
 
+	1)
 
 		$IPT -I OUTPUT 1 -p tcp $EXT_ARGS \
 
 		-m comment --comment "$TAG" -j SS_SPEC_WAN_AC
 
-	elif [ "$OUTPUT" = 2 ]; then
 
+		;;
 
+	2)
 
 		ipset -! -R <<-EOF || return 1
 
 			create ssr_gen_router hash:net
 
 			$(gen_spec_iplist | sed -e "s/^/add ssr_gen_router /")
 
@@ -202,7 +202,8 @@ ac_rule() {
 
 		$IPT -A SS_SPEC_ROUTER -m set --match-set ssr_gen_router dst -j RETURN && \
 
 		$IPT -A SS_SPEC_ROUTER -j SS_SPEC_WAN_FW
 
 		$IPT -I OUTPUT 1 -p tcp -m comment --comment "$TAG" -j SS_SPEC_ROUTER
 
-	fi
 
+		;;
 
+	esac
 
 	return $?
 
 }
 
 
@@ -223,7 +224,8 @@ tp_rule() {
 
 	$ipt -A SS_SPEC_TPROXY -p udp -d 192.168.0.0/16 -j RETURN
 
 	$ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
 
 	$ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
 
-	$ipt -A SS_SPEC_TPROXY -p udp ! --dport 53 -d $server -j RETURN
 
+	$ipt -A SS_SPEC_TPROXY -p udp ! --dport 53 -d $SERVER -j RETURN
 
+	[ "$server" != "$SERVER" ] && ipset -! add whitelist $SERVER
 
 	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN
 
 	$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \
 
 	-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 
@@ -262,29 +264,6 @@ get_wan_ip() {
 
 	EOF
 
 }
 
 
-gen_iplist() {
 
-	cat <<-EOF
 
-		0.0.0.0/8
 
-		10.0.0.0/8
 
-		100.64.0.0/10
 
-		127.0.0.0/8
 
-		169.254.0.0/16
 
-		172.16.0.0/12
 
-		192.0.0.0/24
 
-		192.0.2.0/24
 
-		192.88.99.0/24
 
-		192.168.0.0/16
 
-		198.18.0.0/15
 
-		198.51.100.0/24
 
-		203.0.113.0/24
 
-		224.0.0.0/4
 
-		240.0.0.0/4
 
-		255.255.255.255
 
-		$(get_wan_ip)
 
-		$(cat ${IGNORE_LIST:=/dev/null} 2>/dev/null)
 
-	EOF
 
-}
 
-
 
 gen_spec_iplist() {
 
 	cat <<-EOF
 
 		0.0.0.0/8
 
@@ -414,14 +393,18 @@ if [ -z "$server" -o -z "$local_port" ]; then
 
 	usage 2
 
 fi
 
 
-if [ "$TPROXY" == 1 ]; then
 
-	SERVER=$server
 
-	LOCAL_PORT=$local_port
 
-elif [ "$TPROXY" == 2 ]; then
 
-	: ${SERVER:?"You must assign an ip for the udp relay server."}
 
-	: ${LOCAL_PORT:?"You must assign a port for the udp relay server."}
 
-fi
 
+	case "$TPROXY" in
 
+	1)
 
+		SERVER=$server
 
+		LOCAL_PORT=$local_port
 
+		;;
 
+	2)
 
+		: ${SERVER:?"You must assign an ip for the udp relay server."}
 
+		: ${LOCAL_PORT:?"You must assign a port for the udp relay server."}
 
+	;;
 
+	esac
 
 
 flush_r && fw_rule && ipset_r && ac_rule && tp_rule && gen_include
 
-[ "$?" == 0 ] || loger 3 "Start failed!"
 
-exit $?
 
+RET=$?
 
+[ "$RET" = 0 ] || loger 3 "Start failed!"
 
+exit $RET

+ 6 - 8
luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh
查看文件 

@@ -1,9 +1,7 @@
 
 #!/bin/sh
 
-LOCK_FILE="/var/lock/ssr-chinaipset.lock"
 
-[ -f "$LOCK_FILE" ] && exit 2
 
-touch "$LOCK_FILE"
 
-echo "create china hash:net family inet hashsize 1024 maxelem 65536" >/tmp/china.ipset
 
-awk '!/^$/&&!/^#/{printf("add china %s'" "'\n",$0)}' /etc/ssr/china_ssr.txt >>/tmp/china.ipset
 
-ipset -! flush china
 
-ipset -! restore </tmp/china.ipset 2>/dev/null
 
-rm -f /tmp/china.ipset $LOCK_FILE
 
+[ -f "$1" ] && china_ip=$1
 
+ipset -! flush china 2>/dev/null
 
+ipset -! -R <<-EOF || exit 1
 
+	create china hash:net
 
+	$(cat ${china_ip:=/etc/ssr/china_ssr.txt} | sed -e "s/^/add china /")
 
+EOF

+ 12 - 1
luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh
查看文件 

@@ -10,6 +10,15 @@ if [ -z "$switch_server" ]; then
 
 else
 
 	GLOBAL_SERVER=$switch_server
 
 fi
 
+
 
+mkdir -p /tmp/dnsmasq.ssr
 
+if [ "$(uci_get_by_type global run_mode router)" == "oversea" ]; then
 
+	cp -rf /etc/ssr/oversea_list.conf /tmp/dnsmasq.ssr/
 
+else
 
+	cp -rf /etc/ssr/gfw_list.conf /tmp/dnsmasq.ssr/
 
+	cp -rf /etc/ssr/gfw_base.conf /tmp/dnsmasq.ssr/
 
+fi
 
+
 
 NETFLIX_SERVER=$(uci_get_by_type global netflix_server nil)
 
 [ "$NETFLIX_SERVER" == "same" ] && NETFLIX_SERVER=$GLOBAL_SERVER
 
 if [ "$NETFLIX_SERVER" != "nil" ]; then
 
@@ -40,11 +49,13 @@ awk '!/^$/&&!/^#/{printf("server=/%s/'"127.0.0.1#5335"'\n",$0)}' /etc/ssr/black.
 
 awk '!/^$/&&!/^#/{printf("ipset=/%s/'"whitelist"'\n",$0)}' /etc/ssr/white.list >/tmp/dnsmasq.ssr/whitelist_forward.conf
 
 awk '!/^$/&&!/^#/{printf("address=/%s/''\n",$0)}' /etc/ssr/deny.list >/tmp/dnsmasq.ssr/denylist.conf
 
 if [ "$(uci_get_by_type global adblock 0)" == "1" ]; then
 
-	[ "$1" == "" ] && cp -f /etc/ssr/ad.conf /tmp/dnsmasq.ssr/
 
+	[ -z "$switch_server" ] && cp -f /etc/ssr/ad.conf /tmp/dnsmasq.ssr/
 
 	if [ -f "/tmp/dnsmasq.ssr/ad.conf" ]; then
 
 		for line in $(cat /etc/ssr/black.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/ad.conf; done
 
 		for line in $(cat /etc/ssr/white.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/ad.conf; done
 
 		for line in $(cat /etc/ssr/deny.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/ad.conf; done
 
 		for line in $(cat /etc/ssr/netflix.list); do sed -i "/$line/d" /tmp/dnsmasq.ssr/ad.conf; done
 
 	fi
 
+else
 
+	rm -f /tmp/dnsmasq.ssr/ad.conf
 
 fi

+ 1 - 1
luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh
查看文件 

@@ -1,6 +1,6 @@
 
 #!/bin/sh
 
 /usr/bin/lua /usr/share/shadowsocksr/update.lua
 
 sleep 2s
 
-/usr/share/shadowsocksr/chinaipset.sh
 
+/usr/share/shadowsocksr/chinaipset.sh /tmp/etc/china_ssr.txt
 
 sleep 2s
 
 /usr/bin/lua /usr/share/shadowsocksr/subscribe.lua

+ 1 - 1
luci-app-ssr-plus/root/usr/share/shadowsocksr/update.lua
查看文件 

@@ -42,7 +42,7 @@ end
 
 log("正在更新【GFW列表】数据库")
 
 update(uci:get_first("shadowsocksr", "global", "gfwlist_url", "https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt"), "/etc/ssr/gfw_list.conf", "gfw_data", "/tmp/dnsmasq.ssr/gfw_list.conf")
 
 log("正在更新【国内IP段】数据库")
 
-update(uci:get_first("shadowsocksr", "global", "chnroute_url","https://ispip.clang.cn/all_cn.txt"), "/etc/ssr/china_ssr.txt", "cnip")
 
+update(uci:get_first("shadowsocksr", "global", "chnroute_url","https://ispip.clang.cn/all_cn.txt"), "/etc/ssr/china_ssr.txt", "cnip", "/tmp/etc/china_ssr.txt")
 
 if uci:get_first("shadowsocksr", "global", "adblock","0") == "1" then
 
 	log("正在更新【广告屏蔽】数据库")
 
 	update(uci:get_first("shadowsocksr", "global", "adblock_url","https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt"), "/etc/ssr/ad.conf", "ad_data", "/tmp/dnsmasq.ssr/ad.conf")