luci-app-ssr-plus: add LAN ac control

2025-04-16 14:23:38 +00:00 · 2020-02-18 21:56:34 +08:00 · 2020-02-18 21:56:34 +08:00 · dcc9bb5879
commit dcc9bb5879
parent 8269399df9
5 changed files with 36 additions and 9 deletions
--- a/package/lean/luci-app-ssr-plus/Makefile
+++ b/package/lean/luci-app-ssr-plus/Makefile
@ -1,9 +1,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-ssr-plus
-PKG_RELEASE:=143
-PKG_VERSION:=1
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+PKG_VERSION:=145
+PKG_RELEASE:=1
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)

 include $(INCLUDE_DIR)/package.mk

--- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
+++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua
@ -18,7 +18,23 @@ o.datatype = "ip4addr"
 -- Part of LAN
 s:tab("lan_ac", translate("LAN IP AC"))

-o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Bypassed Host List"))
+o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control"))
+o:value("0", translate("Disable"))
+o:value("w", translate("Allow listed only"))
+o:value("b", translate("Allow all except listed"))
+o.rmempty = false
+
+o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List"))
+o.datatype = "ipaddr"
+luci.ip.neighbors({ family = 4 }, function(entry)
+		if entry.reachable then
+			o:value(entry.dest:string())
+		end
+end)
+o:depends("lan_ac_mode", "w")
+o:depends("lan_ac_mode", "b")
+
+o = s:taboption("lan_ac", DynamicList, "lan_bp_ips", translate("LAN Bypassed Host List"))
 o.datatype = "ipaddr"
 luci.ip.neighbors({ family = 4 }, function(entry)
 		if entry.reachable then
--- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
+++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po
@ -104,13 +104,13 @@ msgid "Interfaces - LAN"
 msgstr "接口 - LAN"

 msgid "LAN Access Control"
-msgstr "内网访问控制"
+msgstr "内网客户端分流代理控制"

 msgid "Allow listed only"
-msgstr "仅允许列表内"
+msgstr "仅允许列表内主机"

 msgid "Allow all except listed"
-msgstr "仅允许列表外"
+msgstr "除列表外主机皆允许"

 msgid "LAN Host List"
 msgstr "内网主机列表"
--- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -162,7 +162,7 @@ start_rules() {
 	fi
 	local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port)
 	local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips)
-	local lan_ac_mode="b"
+	local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode)
 	local router_proxy=$(uci_get_by_type access_control router_proxy)
 	if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a "$kcp_flag" == "0" ]; then
 		ARG_UDP="-u"
@ -176,6 +176,7 @@ start_rules() {
 		w | W | b | B) local ac_ips="$lan_ac_mode$lan_ac_ips" ;;
 		esac
 	fi
+
 	#deal gfw firewall rule
 	local gfwmode=""
 	if [ "$run_mode" == "gfw" ]; then
@ -202,6 +203,7 @@ start_rules() {
 	-i "$(uci_get_by_type access_control wan_bp_list)" \
 	-b "$(uci_get_by_type access_control wan_bp_ips)" \
 	-w "$(uci_get_by_type access_control wan_fw_ips)" \
+	-B "$(uci_get_by_type access_control lan_bp_ips)" \
 	-p "$(uci_get_by_type access_control lan_fp_ips)" \
 	-G "$(uci_get_by_type access_control lan_gm_ips)" \
 	-D "$proxyport" \
--- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules
@ -26,6 +26,7 @@ Valid options are:
                            define access control mode
    -b <wan_ips>            wan ip of will be bypassed
    -w <wan_ips>            wan ip of will be forwarded
+    -B <bp_lan_ips>         lan ip of will be bypassed proxy
    -p <fp_lan_ips>         lan ip of will be global proxy
    -G <gm_lan_ips>         lan ip of will be game mode proxy
    -D <proxy_ports>        proxy ports
@ -65,6 +66,7 @@ flush_r() {
 	ipset -X ss_spec_wan_ac 2>/dev/null
 	ipset -X ssr_gen_router 2>/dev/null
 	ipset -X fplan 2>/dev/null
+	ipset -X bplan 2>/dev/null
 	ipset -X gmlan 2>/dev/null
 	ipset -X oversea 2>/dev/null
 	ipset -X whitelist 2>/dev/null
@ -108,6 +110,9 @@ ipset_r() {
 	ipset -N fplan hash:net 2>/dev/null
 	for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW
+	ipset -N bplan hash:net 2>/dev/null
+	for ip in $LAN_BP_IP; do ipset -! add bplan $ip; done
+	$IPT -I SS_SPEC_WAN_AC -m set --match-set bplan src -j RETURN
 	ipset -N whitelist hash:net 2>/dev/null
 	ipset -N blacklist hash:net 2>/dev/null
 	$IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW
@ -190,6 +195,7 @@ tp_rule() {
 	$ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN
 	$ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN
 	$ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN
+	$ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN
 	$ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \
 	-j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01
 	if [ "$RUNMODE" == "router" ]; then
@ -285,7 +291,7 @@ gen_include() {
 	return 0
 }

-while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do
+while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:oOuUfgrczh" arg; do
 	case "$arg" in
 	s)
 		server=$OPTARG
@ -308,6 +314,9 @@ while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do
 	a)
 		LAN_AC_IP=$OPTARG
 		;;
+	B)
+		LAN_BP_IP=$OPTARG
+		;;
 	b)
 		WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done)
 		;;