From dcc9bb58790cc436771c5cfe0c9323c4c46af3ce Mon Sep 17 00:00:00 2001 From: coolsnowwolf Date: Tue, 18 Feb 2020 21:56:34 +0800 Subject: [PATCH] luci-app-ssr-plus: add LAN ac control --- package/lean/luci-app-ssr-plus/Makefile | 6 +++--- .../luasrc/model/cbi/shadowsocksr/control.lua | 18 +++++++++++++++++- .../luci-app-ssr-plus/po/zh-cn/ssr-plus.po | 6 +++--- .../root/etc/init.d/shadowsocksr | 4 +++- .../luci-app-ssr-plus/root/usr/bin/ssr-rules | 11 ++++++++++- 5 files changed, 36 insertions(+), 9 deletions(-) diff --git a/package/lean/luci-app-ssr-plus/Makefile b/package/lean/luci-app-ssr-plus/Makefile index aff1d7bfc..acf480daf 100644 --- a/package/lean/luci-app-ssr-plus/Makefile +++ b/package/lean/luci-app-ssr-plus/Makefile @@ -1,9 +1,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ssr-plus -PKG_RELEASE:=143 -PKG_VERSION:=1 -PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) +PKG_VERSION:=145 +PKG_RELEASE:=1 +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME) include $(INCLUDE_DIR)/package.mk diff --git a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua index 5a89013d3..91cf55d75 100644 --- a/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua +++ b/package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua @@ -18,7 +18,23 @@ o.datatype = "ip4addr" -- Part of LAN s:tab("lan_ac", translate("LAN IP AC")) -o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Bypassed Host List")) +o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control")) +o:value("0", translate("Disable")) +o:value("w", translate("Allow listed only")) +o:value("b", translate("Allow all except listed")) +o.rmempty = false + +o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List")) +o.datatype = "ipaddr" +luci.ip.neighbors({ family = 4 }, function(entry) + if entry.reachable then + o:value(entry.dest:string()) + end +end) +o:depends("lan_ac_mode", "w") +o:depends("lan_ac_mode", "b") + +o = s:taboption("lan_ac", DynamicList, "lan_bp_ips", translate("LAN Bypassed Host List")) o.datatype = "ipaddr" luci.ip.neighbors({ family = 4 }, function(entry) if entry.reachable then diff --git a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po index bc9c47d8c..d211cbbc1 100644 --- a/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po +++ b/package/lean/luci-app-ssr-plus/po/zh-cn/ssr-plus.po @@ -104,13 +104,13 @@ msgid "Interfaces - LAN" msgstr "接口 - LAN" msgid "LAN Access Control" -msgstr "内网访问控制" +msgstr "内网客户端分流代理控制" msgid "Allow listed only" -msgstr "仅允许列表内" +msgstr "仅允许列表内主机" msgid "Allow all except listed" -msgstr "仅允许列表外" +msgstr "除列表外主机皆允许" msgid "LAN Host List" msgstr "内网主机列表" diff --git a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index bf03a2ba3..8cc13d9e3 100755 --- a/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -162,7 +162,7 @@ start_rules() { fi local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port) local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips) - local lan_ac_mode="b" + local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode) local router_proxy=$(uci_get_by_type access_control router_proxy) if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a "$kcp_flag" == "0" ]; then ARG_UDP="-u" @@ -176,6 +176,7 @@ start_rules() { w | W | b | B) local ac_ips="$lan_ac_mode$lan_ac_ips" ;; esac fi + #deal gfw firewall rule local gfwmode="" if [ "$run_mode" == "gfw" ]; then @@ -202,6 +203,7 @@ start_rules() { -i "$(uci_get_by_type access_control wan_bp_list)" \ -b "$(uci_get_by_type access_control wan_bp_ips)" \ -w "$(uci_get_by_type access_control wan_fw_ips)" \ + -B "$(uci_get_by_type access_control lan_bp_ips)" \ -p "$(uci_get_by_type access_control lan_fp_ips)" \ -G "$(uci_get_by_type access_control lan_gm_ips)" \ -D "$proxyport" \ diff --git a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules index 527747011..ba03efaf3 100755 --- a/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/package/lean/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -26,6 +26,7 @@ Valid options are: define access control mode -b wan ip of will be bypassed -w wan ip of will be forwarded + -B lan ip of will be bypassed proxy -p lan ip of will be global proxy -G lan ip of will be game mode proxy -D proxy ports @@ -65,6 +66,7 @@ flush_r() { ipset -X ss_spec_wan_ac 2>/dev/null ipset -X ssr_gen_router 2>/dev/null ipset -X fplan 2>/dev/null + ipset -X bplan 2>/dev/null ipset -X gmlan 2>/dev/null ipset -X oversea 2>/dev/null ipset -X whitelist 2>/dev/null @@ -108,6 +110,9 @@ ipset_r() { ipset -N fplan hash:net 2>/dev/null for ip in $LAN_FP_IP; do ipset -! add fplan $ip; done $IPT -I SS_SPEC_WAN_AC -m set --match-set fplan src -j SS_SPEC_WAN_FW + ipset -N bplan hash:net 2>/dev/null + for ip in $LAN_BP_IP; do ipset -! add bplan $ip; done + $IPT -I SS_SPEC_WAN_AC -m set --match-set bplan src -j RETURN ipset -N whitelist hash:net 2>/dev/null ipset -N blacklist hash:net 2>/dev/null $IPT -I SS_SPEC_WAN_AC -m set --match-set blacklist dst -j SS_SPEC_WAN_FW @@ -190,6 +195,7 @@ tp_rule() { $ipt -A SS_SPEC_TPROXY -p udp -d 224.0.0.0/4 -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -d 240.0.0.0/4 -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -d $SERVER -j RETURN + $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set bplan src -j RETURN $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set fplan src \ -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 if [ "$RUNMODE" == "router" ]; then @@ -285,7 +291,7 @@ gen_include() { return 0 } -while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do +while getopts ":s:l:S:L:i:e:a:B:b:w:p:G:D:oOuUfgrczh" arg; do case "$arg" in s) server=$OPTARG @@ -308,6 +314,9 @@ while getopts ":s:l:S:L:i:e:a:b:w:p:G:D:oOuUfgrczh" arg; do a) LAN_AC_IP=$OPTARG ;; + B) + LAN_BP_IP=$OPTARG + ;; b) WAN_BP_IP=$(for ip in $OPTARG; do echo $ip; done) ;;