v1.6.1

LuCI 1. move dashboard button to status section 2. sniff port should support port range Service 1. add redirect exclusion from firewall rule 2. simplify nftables script
morytyann · Aug 15, 2024 · 006abf8 · 006abf8
1 parent 4454cb7
commit 006abf8
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 58 deletions.
diff --git a/luci-app-mihomo/Makefile b/luci-app-mihomo/Makefile
@@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.6.0
+PKG_VERSION:=1.6.1
 
 LUCI_TITLE:=LuCI Support for mihomo
 LUCI_DEPENDS:=+luci-base +mihomo

diff --git a/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/config.js b/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/config.js
@@ -89,15 +89,19 @@ return view.extend({
 
         s = m.section(form.NamedSection, 'status', 'status', _('Status'));
 
-        o = s.option(form.DummyValue, '_app_version', _('App Version'));
-        o.cfgvalue = function (section_id) {
-            return E('input', { 'style': 'border: unset;', 'readonly': 'readonly', 'value': appVersion.trim() });
+        o = s.option(form.Value, '_app_version', _('App Version'));
+        o.readonly = true;
+        o.load = function (section_id) {
+            return appVersion.trim();
         };
+        o.write = function () {};
 
-        o = s.option(form.DummyValue, '_core_version', _('Core Version'));
-        o.cfgvalue = function (section_id) {
-            return E('input', { 'style': 'border: unset;', 'readonly': 'readonly', 'value': coreVersion.trim() });
+        o = s.option(form.Value, '_core_version', _('Core Version'));
+        o.readonly = true;
+        o.load = function (section_id) {
+            return coreVersion.trim();
         };
+        o.write = function () {};
 
         o = s.option(form.DummyValue, '_core_status', _('Core Status'));
         o.cfgvalue = function (section_id) {
@@ -123,6 +127,27 @@ return view.extend({
             return mihomo.restart();
         };
 
+        o = s.option(form.Button, 'razord', '-');
+        o.inputtitle = _('Open Razord');
+        o.onclick = function () {
+            mihomo.openDashboard(this.option);
+        };
+        o.depends('mihomo.mixin.ui_razord', '1');
+
+        o = s.option(form.Button, 'yacd', '-');
+        o.inputtitle = _('Open YACD');
+        o.onclick = function () {
+            mihomo.openDashboard(this.option);
+        };
+        o.depends('mihomo.mixin.ui_yacd', '1');
+
+        o = s.option(form.Button, 'metacubexd', '-');
+        o.inputtitle = _('Open MetaCubeXD');
+        o.onclick = function () {
+            mihomo.openDashboard(this.option);
+        };
+        o.depends('mihomo.mixin.ui_metacubexd', '1');
+
         s = m.section(form.NamedSection, 'config', 'config', _('Basic Config'));
 
         o = s.option(form.Flag, 'enabled', _('Enable'));
@@ -374,33 +399,12 @@ return view.extend({
         o = s.taboption('external_control', form.Flag, 'ui_razord', _('Use Razord'));
         o.rmempty = false;
 
-        o = s.taboption('external_control', form.Button, 'razord', '-');
-        o.inputtitle = _('Open Razord');
-        o.onclick = function () {
-            mihomo.openDashboard(this.option);
-        };
-        o.depends('ui_razord', '1');
-
         o = s.taboption('external_control', form.Flag, 'ui_yacd', _('Use YACD'));
         o.rmempty = false;
 
-        o = s.taboption('external_control', form.Button, 'yacd', '-');
-        o.inputtitle = _('Open YACD');
-        o.onclick = function () {
-            mihomo.openDashboard(this.option);
-        };
-        o.depends('ui_yacd', '1');
-
         o = s.taboption('external_control', form.Flag, 'ui_metacubexd', _('Use MetaCubeXD'));
         o.rmempty = false;
 
-        o = s.taboption('external_control', form.Button, 'metacubexd', '-');
-        o.inputtitle = _('Open MetaCubeXD');
-        o.onclick = function () {
-            mihomo.openDashboard(this.option);
-        };
-        o.depends('ui_metacubexd', '1');
-
         o = s.taboption('external_control', form.Value, 'api_port', _('API Port'));
         o.datatype = 'port';
         o.placeholder = '9090';
@@ -627,7 +631,7 @@ return view.extend({
         so.readonly = true;
 
         so = o.subsection.option(form.DynamicList, 'port', _('Port'));
-        so.datatype = 'port';
+        so.datatype = 'portrange';
 
         so = o.subsection.option(form.Flag, 'overwrite_dest', _('Overwrite Destination'));
         so.rmempty = false;

diff --git a/mihomo/Makefile b/mihomo/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mihomo
 PKG_VERSION:=1.18.7
-PKG_RELEASE:=156
+PKG_RELEASE:=157
 PKG_BUILD_TIME=$(shell date -u -Iseconds)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz

diff --git a/mihomo/files/mihomo.init b/mihomo/files/mihomo.init
@@ -632,9 +632,10 @@ add_firewall_rule_exclusion() {
 	config_get proto "$section" "proto"
 	config_get src "$section" "src"
 	config_get dest "$section" "dest"
+	config_get dest_ip "$section" "dest_ip"
 	config_get dest_port "$section" "dest_port"
 
-	if [[ "$enabled" == 0 || -z "$src" || -n "$dest" || -z "$dest_port" ]]; then
+	if [[ "$enabled" == 0 || -z "$src" || -z "$dest_port" ]]; then
 		return
 	fi
 
@@ -647,38 +648,44 @@ add_firewall_rule_exclusion() {
 	else [ -z "$family" ]
 		ipv4=1
 		ipv6=1
+		family="ipv4 ipv6"
 	fi
 
-	local tcp=0
-	local udp=0
 	if [[ -z "$proto" || "$proto" == "all" ]]; then
-		tcp=1
-		udp=1
-	else
-		for p in $proto; do
-			[ "$p" == "tcp" ] && tcp=1
-			[ "$p" == "udp" ] && udp=1
-		done
+		proto="tcp udp"
 	fi
 
-	for port in $dest_port; do
+	if [ -z "$dest" ]; then
+		local f p s
+		for f in $family; do
+			for p in $proto; do
+				for s in $dest_port; do
+					nft add element inet $FW_TABLE router_exclusion \{ "$f" . "$p" . "$s" \}
+				done
+			done
+		done
+	else
+		# TODO: Check IP Version
+		local p i s
 		if [ "$ipv4" == 1 ]; then
-			if [ "$tcp" == 1 ]; then
-				nft add element inet $FW_TABLE router_exclusion \{ ipv4 . tcp . "$port" \}
-			fi
-			if [ "$udp" == 1 ]; then
-				nft add element inet $FW_TABLE router_exclusion \{ ipv4 . udp . "$port" \}
-			fi
+			for p in $proto; do
+				for i in $dest_ip; do
+					for s in $dest_port; do
+						nft add element inet $FW_TABLE redirect_exclusion \{ "$p" . "$i" . "$s" \} > /dev/null 2>&1
+					done
+				done
+			done
 		fi
 		if [ "$ipv6" == 1 ]; then
-			if [ "$tcp" == 1 ]; then
-				nft add element inet $FW_TABLE router_exclusion \{ ipv6 . tcp . "$port" \}
-			fi
-			if [ "$udp" == 1 ]; then
-				nft add element inet $FW_TABLE router_exclusion \{ ipv6 . udp . "$port" \}
-			fi
+			for p in $proto; do
+				for i in $dest_ip; do
+					for s in $dest_port; do
+						nft add element inet $FW_TABLE redirect_exclusion6 \{ "$p" . "$i" . "$s" \} > /dev/null 2>&1
+					done
+				done
+			done
 		fi
-	done
+	fi
 }
 
 add_firewall_redirect_exclusion() {

diff --git a/mihomo/files/nftables/hijack.nft b/mihomo/files/nftables/hijack.nft
@@ -106,6 +106,12 @@ table inet mihomo {
 		auto-merge
 	}
 
+	set redirect_exclusion6 {
+		type inet_proto . ipv6_addr . inet_service
+		flags interval
+		auto-merge
+	}
+
 	set upnp_exclusion {
 		type inet_proto . ipv4_addr . inet_service
 		flags interval, timeout
@@ -195,11 +201,12 @@ table inet mihomo {
 		ip6 daddr @wan_ip6 counter return
 		ip daddr @china_ip counter return
 		ip6 daddr @china_ip6 counter return
-		meta nfproto ipv4 meta l4proto . th dport != @acl_dport ip daddr != @fake_ip counter return
+		meta l4proto . th dport != @acl_dport ip daddr != @fake_ip counter return
 		meta nfproto ipv6 meta l4proto . th dport != @acl_dport counter return
 		meta l4proto { tcp, udp } th dport 53 counter return
-		meta nfproto ipv4 meta l4proto . ip saddr . th sport @redirect_exclusion counter return
-		meta nfproto ipv4 meta l4proto . ip saddr . th sport @upnp_exclusion counter return
+		meta l4proto . ip saddr . th sport @redirect_exclusion counter return
+		meta l4proto . ip6 saddr . th sport @redirect_exclusion6 counter return
+		meta l4proto . ip saddr . th sport @upnp_exclusion counter return
 	}
 
 	chain mangle_output {
@@ -211,7 +218,7 @@ table inet mihomo {
 		ip6 daddr @wan_ip6 counter return
 		ip daddr @china_ip counter return
 		ip6 daddr @china_ip6 counter return
-		meta nfproto ipv4 meta l4proto . th dport != @acl_dport ip daddr != @fake_ip counter return
+		meta l4proto . th dport != @acl_dport ip daddr != @fake_ip counter return
 		meta nfproto ipv6 meta l4proto . th dport != @acl_dport counter return
 		meta l4proto { tcp, udp } th dport 53 counter return
 		meta nfproto . meta l4proto . th sport @router_exclusion counter return