From 54c1772ad90557a111b33d01348dbd32b6377af1 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Mon, 21 Aug 2017 21:54:14 +0800 Subject: luci-app-shadowsocks-libev: validate elements of src, dst ip/net list Signed-off-by: Yousong Zhou --- .../luasrc/model/cbi/shadowsocks-libev/rules.lua | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'applications/luci-app-shadowsocks-libev/luasrc') diff --git a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua index 9985790174..83e16982f5 100644 --- a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua +++ b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua @@ -22,6 +22,11 @@ if not sdata then m:set('ss_rules', 'disabled', true) end +function src_dst_option(s, ...) + local o = s:taboption(...) + o.datatype = "or(ip4addr,cidr4)" +end + s = m:section(NamedSection, "ss_rules", "ss_rules") s:tab("general", translate("General Settings")) s:tab("srcip", translate("Source Settings")) @@ -49,13 +54,13 @@ s:taboption('general', Value, "ipt_args", translate("Extra arguments"), translate("Passes additional arguments to iptables. Use with care!")) -s:taboption('srcip', DynamicList, "src_ips_bypass", +src_dst_option(s, 'srcip', DynamicList, "src_ips_bypass", translate("Src ip bypass"), translate("Bypass redir action for packets with source addresses in this list")) -s:taboption('srcip', DynamicList, "src_ips_forward", +src_dst_option(s, 'srcip', DynamicList, "src_ips_forward", translate("Src ip forward"), translate("Go through redir action for packets with source addresses in this list")) -s:taboption('srcip', DynamicList, "src_ips_checkdst", +src_dst_option(s, 'srcip', DynamicList, "src_ips_checkdst", translate("Src ip checkdst"), translate("Continue to have dst address checked for packets with source addresses in this list")) o = s:taboption('srcip', ListValue, "src_default", @@ -63,10 +68,10 @@ o = s:taboption('srcip', ListValue, "src_default", translate("Default action for packets whose source addresses do not match any of the source ip list")) ss.values_actions(o) -s:taboption('dstip', DynamicList, "dst_ips_bypass", +src_dst_option(s, 'dstip', DynamicList, "dst_ips_bypass", translate("Dst ip bypass"), translate("Bypass redir action for packets with destination addresses in this list")) -s:taboption('dstip', DynamicList, "dst_ips_forward", +src_dst_option(s, 'dstip', DynamicList, "dst_ips_forward", translate("Dst ip forward"), translate("Go through redir action for packets with destination addresses in this list")) -- cgit v1.2.3 From 56e9ac6642c580cdd121e1bcd0f3bbd924c44dd0 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Tue, 22 Aug 2017 00:02:53 +0800 Subject: luci-app-shadowsocks-libev: fix setting boolean option Signed-off-by: Yousong Zhou --- .../luasrc/model/cbi/shadowsocks-libev/rules.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'applications/luci-app-shadowsocks-libev/luasrc') diff --git a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua index 83e16982f5..1f5a9d22ff 100644 --- a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua +++ b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua @@ -19,7 +19,7 @@ m = Map("shadowsocks-libev", local sdata = m:get('ss_rules') if not sdata then m:set('ss_rules', nil, 'ss_rules') - m:set('ss_rules', 'disabled', true) + m:set('ss_rules', 'disabled', "1") end function src_dst_option(s, ...) -- cgit v1.2.3 From fd085d991097bef73221ada9b8fec09d4da8b55f Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Tue, 22 Aug 2017 09:50:10 +0800 Subject: luci-app-shadowsocks-libev: tweak list of redir instances - Skip disabled ones - Allow empty value Signed-off-by: Yousong Zhou --- .../luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'applications/luci-app-shadowsocks-libev/luasrc') diff --git a/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua b/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua index 650ff6356e..e2a07adae1 100644 --- a/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua +++ b/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua @@ -23,13 +23,16 @@ end function values_redir(o, xmode) o.map.uci.foreach("shadowsocks-libev", "ss_redir", function(sdata) + local disabled = ucival_to_bool(sdata["disabled"]) local sname = sdata[".name"] local mode = sdata["mode"] or "tcp_only" - if mode and mode:find(xmode) then + if not disabled and mode:find(xmode) then local desc = "%s - %s" % {sname, mode} o:value(sname, desc) end end) + o:value("", "") + o.default = "" end function values_serverlist(o) -- cgit v1.2.3 From f5fa1a0f0834d6b3fd3d920d6aebde149bb7a0f0 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Mon, 21 Aug 2017 23:08:57 +0800 Subject: luci-app-shadowsocks-libev: rename option title for src dst list Signed-off-by: Yousong Zhou --- .../luasrc/model/cbi/shadowsocks-libev/rules.lua | 62 +++++++++++----------- 1 file changed, 31 insertions(+), 31 deletions(-) (limited to 'applications/luci-app-shadowsocks-libev/luasrc') diff --git a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua index 1f5a9d22ff..1e2a491bcb 100644 --- a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua +++ b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua @@ -9,12 +9,12 @@ m = Map("shadowsocks-libev", translate("Redir Rules"), translate("On this page you can configure how traffics are to be \ forwarded to ss-redir instances. \ - If enabled, packets will first have their source ip addresses checked \ - against Src ip bypass, Src ip forward, \ - Src ip checkdst and if none matches Src default \ + If enabled, packets will first have their src ip addresses checked \ + against Src ip/net bypass, Src ip/net forward, \ + Src ip/net checkdst and if none matches Src default \ will give the default action to be taken. \ If the prior check results in action checkdst, packets will continue \ - to have their destination addresses checked.")) + to have their dst addresses checked.")) local sdata = m:get('ss_rules') if not sdata then @@ -29,8 +29,8 @@ end s = m:section(NamedSection, "ss_rules", "ss_rules") s:tab("general", translate("General Settings")) -s:tab("srcip", translate("Source Settings")) -s:tab("dstip", translate("Destination Settings")) +s:tab("src", translate("Source Settings")) +s:tab("dst", translate("Destination Settings")) s:taboption('general', Flag, "disabled", translate("Disable")) ss.option_install_package(s, 'general') @@ -54,38 +54,38 @@ s:taboption('general', Value, "ipt_args", translate("Extra arguments"), translate("Passes additional arguments to iptables. Use with care!")) -src_dst_option(s, 'srcip', DynamicList, "src_ips_bypass", - translate("Src ip bypass"), - translate("Bypass redir action for packets with source addresses in this list")) -src_dst_option(s, 'srcip', DynamicList, "src_ips_forward", - translate("Src ip forward"), - translate("Go through redir action for packets with source addresses in this list")) -src_dst_option(s, 'srcip', DynamicList, "src_ips_checkdst", - translate("Src ip checkdst"), - translate("Continue to have dst address checked for packets with source addresses in this list")) -o = s:taboption('srcip', ListValue, "src_default", +src_dst_option(s, 'src', DynamicList, "src_ips_bypass", + translate("Src ip/net bypass"), + translate("Bypass ss-redir for packets with src address in this list")) +src_dst_option(s, 'src', DynamicList, "src_ips_forward", + translate("Src ip/net forward"), + translate("Forward through ss-redir for packets with src address in this list")) +src_dst_option(s, 'src', DynamicList, "src_ips_checkdst", + translate("Src ip/net checkdst"), + translate("Continue to have dst address checked for packets with src address in this list")) +o = s:taboption('src', ListValue, "src_default", translate("Src default"), - translate("Default action for packets whose source addresses do not match any of the source ip list")) + translate("Default action for packets whose src address do not match any of the src ip/net list")) ss.values_actions(o) -src_dst_option(s, 'dstip', DynamicList, "dst_ips_bypass", - translate("Dst ip bypass"), - translate("Bypass redir action for packets with destination addresses in this list")) -src_dst_option(s, 'dstip', DynamicList, "dst_ips_forward", - translate("Dst ip forward"), - translate("Go through redir action for packets with destination addresses in this list")) +src_dst_option(s, 'dst', DynamicList, "dst_ips_bypass", + translate("Dst ip/net bypass"), + translate("Bypass ss-redir for packets with dst address in this list")) +src_dst_option(s, 'dst', DynamicList, "dst_ips_forward", + translate("Dst ip/net forward"), + translate("Forward through ss-redir for packets with dst address in this list")) -o = s:taboption('dstip', FileBrowser, "dst_ips_bypass_file", - translate("Dst ip bypass file"), - translate("File containing ip addresses for the purposes as with Dst ip bypass")) +o = s:taboption('dst', FileBrowser, "dst_ips_bypass_file", + translate("Dst ip/net bypass file"), + translate("File containing ip/net for the purposes as with Dst ip/net bypass")) o.datatype = "file" -s:taboption('dstip', FileBrowser, "dst_ips_forward_file", - translate("Dst ip forward file"), - translate("File containing ip addresses for the purposes as with Dst ip forward")) +s:taboption('dst', FileBrowser, "dst_ips_forward_file", + translate("Dst ip/net forward file"), + translate("File containing ip/net for the purposes as with Dst ip/net forward")) o.datatype = "file" -o = s:taboption('dstip', ListValue, "dst_default", +o = s:taboption('dst', ListValue, "dst_default", translate("Dst default"), - translate("Default action for packets whose destination addresses do not match any of the destination ip list")) + translate("Default action for packets whose dst address do not match any of the dst ip list")) ss.values_actions(o) return m -- cgit v1.2.3 From 4b042bcbd9104c128dd2255b02f8dbc2dd59b653 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Tue, 22 Aug 2017 10:48:51 +0800 Subject: luci-app-shadowsocks-libev: enumerate ifnames with sys.net.devices() Signed-off-by: Yousong Zhou --- .../luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'applications/luci-app-shadowsocks-libev/luasrc') diff --git a/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua b/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua index e2a07adae1..7ba6b40c53 100644 --- a/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua +++ b/applications/luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua @@ -3,6 +3,7 @@ local _up = getfenv(3) local ut = require("luci.util") +local sys = require("luci.sys") local ds = require("luci.dispatcher") local nw = require("luci.model.network") nw.init() @@ -56,10 +57,8 @@ function values_ipaddr(o) end function values_ifnames(o) - for _, v in ipairs(nw:get_interfaces()) do - if v.dev then - o:value(v.dev.name) - end + for _, v in ipairs(sys.net.devices()) do + o:value(v) end end -- cgit v1.2.3 From 28b996d66f370517e5653b7ee5a4f3e5b3616520 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Mon, 21 Aug 2017 22:58:40 +0800 Subject: luci-app-shadowsocks-libev: support for option dst_forward_recentrst Signed-off-by: Yousong Zhou --- .../luasrc/model/cbi/shadowsocks-libev/rules.lua | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'applications/luci-app-shadowsocks-libev/luasrc') diff --git a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua index 1e2a491bcb..4a01bed247 100644 --- a/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua +++ b/applications/luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua @@ -88,4 +88,22 @@ o = s:taboption('dst', ListValue, "dst_default", translate("Default action for packets whose dst address do not match any of the dst ip list")) ss.values_actions(o) +local installed = os.execute("iptables -m recent -h &>/dev/null") == 0 +if installed then + o = s:taboption('dst', Flag, "dst_forward_recentrst") +else + m:set('ss_rules', 'dst_forward_recentrst', "0") + o = s:taboption("dst", Button, "_install") + o.inputtitle = translate("Install package iptables-mod-conntrack-extra") + o.inputstyle = "apply" + o.write = function() + return luci.http.redirect( + luci.dispatcher.build_url("admin/system/packages") .. + "?submit=1&install=iptables-mod-conntrack-extra" + ) + end +end +o.title = translate("Forward recentrst") +o.description = translate("Forward those packets whose dst have recently sent to us multiple tcp-rst") + return m -- cgit v1.2.3