'use strict'; 'require view'; 'require uci'; 'require fs'; 'require form'; 'require tools.widgets as widgets'; 'require shadowsocks-libev as ss'; var conf = 'shadowsocks-libev'; function src_dst_option(s /*, ... */) { var o = s.taboption.apply(s, L.varargs(arguments, 1)); o.datatype = 'or(ipaddr,cidr)'; } return view.extend({ load: function() { return Promise.all([ L.resolveDefault(fs.stat('/usr/lib/iptables/libxt_recent.so'), {}), L.resolveDefault(fs.stat('/usr/bin/ss-rules'), null), uci.load(conf).then(function() { if (!uci.get_first(conf, 'ss_rules')) { uci.set(conf, uci.add(conf, 'ss_rules', 'ss_rules'), 'disabled', '1'); } }) ]); }, render: function(stats) { var m, s, o; m = new form.Map(conf, _('Redir Rules'), _('On this page you can configure how traffics are to be \ forwarded to ss-redir instances. \ If enabled, packets will first have their src ip addresses checked \ against Src ip/net bypass, Src ip/net forward, \ Src ip/net checkdst and if none matches Src default \ will give the default action to be taken. \ If the prior check results in action checkdst, packets will continue \ to have their dst addresses checked.')); s = m.section(form.NamedSection, 'ss_rules', 'ss_rules'); s.tab('general', _('General Settings')); s.tab('src', _('Source Settings')); s.tab('dst', _('Destination Settings')); s.taboption('general', form.Flag, 'disabled', _('Disable')); if (!stats[1]) { ss.option_install_package(s, 'general'); } o = s.taboption('general', form.ListValue, 'redir_tcp', _('ss-redir for TCP')); ss.values_redir(o, 'tcp'); o = s.taboption('general', form.ListValue, 'redir_udp', _('ss-redir for UDP')); ss.values_redir(o, 'udp'); o = s.taboption('general', form.ListValue, 'local_default', _('Local-out default'), _('Default action for locally generated TCP packets')); ss.values_actions(o); o = s.taboption('general', widgets.DeviceSelect, 'ifnames', _('Ingress interfaces'), _('Only apply rules on packets from these network interfaces')); o.multiple = true; o.noaliases = true; o.noinactive = true; s.taboption('general', form.Value, 'ipt_args', _('Extra arguments'), _('Passes additional arguments to iptables. Use with care!')); src_dst_option(s, 'src', form.DynamicList, 'src_ips_bypass', _('Src ip/net bypass'), _('Bypass ss-redir for packets with src address in this list')); src_dst_option(s, 'src', form.DynamicList, 'src_ips_forward', _('Src ip/net forward'), _('Forward through ss-redir for packets with src address in this list')); src_dst_option(s, 'src', form.DynamicList, 'src_ips_checkdst', _('Src ip/net checkdst'), _('Continue to have dst address checked for packets with src address in this list')); o = s.taboption('src', form.ListValue, 'src_default', _('Src default'), _('Default action for packets whose src address do not match any of the src ip/net list')); ss.values_actions(o); src_dst_option(s, 'dst', form.DynamicList, 'dst_ips_bypass', _('Dst ip/net bypass'), _('Bypass ss-redir for packets with dst address in this list')); src_dst_option(s, 'dst', form.DynamicList, 'dst_ips_forward', _('Dst ip/net forward'), _('Forward through ss-redir for packets with dst address in this list')); var dir = '/etc/shadowsocks-libev'; o = s.taboption('dst', form.FileUpload, 'dst_ips_bypass_file', _('Dst ip/net bypass file'), _('File containing ip/net for the purposes as with Dst ip/net bypass')); o.root_directory = dir; o = s.taboption('dst', form.FileUpload, 'dst_ips_forward_file', _('Dst ip/net forward file'), _('File containing ip/net for the purposes as with Dst ip/net forward')); o.root_directory = dir; o = s.taboption('dst', form.ListValue, 'dst_default', _('Dst default'), _('Default action for packets whose dst address do not match any of the dst ip list')); ss.values_actions(o); if (stats[0].type === 'file') { o = s.taboption('dst', form.Flag, 'dst_forward_recentrst'); } else { uci.set(conf, 'ss_rules', 'dst_forward_recentrst', '0'); o = s.taboption('dst', form.Button, '_install'); o.inputtitle = _('Install package iptables-mod-conntrack-extra'); o.inputstyle = 'apply'; o.onclick = function() { window.open(L.url('admin/system/opkg') + '?query=iptables-mod-conntrack-extra', '_blank', 'noopener'); } } o.title = _('Forward recentrst'); o.description = _('Forward those packets whose dst have recently sent to us multiple tcp-rst'); return m.render(); }, });