Mirror/zapret-openwrt
1
0
Fork 0
mirror of https://github.com/remittor/zapret-openwrt.git synced 2026-01-28 21:30:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:master
Branches Tags
Mirror:master Mirror:gh-pages Mirror:zap1
Mirror:v0.9.20260128 Mirror:v72.20260128 Mirror:v72.20260126 Mirror:v0.8.20260125 Mirror:v72.20260125 Mirror:v72.20260119 Mirror:v0.8.20260118 Mirror:v72.20260117 Mirror:v0.8.20260117 Mirror:v72.20260116 Mirror:v72.20260115 Mirror:v72.20260114 Mirror:v0.8.20260113 Mirror:v72.20260113 Mirror:v0.8.20260111 Mirror:v72.20260111 Mirror:v0.8.20260109 Mirror:v72.20260108 Mirror:v0.8.20260107 Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012
..
compare: Mirror:v72.20260117
Branches Tags
Mirror:gh-pages Mirror:master Mirror:zap1
Mirror:v0.9.20260128 Mirror:v72.20260128 Mirror:v72.20260126 Mirror:v0.8.20260125 Mirror:v72.20260125 Mirror:v72.20260119 Mirror:v0.8.20260118 Mirror:v72.20260117 Mirror:v0.8.20260117 Mirror:v72.20260116 Mirror:v72.20260115 Mirror:v72.20260114 Mirror:v0.8.20260113 Mirror:v72.20260113 Mirror:v0.8.20260111 Mirror:v72.20260111 Mirror:v0.8.20260109 Mirror:v72.20260108 Mirror:v0.8.20260107 Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012

85 Commits
master ... v72.202601

Author SHA1 Message Date
remittor
ce26fdff22 Bump version to v72.20260117 2026-01-17 17:06:40 +03:00
remittor
18cc8d4115 luci: Fix typo into get_svc_buttons 2026-01-17 16:20:44 +03:00
remittor
702fe4721d luci: Fix file permissions for saved configs 2026-01-17 15:58:30 +03:00
remittor
10997a443f luci: Using dict for arguments of function 2026-01-17 15:50:46 +03:00
remittor
d91f44c287 diag: dwc: Add detect JS-challenge 2026-01-17 14:59:25 +03:00
remittor
45974e191d config: Use --comment option for strategy naming 2026-01-17 13:59:07 +03:00
remittor
42d8ee8ba6 luci: NFQWS_OPT: Block enter text with quotes 2026-01-17 13:57:49 +03:00
remittor
2ce84ee555 Bump version to v72.20260116 2026-01-16 20:22:02 +03:00
remittor
e9632267d5 makefile: Fix creation main config file 2026-01-16 20:21:10 +03:00
remittor
e3e8ba36ed diag: dwc: Add recommendations 2026-01-16 19:36:05 +03:00
remittor
438c1baa97 updater: Add uninstall oldest mdig and ip2net packages 2026-01-16 19:05:24 +03:00
remittor
d966dd605e luci: Fix checkbox enable_custom_d 2026-01-16 17:11:37 +03:00
remittor
cef8c709a1 makefile: Cleanup conffiles and install sections 2026-01-16 16:09:33 +03:00
remittor
5a7a88ccbd luci: Fix save very long textareas to file 2026-01-16 11:34:09 +03:00
remittor
c575592f9e Bump version to v72.20260115 2026-01-15 22:33:43 +03:00
remittor
643eb3c693 build: Add option CONFIG_LUCI_CSSMIN=n 2026-01-15 22:32:26 +03:00
remittor
c0e2747f30 settings: Add new options on "Reset settings" dialog 2026-01-15 22:28:18 +03:00
remittor
8abbd3fb5e updater: Fix typo 2026-01-15 22:03:16 +03:00
remittor
508e81b66c diag: Add support resolve ip via specific dns 2026-01-15 22:02:34 +03:00
remittor
dfb6b0a338 ipset: Update zapret-hosts-user-exclude.txt 2026-01-15 20:44:51 +03:00
remittor
c5fa0829e1 luci: Fix save very long textareas to file 2026-01-15 20:40:21 +03:00
remittor
d401c8c6b5 def-cfg: Add new strategy v7_by_StressOzz 2026-01-15 09:48:11 +03:00
remittor
ddbbb81d3c ipset: Update zapret-hosts-user-exclude.txt 2026-01-15 09:40:30 +03:00
remittor
a18d45190e Bump version to v72.20260114 2026-01-14 22:02:51 +03:00
remittor
217b105b7b dwc: Rewrite code and restore US.AWS-01 (kaltura.com) 2026-01-14 22:01:23 +03:00
remittor
0d6ba6e657 comfunc: Fix recreating crontab log cleaning task on restart 
PR: ad6b23f4aa
 2026-01-13 21:41:33 +03:00
remittor
bc518190d2 luci: Fix show NFQWS_OPT 2026-01-13 21:33:24 +03:00
remittor
d02391a0e3 dwc: Remove US.AWS-01 (kaltura.com) 
This site required JS-challenge
 2026-01-13 17:02:29 +03:00
remittor
3c2f472b78 Bump version to v72.20260113 2026-01-13 13:50:44 +03:00
remittor
39c4fd6279 makefile: Fix postinst section 2026-01-13 13:49:52 +03:00
remittor
91ec462bcf confunc: Fix function restore_all_ipset_cfg 2026-01-13 13:37:06 +03:00
remittor
015bf4befe luci: Add description for "Diagnostics" button 2026-01-13 13:34:25 +03:00
remittor
75ccdb6a1b makefile: Fix conffiles section 2026-01-13 13:24:47 +03:00
remittor
98c5d5b0ed Replace echo to printf for TAB symbol 2026-01-13 12:46:04 +03:00
remittor
cf7661f2b9 config: Fix sync for AUTOHOSTLIST_RETRANS_RESET 2026-01-13 12:24:50 +03:00
remittor
4327f98bb7 Fix uci-def-cfg.sh 2026-01-13 12:19:11 +03:00
remittor
694716a512 github: releases: Add step "Wait for GitHub API consistency" 2026-01-12 22:45:19 +03:00
remittor
be1027dfd7 makefile: Fix preinst section (check for incompatible packages) 2026-01-12 15:15:21 +03:00
remittor
0edcc6c4a0 makefile: Disable TPWS in blockcheck 2026-01-12 13:27:53 +03:00
remittor
a71965b382 diag: Fix bugs in dwc.sh 2026-01-11 19:08:35 +03:00
remittor
d45d07df82 makefile: Add remove packages mdig and ip2net 2026-01-11 18:41:34 +03:00
remittor
f4a68178b7 makefile: skip init.d.sh 2026-01-11 16:09:48 +03:00
remittor
32c6f9cfc3 Bump version to v72.20260111 2026-01-11 15:28:00 +03:00
remittor
6660ea0a20 Add diagnostic button (DPI checker) 2026-01-11 15:27:48 +03:00
remittor
5f470e8f82 ipset: Update zapret-hosts-user-exclude.txt 2026-01-11 15:05:53 +03:00
remittor
d6304e6e24 build: Fix matrix for riscv64 arch 2026-01-11 15:05:10 +03:00
remittor
f0cc13fb38 config: Fix "<" and ">" symbols for v6 strategy 2026-01-11 10:20:27 +03:00
remittor
486475f817 luci: updater: Add new func tools.execAndRead 2026-01-10 20:54:11 +03:00
remittor
969029c0db luci: Fix update text after edit for NFQWS_OPT 2026-01-10 10:56:47 +03:00
remittor
879ffa217d luci: Fix js-files for unification 2026-01-09 22:29:47 +03:00
remittor
4f5dd5a019 luci: Splitting file tools.js into two parts (add file env.js) 2026-01-09 22:00:05 +03:00
remittor
349ead377a build: Rewrite build script (using OpenWrt SDK from github) 2026-01-09 17:42:21 +03:00
remittor
c7616b468b Replace "founded" to "found" 2026-01-09 17:36:38 +03:00
remittor
bb5647568e updater: Fix pkg_mgr_update for opkg 2026-01-09 10:31:33 +03:00
remittor
40a3605034 Bump version to v72.20260108 2026-01-08 19:57:07 +03:00
remittor
3227458422 readme: Update link to instructions 2026-01-08 19:38:51 +03:00
remittor
54fdbe4d5e updater: Add support install packages on clean OpenWrt 
Example: ./update-pkg.sh -u 1
Example: ./update-pkg.sh -u 2
 2026-01-08 18:33:18 +03:00
remittor
b714b629b7 Integrate mdig and ip2net to main package 2026-01-01 12:27:28 +03:00
remittor
354a71f6c5 Remove tpws, mdig, ip2net packages 2026-01-01 12:22:58 +03:00
remittor
f48488b21b updater: Change get_actual_release error 1 to 150 2025-12-30 13:39:18 +03:00
remittor
a3c256c31a zapret: Global use of dynamic variables 2025-12-29 21:09:35 +03:00
remittor
1d2d3c4b84 luci: updater: Skip error -32000 2025-12-29 19:36:12 +03:00
remittor
5b6fd0a1e6 updater: Fix get_pkg_version for OpenWrt 25 2025-12-29 18:34:31 +03:00
remittor
791ea2d2b6 github: issue: Add help_wanted templates 2025-12-27 11:28:18 +03:00
remittor
9d73b59640 Bump version to v72.20251227 2025-12-27 11:27:41 +03:00
remittor
b58cbafec6 updater: Fix luci package name 2025-12-27 11:27:05 +03:00
remittor
a56b1e3f1c luci: tools: Fix save changes into modal dialog for NFQWS_OPT 2025-12-27 10:29:21 +03:00
remittor
80f15e3da1 def-cfg: Add new strategy v6_by_StressOzz 2025-12-27 10:25:54 +03:00
remittor
89bcec8a60 updater: Fix files renaming 2025-12-26 15:45:20 +03:00
remittor
735575c7bc updater: Update func download_releases_info 2025-12-26 08:57:31 +03:00
remittor
5550820fdc Bump version to v72.20251225-r2 2025-12-25 18:04:53 +03:00
remittor
0e8366f7d1 luci: tools: Fix show and close modal dialog for NFQWS_OPT 2025-12-25 18:02:11 +03:00
remittor
ea3c774537 updater: Fix find base package after ZIP unpack 2025-12-25 14:57:36 +03:00
remittor
57b7e65532 github: Fix bug_report.yml 2025-12-25 12:01:27 +03:00
remittor
eeacc486f9 Add ISSUE_TEMPLATE 2025-12-25 11:52:35 +03:00
remittor
101382faf7 Bump version to v72.20251225 2025-12-25 08:58:38 +03:00
remittor
21229ef152 def-cfg: Add strategies by Flowseal (ALT7 + TLS_AUTO_ALT3) 2025-12-25 08:54:40 +03:00
remittor
9aaf2b29e3 fake: Add TLS 1.3 hello from max.ru 2025-12-25 08:25:26 +03:00
remittor
246f4a08a0 luci: tools: Fix close modal dialog for NFQWS_OPT 2025-12-24 18:50:48 +03:00
remittor
3d3eb82b7b luci: updater: Fix timer using 2025-12-24 14:39:52 +03:00
remittor
8aff441b88 luci: tools: Fix close modal dialog for NFQWS_OPT 2025-12-23 14:14:07 +03:00
remittor
1c866d5de1 comfunc: Fix remove debug log 2025-12-20 10:11:18 +03:00
remittor
57d5ab5060 Bump version to v72.20251219 2025-12-19 11:17:04 +03:00
remittor
5a685cfa27 updater: Add check for unzip installed 2025-12-19 11:11:47 +03:00
remittor
21017047a8 updater: Fix parsing package version (APK) 2025-12-19 10:22:54 +03:00
46 changed files with 1601 additions and 1437 deletions
Expand all files Collapse all files

80
.github/ISSUE_TEMPLATE/bug_report_en.yml vendored Normal file
View File

@@ -0,0 +1,80 @@
---
name: 🐛 Bug Report
description: Report a reproducible bug
title: "[BUG] "
labels: ["bug"]
assignees: []
body:
- type: markdown
attributes:
value: |
Thanks for reporting a bug! Please fill out the form below.
Before sending, please:
- Check [existing issues](https://github.com/remittor/zapret-openwrt/issues)
- Read [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Bug description
description: A clear and concise description of what is not working
placeholder: A clear and concise description of the bug
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Steps to reproduce
description: Steps to reproduce the problem. If you're following a manual, please include a link to it.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Expected behavior
description: A clear and concise description of what was to happen
placeholder: Describe the expected behavior
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ System Information
description: |
Information about your system (fill in all that used)
value: |
- **OpenWrt version**:
- **Zapret version**:
- **Router model**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ The NFQWS strategy used
description: All parameters of the NFQWS strategy, or its name
placeholder: If the problem is caused by the NFQWS strategy
- type: textarea
id: config
attributes:
label: ⚙️ System Configurations
description: |
Relevant parts of the configuration (remove sensitive information!)
placeholder: |
For example:
- Contents of /etc/config/zapret
- Firewall configuration (Flow offloading, etc.)
- Additional configurations required for wireless/network/dhcp, etc.
render: shell

80
.github/ISSUE_TEMPLATE/bug_report_ru.yml vendored Normal file
View File

@@ -0,0 +1,80 @@
---
name: 🐛 Сообщение об ошибке
description: Сообщить об ошибке
title: "[BUG] "
labels: ["bug"]
assignees: []
body:
- type: markdown
attributes:
value: |
Спасибо за создание отчета об ошибке!
Перед отправкой, пожалуйста:
- Проверьте [существующие issues](https://github.com/remittor/zapret-openwrt/issues)
- Просмотрите [документацию](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Описание проблемы
description: Четкое и краткое описание того, что не работает
placeholder: Опишите проблему
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Шаги для воспроизведения
description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по какому либо мануалу, приложите ссылку на него.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Ожидаемое поведение
description: Четкое и краткое описание того, что должно было произойти
placeholder: Опишите ожидаемое поведение
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ Информация о системе
description: |
Информация о вашей системе (заполните всё применяемое)
value: |
- **OpenWrt версия**:
- **Zapret версия**:
- **Роутер модель**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ Используемая стратегия NFQWS
description: Все параметры стратегии NFQWS, либо её название
placeholder: Если проблема вызвана стратегией NFQWS
- type: textarea
id: config
attributes:
label: ⚙️ Конфигурация
description: |
Релевантные части конфигурации (удалите чувствительную информацию!)
placeholder: |
Например:
- Содержимое /etc/config/zapret
- Конфигурация файервола (опция Flow offloading и т.п.)
- Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
render: shell

9
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@@ -0,0 +1,9 @@
blank_issues_enabled: false
contact_links:
- name: 💬 Installation instructions / Инструкция по установке
url: https://github.com/remittor/zapret-openwrt/wiki/Installing-zapret%E2%80%90openwrt-package
about: Installation instructions / Инструкция по установке
- name: 📚 Original documetation / Оригинальная документация к zapret'у
url: https://github.com/bol-van/zapret/blob/master/docs/readme.md
about: README zapret

66
.github/ISSUE_TEMPLATE/feature_request_en.yml vendored Normal file
View File

@@ -0,0 +1,66 @@
---
name: ✨ Feature Request
description: Suggest a new feature or improvement
title: "[FEATURE] "
labels: ["enhancement", "needs-discussion"]
assignees: []
body:
- type: markdown
attributes:
value: |
Before sending, please:
- Check [existing requests](https://github.com/remittor/zapret-openwrt/issues?q=is%3Aissue+label%3Aenhancement)
- Make sure the function doesn't exist in [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: summary
attributes:
label: Brief description
description: Brief description of the proposed function
placeholder: In one sentence, describe what you want to add...
validations:
required: true
- type: textarea
id: problem
attributes:
label: The problem it solves
description: |
Description of the problem or inconvenience this feature will solve
placeholder: |
There is no possibility now [...]
validations:
required: true
- type: textarea
id: solution
attributes:
label: 💡 Proposed solution
description: A clear and concise description of what you want to achieve
placeholder: |
I want Zapret to be able to [...]
I suggest adding a feature that [...]
Could be improved [...]
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Workaround
description: |
Describe any alternative solutions or features you considered.
Are there any workarounds you currently use?
placeholder: |
I'm currently solving this problem by [...]
An alternative would be [...]
I tried using [...], but it doesn't work because [...]
- type: textarea
id: implementation
attributes:
label: Implementation ideas (optional)
description: |
If you have any ideas on how this could be implemented, please share them. Please keep LuCI's limitations in mind.
placeholder: |
This can be achieved using [...]

68
.github/ISSUE_TEMPLATE/feature_request_ru.yml vendored Normal file
View File

@@ -0,0 +1,68 @@
---
name: ✨ Запрос новой функции
description: Предложите новую функцию или улучшение для Zapret
title: "[FEATURE] "
labels: ["enhancement", "needs-discussion"]
assignees: []
body:
- type: markdown
attributes:
value: |
Спасибо за предложение новой функции!
Перед отправкой, пожалуйста:
- Проверьте [существующие запросы](https://github.com/remittor/zapret-openwrt/issues?q=is%3Aissue+label%3Aenhancement)
- Убедитесь, что функции не существует в [документации](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: summary
attributes:
label: Краткое описание
description: Краткое описание предлагаемой функции
placeholder: В одном предложении опишите, что вы хотите добавить...
validations:
required: true
- type: textarea
id: problem
attributes:
label: Проблема, которую решает
description: |
Описание проблемы или неудобства, которое решит эта функция
placeholder: |
Сейчас нет возможности [...]
validations:
required: true
- type: textarea
id: solution
attributes:
label: 💡 Предлагаемое решение
description: Четкое и краткое описание того, что вы хотите реализовать
placeholder: |
Я хочу, чтобы Zapret мог [...]
Предлагаю добавить функцию, которая [...]
Можно было бы улучшить [...] путем [...]
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Workaround
description: |
Опишите альтернативные решения или функции, которые вы рассматривали
Есть ли обходные пути, которые вы используете сейчас?
placeholder: |
Сейчас я решаю это проблему путем [...]
Альтернативой могло бы быть [...]
Пробовал использовать [...], но это не подходит потому что [...]
- type: textarea
id: implementation
attributes:
label: Идеи реализации (опционально)
description: |
Если у вас есть идеи о том, как это можно реализовать, поделитесь ими. Помните про ограничения LuCI.
placeholder: |
Это можно реализовать с помощью [...]

78
.github/ISSUE_TEMPLATE/help_wanted_en.yml vendored Normal file
View File

@@ -0,0 +1,78 @@
---
name: 🆘 Help wanted
description: Ask for help or propose to help
title: "[HELP] "
labels: ["help wanted"]
assignees: []
body:
- type: markdown
attributes:
value: |
Before sending, please:
- Check [existing issues](https://github.com/remittor/zapret-openwrt/issues)
- Read [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Problem description
description: What do you need help with?
placeholder: A clear and concise description of the problem
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Steps to reproduce
description: Steps to reproduce the problem. If you're following a manual, please include a link to it.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Expected behavior
description: A clear and concise description of what was to happen
placeholder: Describe the expected behavior
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ System Information
description: |
Information about your system (fill in all that used)
value: |
- **OpenWrt version**:
- **Zapret version**:
- **Router model**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ The NFQWS strategy used
description: All parameters of the NFQWS strategy, or its name
placeholder: If the problem is caused by the NFQWS strategy
- type: textarea
id: config
attributes:
label: ⚙️ System Configurations
description: |
Relevant parts of the configuration (remove sensitive information!)
placeholder: |
For example:
- Contents of /etc/config/zapret
- Firewall configuration (Flow offloading, etc.)
- Additional configurations required for wireless/network/dhcp, etc.
render: shell

78
.github/ISSUE_TEMPLATE/help_wanted_ru.yml vendored Normal file
View File

@@ -0,0 +1,78 @@
---
name: 🆘 Нужна помощь
description: Нужна помощь
title: "[HELP] "
labels: ["help wanted"]
assignees: []
body:
- type: markdown
attributes:
value: |
Перед отправкой, пожалуйста:
- Проверьте [существующие issues](https://github.com/remittor/zapret-openwrt/issues)
- Просмотрите [документацию](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Описание проблемы
description: В чём именно нужна помощь?
placeholder: Опишите проблему
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Шаги для воспроизведения
description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по какому либо мануалу, приложите ссылку на него.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Ожидаемое поведение
description: Четкое и краткое описание того, что должно было произойти
placeholder: Опишите ожидаемое поведение
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ Информация о системе
description: |
Информация о вашей системе (заполните всё применяемое)
value: |
- **OpenWrt версия**:
- **Zapret версия**:
- **Роутер модель**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ Используемая стратегия NFQWS
description: Все параметры стратегии NFQWS, либо её название
placeholder: Если проблема вызвана стратегией NFQWS
- type: textarea
id: config
attributes:
label: ⚙️ Конфигурация
description: |
Релевантные части конфигурации (удалите чувствительную информацию!)
placeholder: |
Например:
- Содержимое /etc/config/zapret
- Конфигурация файервола (опция Flow offloading и т.п.)
- Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
render: shell

24
.github/workflows/build.yml vendored
View File

@@ -155,6 +155,8 @@ jobs:
- mipsel_24kc_24kf - mipsel_24kc_24kf
- mipsel_74kc - mipsel_74kc
- mipsel_mips32 - mipsel_mips32
- riscv64_riscv64
- riscv64_generic
- x86_64 - x86_64
isTestOrFake: isTestOrFake:
- ${{ needs.check.outputs.test_build == 'true' || needs.check.outputs.fake_build == 'true' }} - ${{ needs.check.outputs.test_build == 'true' || needs.check.outputs.fake_build == 'true' }}
@@ -163,6 +165,10 @@ jobs:
arch: arm_cortex-a9_vfpv3-d16 arch: arm_cortex-a9_vfpv3-d16
- branch: ${{ needs.var.outputs.APK_BRANCH }} - branch: ${{ needs.var.outputs.APK_BRANCH }}
arch: mips_4kec arch: mips_4kec
- branch: ${{ needs.var.outputs.APK_BRANCH }}
arch: riscv64_riscv64
- branch: ${{ needs.var.outputs.IPK_BRANCH }}
arch: riscv64_generic
- { isTestOrFake: true } - { isTestOrFake: true }
include: include:
- branch: ${{ needs.var.outputs.IPK_BRANCH }} - branch: ${{ needs.var.outputs.IPK_BRANCH }}
@@ -270,6 +276,8 @@ jobs:
run: | run: |
make defconfig make defconfig
sed -i 's/CONFIG_LUCI_JSMIN=y/CONFIG_LUCI_JSMIN=n/g' .config sed -i 's/CONFIG_LUCI_JSMIN=y/CONFIG_LUCI_JSMIN=n/g' .config
sed -i 's/CONFIG_LUCI_CSSMIN=y/CONFIG_LUCI_CSSMIN=n/g' .config
grep -q '^CONFIG_LUCI_CSSMIN=' .config || echo 'CONFIG_LUCI_CSSMIN=n' >> .config
echo "status=success" >> $GITHUB_OUTPUT echo "status=success" >> $GITHUB_OUTPUT
- name: Show config - name: Show config
@@ -284,9 +292,9 @@ jobs:
env: env:
ARCH_TAG: ${{ matrix.arch }} ARCH_TAG: ${{ matrix.arch }}
run: | run: |
PKGLIST="package/zapret-openwrt/zapret2/compile" PKGLIST="package/zapret-openwrt/zapret/compile"
if [ "$ARCH_TAG" = "$LUCI_ARCH" ]; then if [ "$ARCH_TAG" = "$LUCI_ARCH" ]; then
PKGLIST="$PKGLIST package/zapret-openwrt/luci-app-zapret2/compile" PKGLIST="$PKGLIST package/zapret-openwrt/luci-app-zapret/compile"
fi fi
MAKE_JOBS=$(nproc) MAKE_JOBS=$(nproc)
echo "$MAKE_JOBS thread compile" echo "$MAKE_JOBS thread compile"
@@ -306,8 +314,8 @@ jobs:
run: | run: |
OUT_DIR=./bin/packages/dev_x/base OUT_DIR=./bin/packages/dev_x/base
mkdir -p $OUT_DIR mkdir -p $OUT_DIR
touch $OUT_DIR/zapret2_$PKGVER-$ARCH_TAG.$PKGTYPE touch $OUT_DIR/zapret_$PKGVER-$ARCH_TAG.$PKGTYPE
touch $OUT_DIR/luci-app-zapret2_$PKGVER-all.$PKGTYPE touch $OUT_DIR/luci-app-zapret_$PKGVER-all.$PKGTYPE
echo "status=success" >> $GITHUB_OUTPUT echo "status=success" >> $GITHUB_OUTPUT
- name: Install packages - name: Install packages
@@ -318,7 +326,7 @@ jobs:
ARCH_TAG: ${{ matrix.arch }} ARCH_TAG: ${{ matrix.arch }}
SIGN_KEY: ${{ secrets.SIGN_PRIVATE_KEY }} SIGN_KEY: ${{ secrets.SIGN_PRIVATE_KEY }}
run: | run: |
find ./bin/packages/*/base -type f ! -regex ".*\(zapret2\).*\.[ai]pk$" -delete find ./bin/packages/*/base -type f ! -regex ".*\(zapret\).*\.[ai]pk$" -delete
#echo ">>>>>>> build a repository index to make the output directory usable as local OPKG source" #echo ">>>>>>> build a repository index to make the output directory usable as local OPKG source"
#ln -s `which usign` staging_dir/host/bin/usign #ln -s `which usign` staging_dir/host/bin/usign
#echo "$SIGN_KEY" | base64 -d > key-build #echo "$SIGN_KEY" | base64 -d > key-build
@@ -384,7 +392,7 @@ jobs:
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec cp -f "$LUCI_IPK" "{}/" \; find ./sorted -mindepth 1 -maxdepth 1 -type d -exec cp -f "$LUCI_IPK" "{}/" \;
find ./sorted -mindepth 2 -maxdepth 2 -type d -name "apk" -exec cp -f "$LUCI_APK" "{}/" \; find ./sorted -mindepth 2 -maxdepth 2 -type d -name "apk" -exec cp -f "$LUCI_APK" "{}/" \;
mkdir -p public mkdir -p public
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec sh -c '7z a ./public/zapret2_v${PKGVER}_$(basename "{}" | cut -d, -f3).zip {}/*' \; find ./sorted -mindepth 1 -maxdepth 1 -type d -exec sh -c '7z a ./public/zapret_v${PKGVER}_$(basename "{}" | cut -d, -f3).zip {}/*' \;
ls -lh ./public/*.zip ls -lh ./public/*.zip
- name: Upload assets - name: Upload assets
@@ -396,7 +404,7 @@ jobs:
draft: ${{ env.TEST_BUILD == 'true' || env.FAKE_BUILD == 'true' }} draft: ${{ env.TEST_BUILD == 'true' || env.FAKE_BUILD == 'true' }}
prerelease: true prerelease: true
tag_name: v${{ needs.build.outputs.pkgver }}${{ env.TAG_SUFFIX }} tag_name: v${{ needs.build.outputs.pkgver }}${{ env.TAG_SUFFIX }}
name: zapret2 v${{ needs.build.outputs.pkgver }} name: zapret v${{ needs.build.outputs.pkgver }}
body: | body: |
zapret2 v${{ needs.build.outputs.pkgver }} for OpenWrt zapret v${{ needs.build.outputs.pkgver }} for OpenWrt
files: ./public/*.zip files: ./public/*.zip

5
README.md
View File

@@ -2,13 +2,12 @@
[![Github All Releases](https://img.shields.io/github/downloads/remittor/zapret-openwrt/total.svg)](https://github.com/remittor/zapret-openwrt/releases) [![Github All Releases](https://img.shields.io/github/downloads/remittor/zapret-openwrt/total.svg)](https://github.com/remittor/zapret-openwrt/releases)
[![Github Latest Release](https://img.shields.io/github/downloads/remittor/zapret-openwrt/latest/total.svg)](https://github.com/remittor/zapret-openwrt/releases) [![Github Latest Release](https://img.shields.io/github/downloads/remittor/zapret-openwrt/latest/total.svg)](https://github.com/remittor/zapret-openwrt/releases)
[![ViewCount](https://views.whatilearened.today/views/github/remittor/zapret-openwrt.svg)](https://github.com/remittor/zapret-openwrt) [![ViewCount](https://views.whatilearened.today/views/github/remittor/zapret-openwrt.svg)](https://github.com/remittor/zapret-openwrt)
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fremittor%2Fzapret-openwrt&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false)](https://github.com/remittor/zapret-openwrt/releases)
[![Donations Page](https://github.com/andry81-cache/gh-content-static-cache/raw/master/common/badges/donate/donate.svg)](https://github.com/remittor/donate) [![Donations Page](https://github.com/andry81-cache/gh-content-static-cache/raw/master/common/badges/donate/donate.svg)](https://github.com/remittor/donate)
# zapret-openwrt # zapret-openwrt
Zapret2 is not a VPN! Zapret2 is an Anti-DPI utility! Zapret is not a VPN! Zapret is an Anti-DPI utility!
[Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki/Installing-zapretopenwrt-package) [Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki)
[Download page](https://github.com/remittor/zapret-openwrt/releases) [Download page](https://github.com/remittor/zapret-openwrt/releases)

8
luci-app-zapret2/Makefile → luci-app-zapret/Makefile
View File

@@ -4,14 +4,14 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-zapret2 PKG_NAME:=luci-app-zapret
PKG_VERSION:=0.9.20260128 PKG_VERSION:=72.20260117
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=MIT PKG_LICENSE:=MIT
PKG_MAINTAINER:=remittor <https://github.com/remittor> PKG_MAINTAINER:=remittor <https://github.com/remittor>
LUCI_TITLE:=LuCI support for zapret2 LUCI_TITLE:=LuCI support for zapret
LUCI_DEPENDS:=+zapret2 LUCI_DEPENDS:=+zapret
LUCI_PKGARCH:=all LUCI_PKGARCH:=all
define Package/$(PKG_NAME)/postinst define Package/$(PKG_NAME)/postinst

72
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/diagnost.js → luci-app-zapret/htdocs/luci-static/resources/view/zapret/diagnost.js
View File

@@ -5,7 +5,7 @@
'require uci'; 'require uci';
'require ui'; 'require ui';
'require view'; 'require view';
'require view.zapret2.tools as tools'; 'require view.zapret.tools as tools';
const btn_style_neutral = 'btn'; const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action'; const btn_style_action = 'btn cbi-button-action';
@@ -23,17 +23,9 @@ return baseclass.extend({
this.logArea.scrollTop = this.logArea.scrollHeight; this.logArea.scrollTop = this.logArea.scrollHeight;
}, },
setBtnMode: function(check1, check2, cancel)
{
this.btn_dpicheck.disabled = check1 ? false : true;
this.btn_sitescheck.disabled = check2 ? false : true;
this.btn_cancel.disabled = cancel ? false : true;
},
dpiCheck: async function() dpiCheck: async function()
{ {
this._action = 'dpiCheck'; this._action = 'dpiCheck';
this.setBtnMode(0, 0, 0);
this.appendLog('DPI check [tcp 16-20]...'); this.appendLog('DPI check [tcp 16-20]...');
this.appendLog('Original sources: https://github.com/hyperion-cs/dpi-checkers'); this.appendLog('Original sources: https://github.com/hyperion-cs/dpi-checkers');
this.appendLog('WEB-version: https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20/'); this.appendLog('WEB-version: https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20/');
@@ -44,53 +36,30 @@ return baseclass.extend({
cmd.push(...[ '-d', dns_ip.trim() ]); cmd.push(...[ '-d', dns_ip.trim() ]);
} }
cmd.push('-R'); // show recommendations cmd.push('-R'); // show recommendations
return tools.execAndRead({ let log = '/tmp/'+tools.appName+'_dwc.log';
cmd: cmd, let callback = this.execAndReadCallback;
log: '/tmp/'+tools.appName+'_dwc.log', let wnd = this;
logArea: this.logArea, return tools.execAndRead({ cmd: cmd, log: log, logArea: this.logArea, callback: callback, cbarg: wnd });
callback: this.execAndReadCallback,
ctx: this,
});
}, },
sitesCheck: async function() execAndReadCallback: function(wnd, rc, txt = '')
{ {
this._action = 'dpiCheck';
this.setBtnMode(0, 0, 0);
this.appendLog('Sites check...');
let cmd = [ fn_dwc_sh ];
let resolve_dns = document.getElementById('cfg_resolve_dns');
let dns_ip = resolve_dns.options[resolve_dns.selectedIndex].text;
if (dns_ip && dns_ip != 'default') {
cmd.push(...[ '-d', dns_ip.trim() ]);
}
cmd.push('-s'); // mode: check sites
return tools.execAndRead({
cmd: cmd,
log: '/tmp/'+tools.appName+'_dwc.log',
logArea: this.logArea,
callback: this.execAndReadCallback,
ctx: this,
});
},
execAndReadCallback: function(rc, txt = '')
{
this.setBtnMode(1, 1, 1);
if (rc == 0 && txt) { if (rc == 0 && txt) {
this.appendLog('========================================================='); if (wnd._action == 'dpiCheck') {
return; wnd.appendLog('=========================================================');
return;
}
} }
if (rc >= 500) { if (rc >= 500) {
if (txt) { if (txt) {
this.appendLog(txt.startsWith('ERROR') ? txt : 'ERROR: ' + txt); wnd.appendLog(txt.startsWith('ERROR') ? txt : 'ERROR: ' + txt);
} else { } else {
this.appendLog('ERROR: ' + this._action + ': Terminated with error code = ' + rc); wnd.appendLog('ERROR: ' + wnd._action + ': Terminated with error code = ' + rc);
} }
} else { } else {
this.appendLog('ERROR: Process finished with retcode = ' + rc); wnd.appendLog('ERROR: Process finished with retcode = ' + rc);
} }
this.appendLog('========================================================='); wnd.appendLog('=========================================================');
}, },
openDiagnostDialog: function(pkg_arch) openDiagnostDialog: function(pkg_arch)
@@ -142,15 +111,8 @@ return baseclass.extend({
'id': 'btn_dpicheck', 'id': 'btn_dpicheck',
'name': 'btn_dpicheck', 'name': 'btn_dpicheck',
'class': btn_style_action, 'class': btn_style_action,
}, _('DPI check')); }, _('DPI check [tcp 16-20]'));
this.btn_dpicheck.onclick = ui.createHandlerFn(this, this.dpiCheck); this.btn_dpicheck.onclick = ui.createHandlerFn(this, () => { this.dpiCheck() });
this.btn_sitescheck = E('button', {
'id': 'btn_sitescheck',
'name': 'btn_sitescheck',
'class': btn_style_action,
}, _('Sites check'));
this.btn_sitescheck.onclick = ui.createHandlerFn(this, this.sitesCheck);
ui.showModal(_('Diagnostics'), [ ui.showModal(_('Diagnostics'), [
E('div', { 'class': 'cbi-section' }, [ E('div', { 'class': 'cbi-section' }, [
@@ -159,8 +121,6 @@ return baseclass.extend({
this.logArea, this.logArea,
]), ]),
E('div', { 'class': 'right' }, [ E('div', { 'class': 'right' }, [
this.btn_sitescheck,
' ',
this.btn_dpicheck, this.btn_dpicheck,
' ', ' ',
this.btn_cancel, this.btn_cancel,

56
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/dmnlog.js → luci-app-zapret/htdocs/luci-static/resources/view/zapret/dmnlog.js
View File

@@ -5,20 +5,18 @@
'require poll'; 'require poll';
'require uci'; 'require uci';
'require ui'; 'require ui';
'require view.zapret2.tools as tools'; 'require view.zapret.tools as tools';
return view.extend({ return view.extend({
POLL: new tools.POLLER( { } ), retrieveLog: async function() {
return Promise.all([
retrieveLog: async function() L.resolveDefault(fs.stat('/bin/cat'), null),
{ fs.exec('/usr/bin/find', [ '/tmp', '-maxdepth', '1', '-type', 'f', '-name', tools.appName+'+*.log' ]),
return tools.promiseAllDict({ uci.load(tools.appName),
filereader : L.resolveDefault(fs.stat('/bin/cat'), null), ]).then(function(status_array) {
log_data : fs.exec('/usr/bin/find', [ '/tmp', '-maxdepth', '1', '-type', 'f', '-name', tools.appName+'+*.log' ]), var filereader = status_array[0] ? status_array[0].path : null;
}).then( (data) => { var log_data = status_array[1]; // stdout: multiline text
var filereader = data.filereader ? data.filereader.path : null; if (log_data.code != 0) {
var log_data = data.log_data; // stdout: multiline text
if (log_data?.code === undefined || log_data.code != 0) {
ui.addNotification(null, E('p', _('Unable to get log files') + '(code = ' + log_data.code + ') : retrieveLog()')); ui.addNotification(null, E('p', _('Unable to get log files') + '(code = ' + log_data.code + ') : retrieveLog()'));
return null; return null;
} }
@@ -70,20 +68,17 @@ return view.extend({
))); )));
return null; return null;
}); });
}).catch( (e) => { }).catch(function(e) {
const [, lineno, colno] = e.stack.match(/(\d+):(\d+)/); const [, lineno, colno] = e.stack.match(/(\d+):(\d+)/);
ui.addNotification(null, E('p', _('Unable to execute or read contents') ui.addNotification(null, E('p', _('Unable to execute or read contents')
+ ': %s [ lineno: %s | %s | %s | %s ]'.format( + ': %s [ lineno: %s | %s | %s | %s ]'.format(
e.message, lineno, 'retrieveLog', 'uci.'+tools.appName e.message, lineno, 'retrieveLog', 'uci.'+tools.appName
))); )));
return null; return null;
}).finally( () => {
this.POLL.running = false;
}); });
}, },
pollLog: async function() pollLog: async function() {
{
let logdate_len = -2; let logdate_len = -2;
let logdata; let logdata;
for (let txt_id = 0; txt_id < 10; txt_id++) { for (let txt_id = 0; txt_id < 10; txt_id++) {
@@ -116,28 +111,26 @@ return view.extend({
} }
}, },
load: function() load: async function() {
{ poll.add(this.pollLog.bind(this));
return tools.baseLoad(this, (data) => { return await this.retrieveLog();
tools.load_feat_env();
this.svc_info = data.svc_info;
return this.retrieveLog();
});
}, },
render: function(logdata) render: function(logdata) {
{ if (!logdata) {
return;
}
if (typeof(logdata) === 'string') { if (typeof(logdata) === 'string') {
return E('div', {}, [ return E('div', {}, [
E('p', {'class': 'cbi-title-field'}, [ logdata ]), E('p', {'class': 'cbi-title-field'}, [ logdata ]),
]); ]);
} }
if (!logdata || !Array.isArray(logdata)) { if (!Array.isArray(logdata)) {
ui.addNotification(null, E('p', _('Unable to get log files') + ' : render()')); ui.addNotification(null, E('p', _('Unable to get log files') + ' : render()'));
return; return;
} }
var h2 = E('div', {'class' : 'cbi-title-section'}, [ var h2 = E('div', {'class' : 'cbi-title-section'}, [
E('h2', {'class': 'cbi-title-field'}, [ ]), E('h2', {'class': 'cbi-title-field'}, [ tools.AppName + ' - ' + _('Log Viewer') ]),
]); ]);
var tabs = E('div', {}, E('div')); var tabs = E('div', {}, E('div'));
@@ -200,11 +193,8 @@ return view.extend({
tabs.firstElementChild.appendChild(tab); tabs.firstElementChild.appendChild(tab);
} }
ui.tabs.initTabGroup(tabs.firstElementChild.childNodes); ui.tabs.initTabGroup(tabs.firstElementChild.childNodes);
//this.pollFn = L.bind(this.handleScanRefresh, this);
this.POLL.mode = 1; //poll.add(this.pollFn);
this.POLL.init( this.pollLog.bind(this), 1000 ); // interval 1000 ms
this.POLL.start();
return E('div', { }, [ h2, tabs ]); return E('div', { }, [ h2, tabs ]);
}, },

53
luci-app-zapret/htdocs/luci-static/resources/view/zapret/env.js Normal file
View File

@@ -0,0 +1,53 @@
'use strict';
'require baseclass';
return baseclass.extend({
packager : { },
appName : 'zapret',
AppName : 'Zapret',
execPath : '/etc/init.d/zapret',
appDir : '/opt/zapret',
syncCfgPath : '/opt/zapret/sync_config.sh',
defCfgPath : '/opt/zapret/def-cfg.sh',
defaultCfgPath : '/opt/zapret/restore-def-cfg.sh',
hostsGoogleFN : '/opt/zapret/ipset/zapret-hosts-google.txt',
hostsUserFN : '/opt/zapret/ipset/zapret-hosts-user.txt',
hostsUserExcludeFN: '/opt/zapret/ipset/zapret-hosts-user-exclude.txt',
iplstExcludeFN : '/opt/zapret/ipset/zapret-ip-exclude.txt',
iplstUserFN : '/opt/zapret/ipset/zapret-ip-user.txt',
iplstUserExcludeFN: '/opt/zapret/ipset/zapret-ip-user-exclude.txt',
custFileMax : 4,
custFileTemplate : '/opt/zapret/ipset/cust%s.txt',
customdPrefixList : [ 10, 20, 50, 60, 90 ] ,
customdFileFormat : '/opt/zapret/init.d/openwrt/custom.d/%s-script.sh',
discord_num : 50,
discord_url : [ 'https://github.com/bol-van/zapret/blob/4e8e3a9ed9dbeb1156db68dfaa7b353051c13797/init.d/custom.d.examples.linux/50-discord',
'https://github.com/bol-van/zapret/blob/b251ea839cc8f04c45090314ef69fce69f2c00f2/init.d/custom.d.examples.linux/50-discord-media',
'https://github.com/bol-van/zapret/blob/b251ea839cc8f04c45090314ef69fce69f2c00f2/init.d/custom.d.examples.linux/50-stun4all',
'https://github.com/bol-van/zapret/tree/master/init.d/custom.d.examples.linux'
],
nfqws_opt_url : 'https://github.com/remittor/zapret-openwrt/discussions/168',
autoHostListFN : '/opt/zapret/ipset/zapret-hosts-auto.txt',
autoHostListDbgFN : '/opt/zapret/ipset/zapret-hosts-auto-debug.log',
load_env: function(dst_obj) {
let env_proto = Object.getPrototypeOf(this);
Object.getOwnPropertyNames(env_proto).forEach(function(key) {
if (key === 'constructor' || key === 'load_env' || key.startsWith('__'))
return;
dst_obj[key] = env_proto[key];
});
dst_obj.packager = { };
if (L.hasSystemFeature('apk')) {
dst_obj.packager.name = 'apk';
dst_obj.packager.path = '/usr/bin/apk';
dst_obj.packager.args = [ 'list', '-I', '*'+this.appName+'*' ];
} else {
dst_obj.packager.name = 'opkg';
dst_obj.packager.path = '/bin/opkg';
dst_obj.packager.args = [ 'list-installed', '*'+this.appName+'*' ];
}
}
});

245
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/service.js → luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js
View File

@@ -4,9 +4,9 @@
'require uci'; 'require uci';
'require ui'; 'require ui';
'require view'; 'require view';
'require view.zapret2.tools as tools'; 'require view.zapret.tools as tools';
'require view.zapret2.diagnost as diagnost'; 'require view.zapret.diagnost as diagnost';
'require view.zapret2.updater as updater'; 'require view.zapret.updater as updater';
const btn_style_neutral = 'btn'; const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action'; const btn_style_action = 'btn cbi-button-action';
@@ -16,8 +16,6 @@ const btn_style_warning = 'btn cbi-button-negative';
const btn_style_success = 'btn cbi-button-success important'; const btn_style_success = 'btn cbi-button-success important';
return view.extend({ return view.extend({
POLL: new tools.POLLER( { } ),
get_svc_buttons: function(elems = { }) { get_svc_buttons: function(elems = { }) {
return { return {
"enable" : elems.btn_enable || document.getElementById('btn_enable'), "enable" : elems.btn_enable || document.getElementById('btn_enable'),
@@ -46,18 +44,17 @@ return view.extend({
btn.update.disabled = (error_code == 0) ? flag : false; btn.update.disabled = (error_code == 0) ? flag : false;
}, },
getAppStatus: function() getAppStatus: function() {
{ return Promise.all([
return tools.promiseAllDict({ tools.getInitState(tools.appName), // svc_boot
svc_boot : tools.getInitState(tools.appName), fs.exec(tools.execPath, [ 'enabled' ]), // svc_en
svc_en : fs.exec(tools.execPath, [ 'enabled' ]), tools.getSvcInfo(), // svc_info
svc_info : tools.getSvcInfo(), fs.exec('/bin/busybox', [ 'ps' ]), // process list
proc_list : fs.exec('/bin/busybox', [ 'ps' ]), fs.exec(tools.packager.path, tools.packager.args), // installed packages
pkg_dict : tools.getPackageDict(), tools.getStratList(), // nfqws strategy list
strat_list : tools.getStratList(), fs.exec('/bin/cat', [ '/etc/openwrt_release' ]), // CPU arch
sys_info : fs.exec('/bin/cat', [ '/etc/openwrt_release' ]), uci.load(tools.appName), // config
uci_data : uci.load(tools.appName), ]).catch(e => {
}).catch(e => {
ui.addNotification(null, E('p', _('Unable to execute or read contents') ui.addNotification(null, E('p', _('Unable to execute or read contents')
+ ': %s [ %s | %s | %s ]'.format( + ': %s [ %s | %s | %s ]'.format(
e.message, tools.execPath, 'tools.getInitState', 'uci.'+tools.appName e.message, tools.execPath, 'tools.getInitState', 'uci.'+tools.appName
@@ -65,35 +62,41 @@ return view.extend({
}); });
}, },
setAppStatus: function(data, elems = { }, force_app_status = 0) setAppStatus: function(status_array, elems = { }, force_app_status = 0) {
{
tools.execDefferedAction();
let cfg = uci.get(tools.appName, 'config'); let cfg = uci.get(tools.appName, 'config');
if (!data || cfg == null || typeof(cfg) !== 'object') { if (!status_array || cfg == null || typeof(cfg) !== 'object') {
let elem_status = elems.status || document.getElementById("status"); let elem_status = elems.status || document.getElementById("status");
elem_status.innerHTML = tools.makeStatusString(null, '', ''); elem_status.innerHTML = tools.makeStatusString(null, '', '');
ui.addNotification(null, E('p', _('Unable to read the contents') + ': setAppStatus()')); ui.addNotification(null, E('p', _('Unable to read the contents') + ': setAppStatus()'));
this.disableButtons(true, -1, elems); this.disableButtons(true, -1, elems);
return; return;
} }
let svc_boot = data.svc_boot ? true : false; let svc_boot = status_array[0] ? true : false;
this.nfqws_strat_list = data.strat_list; let svc_en = status_array[1]; // stdout: empty or error text
this.pkg_arch = tools.getConfigPar(data.sys_info.stdout, 'DISTRIB_ARCH', 'unknown'); let svc_info = status_array[2]; // stdout: JSON as text
//console.log('svc_en: ' + data.svc_en.code + ' poll.running = ' + this.POLL.running); let proc_list = status_array[3]; // stdout: multiline text
let svc_en = (data.svc_en.code == 0) ? true : false; let pkg_list = status_array[4]; // stdout: installed packages
let stratlist = status_array[5]; // array of strat names
let sys_info = status_array[6]; // stdout: openwrt distrib info
if (typeof(data.svc_info) !== 'object') { this.nfqws_strat_list = stratlist;
this.pkg_arch = tools.getConfigPar(sys_info.stdout, 'DISTRIB_ARCH', 'unknown');
//console.log('svc_en: ' + svc_en.code);
svc_en = (svc_en.code == 0) ? true : false;
if (typeof(svc_info) !== 'object') {
ui.addNotification(null, E('p', _('Unable to read the service info') + ': setAppStatus()')); ui.addNotification(null, E('p', _('Unable to read the service info') + ': setAppStatus()'));
this.disableButtons(true, -1, elems); this.disableButtons(true, -1, elems);
return; return;
} }
if (data.proc_list.code != 0) { if (proc_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to read process list') + ': setAppStatus()')); ui.addNotification(null, E('p', _('Unable to read process list') + ': setAppStatus()'));
this.disableButtons(true, -1, elems); this.disableButtons(true, -1, elems);
return; return;
} }
if (!data.pkg_dict) { if (pkg_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': getPackageDict()')); ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
this.disableButtons(true, -1, elems); this.disableButtons(true, -1, elems);
return; return;
} }
@@ -101,7 +104,7 @@ return view.extend({
if (force_app_status) { if (force_app_status) {
svcinfo = force_app_status; svcinfo = force_app_status;
} else { } else {
svcinfo = tools.decode_svc_info(svc_en, data.svc_info, data.proc_list, cfg); svcinfo = tools.decode_svc_info(svc_en, svc_info, proc_list, cfg);
} }
let btn = this.get_svc_buttons(elems); let btn = this.get_svc_buttons(elems);
btn.reset.disabled = false; btn.reset.disabled = false;
@@ -126,66 +129,104 @@ return view.extend({
} }
let elem_status = elems.status || document.getElementById("status"); let elem_status = elems.status || document.getElementById("status");
elem_status.innerHTML = tools.makeStatusString(svcinfo, this.pkg_arch, ''); elem_status.innerHTML = tools.makeStatusString(svcinfo, this.pkg_arch, '');
this.POLL.running = false;
if (!poll.active()) {
poll.start();
}
}, },
serviceActionEx: async function(action, button, args = [ ], hide_modal = false) serviceAction: function(action, button) {
{ if (button) {
let btn = document.getElementById(button); let elem = document.getElementById(button);
if (btn?.create_args) { this.disableButtons(true, elem);
args = btn.create_args();
console.log('serviceActionEx: btn.args = '+JSON.stringify(args));
} }
if (action == 'reset') { poll.stop();
hide_modal = true;
} let _this = this;
await this.POLL.stopAndWait();
this.disableButtons(true, btn); return tools.handleServiceAction(tools.appName, action)
//console.log('serviceActionEx: poll.running = '+this.POLL.running); .then(() => {
try { return _this.getAppStatus().then(
if (action == 'start' || action == 'restart') { (status_array) => {
let apply_exec = tools.checkUnsavedChanges(); _this.setAppStatus(status_array);
if (apply_exec) {
ui.changes.apply(true); // apply_rollback
await new Promise(resolve => setTimeout(resolve, 1000));
tools.setDefferedAction(action, null, true);
return;
} }
);
})
.catch(e => {
ui.addNotification(null, E('p', _('Unable to run service action.') + ' Error: ' + e.message));
});
},
serviceActionEx: function(action, button, args = [ ], hide_modal = false) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
poll.stop();
let _this = this;
let exec_cmd = null;
let exec_arg = [ ];
let errmsg = 'ERROR:';
if (action == 'start' || action == 'restart') {
exec_cmd = tools.syncCfgPath;
errmsg = _('Unable to run sync_config.sh script.');
}
else if (action == 'reset') {
exec_cmd = tools.defaultCfgPath;
exec_arg = args; // (reset_ipset)(sync) ==> restore all configs + sync config
errmsg = _('Unable to run restore-def-cfg.sh script.');
action = null;
} else {
ui.addNotification(null, E('p', 'ERROR: unknown action'));
return null;
}
return fs.exec(exec_cmd, exec_arg)
.then(function(res) {
if (res.code != 0) {
ui.addNotification(null, E('p', errmsg + ' res.code = ' + res.code));
action = null; // return with error
} }
await tools.serviceActionEx(action, args, false);
if (hide_modal) { if (hide_modal) {
ui.hideModal(); ui.hideModal();
} }
} catch(e) { if (!action) {
//ui.addNotification(null, E('p', 'Error: ' + e.message)); return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
}
);
}
return _this.serviceAction(action, null);
})
.catch(e => {
ui.addNotification(null, E('p', errmsg + ' Error: ' + e.message));
});
},
appAction: function(action, button) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
} }
}, poll.stop();
return fs.exec_direct(tools.execPath, [ action ]).then(res => {
serviceActionExCallback: function(btn, result, error) return this.getAppStatus().then(
{ (status_array) => {
//console.log('serviceActionExCallback: poll.active = '+this.POLL.active); this.setAppStatus(status_array);
this.POLL.start(150); ui.hideModal();
}
);
});
}, },
createServiceHandlerFn: function(action, btn_name) statusPoll: function() {
{
let opt = { keepDisabled: true, callback: this.serviceActionExCallback };
return tools.createHandlerFnEx(this, 'serviceActionEx', opt, action, btn_name);
},
statusPoll: function()
{
this.getAppStatus().then( this.getAppStatus().then(
L.bind(this.setAppStatus, this) L.bind(this.setAppStatus, this)
); );
}, },
dialogResetCfg: function(ev) dialogResetCfg: function(ev) {
{
if (tools.checkUnsavedChanges()) {
ui.addNotification(null, E('p', _('You have unapplied changes')));
return;
}
ev.target.blur(); ev.target.blur();
let reset_base = E('label', [ let reset_base = E('label', [
@@ -231,11 +272,10 @@ return view.extend({
}, _('Cancel')); }, _('Cancel'));
let resetcfg_btn = E('button', { let resetcfg_btn = E('button', {
'id': 'resetcfg_btn',
'name': 'resetcfg_btn',
'class': btn_style_action, 'class': btn_style_action,
}, _('Reset settings')); }, _('Reset settings'));
resetcfg_btn.create_args = () => { resetcfg_btn.onclick = ui.createHandlerFn(this, () => {
//cancel_button.disabled = true;
let opt_flags = ''; let opt_flags = '';
if (document.getElementById('cfg_reset_base').checked == false) { if (document.getElementById('cfg_reset_base').checked == false) {
opt_flags += '(skip_base)'; opt_flags += '(skip_base)';
@@ -252,15 +292,17 @@ return view.extend({
if (document.getElementById('cfg_enable_custom_d').checked) { if (document.getElementById('cfg_enable_custom_d').checked) {
opt_flags += '(enable_custom_d)'; opt_flags += '(enable_custom_d)';
}; };
//console.log('RESET: opt_flags = ' + opt_flags);
let sel_strat = document.getElementById('cfg_nfqws_strat'); let sel_strat = document.getElementById('cfg_nfqws_strat');
let opt_strat = sel_strat.options[sel_strat.selectedIndex].text; let opt_strat = sel_strat.options[sel_strat.selectedIndex].text;
//console.log('RESET: strat = ' + opt_strat);
if (opt_strat == 'not change') { if (opt_strat == 'not change') {
opt_strat = '-'; opt_strat = '-';
} }
opt_flags += '(sync)'; opt_flags += '(sync)';
return [ opt_flags, opt_strat ]; let args = [ opt_flags, opt_strat ];
}; return this.serviceActionEx('reset', resetcfg_btn, args, true);
resetcfg_btn.onclick = this.createServiceHandlerFn('reset', 'resetcfg_btn'); });
ui.showModal(_('Reset settings to default'), [ ui.showModal(_('Reset settings to default'), [
E('div', { 'class': 'cbi-section' }, [ E('div', { 'class': 'cbi-section' }, [
@@ -285,25 +327,24 @@ return view.extend({
]); ]);
}, },
load: function() load: function() {
{ var _this = this;
return tools.baseLoad(this, (data) => { return Promise.all([
//console.log('SYS FEATURES: '+JSON.stringify(data.sys_feat)); L.resolveDefault(fs.stat('/bin/cat'), null),
tools.load_feat_env(); ]).then(function(data) {
return this.getAppStatus(); return _this.getAppStatus();
}); });
}, },
render: function(data) render: function(status_array) {
{ if (!status_array) {
if (!data) {
return; return;
} }
let cfg = uci.get(tools.appName, 'config'); let cfg = uci.get(tools.appName, 'config');
let pkgdict = data.pkg_dict; let pkg_list = status_array[4];
if (pkgdict == null) { if (pkg_list === undefined || typeof(pkg_list) !== 'object' || pkg_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': render()')); ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
return; return;
} }
@@ -349,17 +390,17 @@ return view.extend({
}; };
let btn_enable = create_btn('btn_enable', btn_style_success, _('Enable')); let btn_enable = create_btn('btn_enable', btn_style_success, _('Enable'));
btn_enable.onclick = this.createServiceHandlerFn('enable', 'btn_enable'); btn_enable.onclick = ui.createHandlerFn(this, this.serviceAction, 'enable', 'btn_enable');
let btn_disable = create_btn('btn_disable', btn_style_warning, _('Disable')); let btn_disable = create_btn('btn_disable', btn_style_warning, _('Disable'));
btn_disable.onclick = this.createServiceHandlerFn('disable', 'btn_disable'); btn_disable.onclick = ui.createHandlerFn(this, this.serviceAction, 'disable', 'btn_disable');
layout_append(_('Service autorun control'), null, [ btn_enable, btn_disable ] ); layout_append(_('Service autorun control'), null, [ btn_enable, btn_disable ] );
let btn_start = create_btn('btn_start', btn_style_action, _('Start')); let btn_start = create_btn('btn_start', btn_style_action, _('Start'));
btn_start.onclick = this.createServiceHandlerFn('start', 'btn_start'); btn_start.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'start', 'btn_start');
let btn_restart = create_btn('btn_restart', btn_style_action, _('Restart')); let btn_restart = create_btn('btn_restart', btn_style_action, _('Restart'));
btn_restart.onclick = this.createServiceHandlerFn('restart', 'btn_restart'); btn_restart.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'restart', 'btn_restart');
let btn_stop = create_btn('btn_stop', btn_style_warning, _('Stop')); let btn_stop = create_btn('btn_stop', btn_style_warning, _('Stop'));
btn_stop.onclick = this.createServiceHandlerFn('stop', 'btn_stop'); btn_stop.onclick = ui.createHandlerFn(this, this.serviceAction, 'stop', 'btn_stop');
layout_append(_('Service daemons control'), null, [ btn_start, btn_restart, btn_stop ] ); layout_append(_('Service daemons control'), null, [ btn_start, btn_restart, btn_stop ] );
let btn_reset = create_btn('btn_reset', btn_style_action, _('Reset settings')); let btn_reset = create_btn('btn_reset', btn_style_action, _('Reset settings'));
@@ -385,19 +426,17 @@ return view.extend({
"btn_diag": btn_diag, "btn_diag": btn_diag,
"btn_update": btn_update, "btn_update": btn_update,
}; };
this.setAppStatus(data, elems); this.setAppStatus(status_array, elems);
this.POLL.mode = 1; poll.add(L.bind(this.statusPoll, this));
this.POLL.init( L.bind(this.statusPoll, this), 2000 ); // interval 2 sec
this.POLL.start(500); // first step after 500 ms
let page_title = tools.AppName; let page_title = tools.AppName;
let pkgdict = tools.decode_pkg_list(pkg_list.stdout, false);
page_title += ' &nbsp '; page_title += ' &nbsp ';
if (pkgdict[tools.appName] === undefined || pkgdict[tools.appName] == '') { if (pkgdict[tools.appName] === undefined || pkgdict[tools.appName] == '') {
page_title += 'unknown version'; page_title += 'unknown version';
} else { } else {
page_title += 'v' + pkgdict[tools.appName]; page_title += 'v' + pkgdict[tools.appName];
page_title = page_title.replace(/-r1$/, '');
} }
let aux1 = E('em'); let aux1 = E('em');
let aux2 = E('em'); let aux2 = E('em');

98
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/settings.js → luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js
View File

@@ -5,32 +5,51 @@
'require uci'; 'require uci';
'require ui'; 'require ui';
'require view'; 'require view';
'require view.zapret2.tools as tools'; 'require view.zapret.tools as tools';
document.head.appendChild(E('link', { document.head.appendChild(E('link', {
rel: 'stylesheet', rel: 'stylesheet',
href: L.resource('view/zapret2/styles.css') href: L.resource('view/zapret/styles.css')
})); }));
return view.extend({ return view.extend({
svc_info: null, parsers: { },
load: function() appStatusCode: null,
{
return tools.baseLoad(this, (data) => { depends: function(elem, key, array, empty=true) {
//console.log('SYS FEATURES: '+JSON.stringify(data.sys_feat)); if (empty && array.length === 0) {
tools.load_feat_env(); elem.depends(key, '_dummy');
return data; } else {
array.forEach(e => elem.depends(key, e));
}
},
validateIpPort: function(section, value) {
return (/^$|^([0-9]{1,3}\.){3}[0-9]{1,3}(#[\d]{2,5})?$/.test(value)) ? true : _('Expecting:')
+ ` ${_('One of the following:')}\n - ${_('valid IP address')}\n - ${_('valid address#port')}\n`;
},
validateUrl: function(section, value) {
return (/^$|^https?:\/\/[\w.-]+(:[0-9]{2,5})?[\w\/~.&?+=-]*$/.test(value)) ? true : _('Expecting:')
+ ` ${_('valid URL')}\n`;
},
load: function() {
return Promise.all([
{ code: -1}, // L.resolveDefault(fs.exec(tools.execPath, [ 'raw-status' ]), 1),
null, // L.resolveDefault(fs.list(tools.parsersDir), null),
uci.load(tools.appName),
]).catch(e => {
ui.addNotification(null, E('p', _('Unable to read the contents') + ': %s '.format(e.message) ));
}); });
}, },
render: function(data) render: function(data) {
{
if (!data) { if (!data) {
return; return;
} }
this.svc_info = data.svc_info; this.appStatusCode = data[0].code;
tools.execDefferedAction(this.svc_info);
let m, s, o, tabname; let m, s, o, tabname;
@@ -90,43 +109,6 @@ return view.extend({
o.rmempty = false; o.rmempty = false;
o.default = 0; o.default = 0;
let current_size = uci.get(tools.appName, 'config', 'DAEMON_LOG_SIZE_MAX') || '0';
let has_valid_value = false;
let size_list = [ 500, 1000, 1500, 2000, 2500, 3000, 4000, 5000, 7000 ];
if (current_size && current_size != '0') {
try {
current_size = parseInt(current_size, 10);
if (!isNaN(current_size) && current_size > 0) {
has_valid_value = true;
if (!size_list.includes(current_size)) {
size_list.push(current_size);
size_list.sort((a, b) => a - b);
}
}
} catch(e) {
has_valid_value = false;
}
}
o = s.taboption(tabname, form.ListValue, 'DAEMON_LOG_SIZE_MAX', _('DAEMON_LOG_SIZE_MAX'));
o.rmempty = false;
if (!has_valid_value) {
o.value('', '');
o.default = '';
}
for (let idx = 0; idx < size_list.length; idx++) {
let fsize = size_list[idx];
o.value('' + fsize, fsize + ' KB');
if (has_valid_value && fsize === current_size) {
o.default = '' + fsize;
}
}
o.validate = function(section_id, value) {
if (!value || value === '') {
return _('Please select maximum log size');
}
return true;
};
/* NFQWS_OPT_DESYNC tab */ /* NFQWS_OPT_DESYNC tab */
tabname = 'nfqws_params'; tabname = 'nfqws_params';
@@ -498,18 +480,12 @@ return view.extend({
return map_promise; return map_promise;
}, },
handleSaveApply: function(ev, mode) handleSaveApply: function(ev, mode) {
{
return this.handleSave(ev).then(() => { return this.handleSave(ev).then(() => {
let apply_exec = tools.checkUnsavedChanges(); ui.changes.apply(mode == '0');
if (apply_exec) { //if (this.appStatusCode != 1 && this.appStatusCode != 2) {
ui.changes.apply(mode == '0'); // window.setTimeout(() => fs.exec(tools.execPath, [ 'restart' ]), 3000);
tools.setDefferedAction('restart', this.svc_info); //}
} else {
if (this.svc_info?.dmn.inited) {
tools.serviceActionEx('restart');
}
}
}); });
}, },
}); });

2
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/styles.css → luci-app-zapret/htdocs/luci-static/resources/view/zapret/styles.css
View File

@@ -3,6 +3,4 @@ textarea, .cbi-value textarea
white-space: pre; white-space: pre;
overflow-x: auto; overflow-x: auto;
font-family: monospace; font-family: monospace;
pointer-events: auto !important;
user-select: text !important;
} }

437
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/tools.js → luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js
View File

@@ -4,7 +4,7 @@
'require rpc'; 'require rpc';
'require ui'; 'require ui';
'require uci'; 'require uci';
'require view.zapret2.env as env_tools'; 'require view.zapret.env as env_tools';
document.head.append(E('style', {'type': 'text/css'}, document.head.append(E('style', {'type': 'text/css'},
` `
@@ -40,12 +40,7 @@ return baseclass.extend({
env_tools.load_env(this); env_tools.load_env(this);
//console.log('appName: ' + this.appName); //console.log('appName: ' + this.appName);
//console.log('PACKAGER: ' + this.packager.name); //console.log('PACKAGER: ' + this.packager.name);
}, },
load_feat_env: function()
{
env_tools.load_feat_env(this);
},
infoLabelRunning : '<span class="label-status running">' + _('Running') + '</span>', infoLabelRunning : '<span class="label-status running">' + _('Running') + '</span>',
infoLabelStarting : '<span class="label-status starting">' + _('Starting') + '</span>', infoLabelStarting : '<span class="label-status starting">' + _('Starting') + '</span>',
@@ -106,29 +101,6 @@ return baseclass.extend({
}); });
}, },
getPackageDict: function()
{
let exec_cmd = this.packager.path;
let exec_arg = this.packager.args;
return fs.exec(exec_cmd, exec_arg).then(res => {
let pdict_json = localStorage.getItem(this.skey_pkg_dict);
if (res.code != 0) {
console.log(this.appName + ': Unable to enumerate installed packages. code = ' + res.code);
if (pdict_json != null) {
return JSON.parse(pdict_json); // return cached value
}
return null;
}
let pdict = this.decode_pkg_list(res.stdout);
if (pdict != pdict_json) {
localStorage.setItem(this.skey_pkg_dict, JSON.stringify(pdict)); // renew cache
}
return pdict;
}).catch(e => {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages.') + ' Error: %s'.format(e)));
});
},
getStratList: function() { getStratList: function() {
let exec_cmd = '/bin/busybox'; let exec_cmd = '/bin/busybox';
let exec_arg = [ 'awk', '-F', '"', '/if \\[ "\\$strat" = "/ {print $4}', this.defCfgPath ]; let exec_arg = [ 'awk', '-F', '"', '/if \\[ "\\$strat" = "/ {print $4}', this.defCfgPath ];
@@ -142,9 +114,7 @@ return baseclass.extend({
}); });
}, },
handleServiceAction: function(name, action, throwed = false) handleServiceAction: function(name, action) {
{
console.log('handleServiceAction: '+name+' '+action);
return this.callInitAction(name, action).then(success => { return this.callInitAction(name, action).then(success => {
if (!success) { if (!success) {
throw _('Command failed'); throw _('Command failed');
@@ -152,139 +122,9 @@ return baseclass.extend({
return true; return true;
}).catch(e => { }).catch(e => {
ui.addNotification(null, E('p', _('Service action failed "%s %s": %s').format(name, action, e))); ui.addNotification(null, E('p', _('Service action failed "%s %s": %s').format(name, action, e)));
if (throwed) {
throw e;
}
}); });
}, },
serviceActionEx: async function(action, args = [ ], throwed = false)
{
let errmsg = null;
try {
let exec_cmd = null;
let exec_arg = [ ];
if (action == 'start' || action == 'restart') {
exec_cmd = this.syncCfgPath;
errmsg = _('Unable to run sync_config.sh script.');
}
if (action == 'reset') {
exec_cmd = this.defaultCfgPath;
exec_arg = args; // (reset_ipset)(sync) ==> restore all configs + sync config
errmsg = _('Unable to run restore-def-cfg.sh script.');
action = null;
}
if (exec_cmd) {
let res = await fs.exec(exec_cmd, exec_arg);
if (res.code != 0) {
throw Error('res.code = ' + res.code);
}
}
errmsg = null;
if (action) {
await this.handleServiceAction(this.appName, action, throwed);
}
} catch(e) {
if (throwed) {
throw e;
} else {
let msg = errmsg ? errmsg : _('Unable to run service action') + ' "' + action + '".';
ui.addNotification(null, E('p', msg + ' Error: ' + e.message));
}
}
},
promiseAllDict: function(promisesDict)
{
const keys = Object.keys(promisesDict);
const promises = keys.map(key => promisesDict[key]);
return Promise.all(promises)
.then(results => {
const resultDict = { };
keys.forEach((key, index) => {
resultDict[key] = results[index];
});
return resultDict;
});
},
baseLoad: function(ctx, callback)
{
return Promise.all([
L.probeSystemFeatures(),
this.getSvcInfo(), // svc_info
uci.load(this.appName),
])
.then( ([ sys_feat, svcInfo, uci_data ]) => {
let svc_info = this.decodeSvcInfo(svcInfo);
let ret = { sys_feat, svc_info, uci_data };
if (typeof(callback) === 'function') {
const res = callback.call(ctx, ret);
if (res && typeof(res.then) === 'function') {
return res.then(() => res);
}
return ret;
}
return ret;
})
.catch(e => {
ui.addNotification(null, E('p', _('Unable to read the contents') + ' (baseLoad): %s '.format(e.message) ));
return null;
});
},
decodeSvcInfo: function(svc_info, svc_autorun = true, proc_list = [ ])
{
if (svc_info?.autorun !== undefined && svc_info?.dmn !== undefined) {
return svc_info;
}
if (svc_info != null && typeof(svc_info) == 'object') {
return this.decode_svc_info(svc_autorun, svc_info, proc_list);
}
return null;
},
setDefferedAction: function(action, svcInfo = null, forced = false)
{
let svc_info = this.decodeSvcInfo(svcInfo);
if (action == 'start' && svc_info?.dmn.inited) {
action = 'restart';
}
if (action == 'start') {
if (!forced && svc_info?.dmn.inited) {
action = null;
}
}
if (action == 'restart') {
if (!forced && !svc_info?.dmn.inited) {
action = null;
}
}
if (action && localStorage.getItem(this.skey_deffered_action) == null) {
localStorage.setItem(this.skey_deffered_action, action);
console.log('setDefferedAction: '+this.skey_deffered_action+' = '+action);
}
},
execDefferedAction: function(svcInfo = null)
{
let svc_info = this.decodeSvcInfo(svcInfo);
//console.log('execDefferedAction: svc_info = '+JSON.stringify(svc_info));
let action = localStorage.getItem(this.skey_deffered_action);
if (action) {
localStorage.removeItem(this.skey_deffered_action);
console.log('execDefferedAction: '+action);
this.serviceActionEx(action);
}
},
checkUnsavedChanges: function()
{
if (!ui.changes) return false;
if (!ui.changes.changes) return false;
return ui.changes.changes[this.appName] ? true : false;
},
normalizeValue: function(v) { normalizeValue: function(v) {
return (v && typeof(v) === 'string') ? v.trim().replace(/\r?\n/g, '') : v; return (v && typeof(v) === 'string') ? v.trim().replace(/\r?\n/g, '') : v;
}, },
@@ -301,7 +141,7 @@ return baseclass.extend({
return m ? m[2] : defval; return m ? m[2] : defval;
}, },
decode_pkg_list: function(pkg_list) { decode_pkg_list: function(pkg_list, with_suffix_r1 = true) {
let pkg_dict = { }; let pkg_dict = { };
if (!pkg_list) { if (!pkg_list) {
return pkg_dict; return pkg_dict;
@@ -340,7 +180,11 @@ return baseclass.extend({
} }
} }
if (rev >= 0) { if (rev >= 0) {
ver += '-r' + rev; if (rev == 1 && !with_suffix_r1) {
// nothing
} else {
ver += '-r' + rev;
}
} }
pkg_dict[name] = ver; pkg_dict[name] = ver;
} }
@@ -364,8 +208,7 @@ return baseclass.extend({
return plist; return plist;
}, },
decode_svc_info: function(svc_autorun, svc_info, proc_list, cfg = null) decode_svc_info: function(svc_autorun, svc_info, proc_list, cfg) {
{
let result = { let result = {
"autorun": svc_autorun, "autorun": svc_autorun,
"dmn": { "dmn": {
@@ -376,18 +219,13 @@ return baseclass.extend({
}, },
"status": this.statusDict.error, "status": this.statusDict.error,
}; };
let plist = proc_list; if (proc_list.code != 0) {
if (proc_list?.code !== undefined) { return -2;
if (proc_list.code != 0) { }
return -2; let plist = this.get_pid_list(proc_list.stdout);
}
plist = this.get_pid_list(proc_list.stdout); if (plist.length < 4) {
if (plist.length < 4) { return -3;
return -3;
}
}
if (svc_info == null) {
return null;
} }
if (typeof(svc_info) !== 'object') { if (typeof(svc_info) !== 'object') {
return -4; return -4;
@@ -423,7 +261,7 @@ return baseclass.extend({
let svc_autorun = _('Unknown'); let svc_autorun = _('Unknown');
let svc_daemons = _('Unknown'); let svc_daemons = _('Unknown');
if (typeof(svcinfo) == 'object' && svcinfo?.autorun !== undefined) { if (typeof(svcinfo) == 'object') {
svc_autorun = (svcinfo.autorun) ? _('Enabled') : _('Disabled'); svc_autorun = (svcinfo.autorun) ? _('Enabled') : _('Disabled');
if (!svcinfo.dmn.inited) { if (!svcinfo.dmn.inited) {
svc_daemons = _('Stopped'); svc_daemons = _('Stopped');
@@ -554,7 +392,7 @@ return baseclass.extend({
} }
} }
if (this.setperm) { if (this.setperm) {
let res = await fs.exec('/bin/busybox', [ 'chmod', '' + this.setperm, tmpFile ]); let res = await fs.exec('/bin/busybox', [ 'chmod', '644', tmpFile ]);
if (res.code != 0) { if (res.code != 0) {
throw new Error('chmod failed, rc = ' + res.code); throw new Error('chmod failed, rc = ' + res.code);
} }
@@ -700,11 +538,12 @@ return baseclass.extend({
if (value != "" && value != "\t") { if (value != "" && value != "\t") {
value = '\n' + value + '\n'; value = '\n' + value + '\n';
if (this.multiline == 2) { if (this.multiline == 2) {
if (value.includes('"')) { if (value.includes("'") || value.includes('"')) {
alert(_('Unable to save the contents') + ':\n' + _('text cannot contain quotes!')); alert(_('Unable to save the contents') + ':\n' + _('text cannot contain quotes!'));
return false; return false;
} }
value = value.replace(/"/g, ''); value = value.replace(/"/g, '');
value = value.replace(/'/g, '');
} }
} }
} else { } else {
@@ -761,7 +600,7 @@ return baseclass.extend({
}, },
}), }),
execAndRead: async function({ cmd = [ ], log = '', logArea = null, callback = null, ctx = null, hiderow = [ ], rpc_timeout = 5, rpc_root = false } = {}) execAndRead: async function({ cmd = [ ], log = '', logArea = null, callback = null, cbarg = null, hiderow = [ ], rpc_timeout = 5, rpc_root = false } = {})
{ {
function appendLog(msg, end = '\n') function appendLog(msg, end = '\n')
{ {
@@ -785,211 +624,69 @@ return baseclass.extend({
await fs.exec('/bin/busybox', [ 'rm', '-f', logFile + '*' ], null, rpc_opt); await fs.exec('/bin/busybox', [ 'rm', '-f', logFile + '*' ], null, rpc_opt);
appendLog('Output file cleared!'); appendLog('Output file cleared!');
} catch (e) { } catch (e) {
return callback.call(ctx, 500, 'ERROR: Failed to clear output file'); return callback(cbarg, 500, 'ERROR: Failed to clear output file');
} }
try { try {
let opt_list = [ logFile ]; let opt_list = [ logFile ];
opt_list.push(...cmd); opt_list.push(...cmd);
let res = await fs.exec(this.appDir+'/script-exec.sh', opt_list, null, rpc_opt); let res = await fs.exec(this.appDir+'/script-exec.sh', opt_list, null, rpc_opt);
if (res.code != 0) { if (res.code != 0) {
return callback.call(ctx, 525, 'ERROR: cannot run "' + cmd[0] + '" script! (error = ' + res.code + ')'); return callback(cbarg, 525, 'ERROR: cannot run "' + cmd[0] + '" script! (error = ' + res.code + ')');
} }
appendLog('Process started...'); appendLog('Process started...');
} catch (e) { } catch (e) {
return callback.call(ctx, 520, 'ERROR: Failed on execute process: ' + e.message); return callback(cbarg, 520, 'ERROR: Failed on execute process: ' + e.message);
} }
let lastLen = 0; let lastLen = 0;
let retCode = -1; let retCode = -1;
return await new Promise(async (resolve, reject) => { let timerBusy = false;
async function epoll() let timer = setInterval(async () => {
{ if (timerBusy)
try { return; // skip iteration
let res = await fs.exec('/bin/cat', [ logFile ], null, rpc_opt); timerBusy = true;
if (res.stdout && res.stdout.length > lastLen) { try {
let log = res.stdout.slice(lastLen); let res = await fs.exec('/bin/cat', [ logFile ], null, rpc_opt);
hide_rows.forEach(re => { if (res.stdout && res.stdout.length > lastLen) {
log = log.replace(re, ''); let log = res.stdout.slice(lastLen);
}); hide_rows.forEach(re => {
appendLog(log, ''); log = log.replace(re, '');
lastLen = res.stdout.length; });
} appendLog(log, '');
if (retCode < 0) { lastLen = res.stdout.length;
let rc = await fs.exec('/bin/cat', [ rcFile ], null, rpc_opt); }
if (rc.code != 0) { if (retCode < 0) {
fixLogEnd(); let rc = await fs.exec('/bin/cat', [ rcFile ], null, rpc_opt);
resolve(callback.call(ctx, 545, 'ERROR: cannot read file "' + rcFile + '"')); if (rc.code != 0) {
return; clearInterval(timer);
}
if (rc.stdout) {
retCode = parseInt(rc.stdout.trim(), 10);
}
}
if (retCode >= 0) {
fixLogEnd(); fixLogEnd();
if (retCode == 0 && res.stdout) { return callback(cbarg, 545, 'ERROR: cannot read file "' + rcFile + '"');
resolve(callback.call(ctx, 0, res.stdout));
return;
}
resolve(callback.call(ctx, retCode, 'ERROR: Process failed with error ' + retCode));
return;
} }
setTimeout(epoll, 500); if (rc.stdout) {
} catch (e) { retCode = parseInt(rc.stdout.trim(), 10);
let skip_err = false;
if (e.message?.includes('RPC call to file/exec failed with error -32000: Object not found')) {
skip_err = true;
}
if (e.message?.includes('XHR request timed out')) {
skip_err = true;
}
if (skip_err) {
console.warn('WARN: execAndRead: ' + e.message);
setTimeout(epoll, 500);
return; // goto next epoll iteration
} }
}
if (retCode >= 0) {
clearInterval(timer);
fixLogEnd(); fixLogEnd();
let errtxt = 'ERROR: execAndRead: ' + e.message; if (retCode == 0 && res.stdout) {
errtxt += 'ERROR: execAndRead: ' + e.stack?.trim().split('\n')[0]; return callback(cbarg, 0, res.stdout);
callback.call(ctx, 540, errtxt); }
reject(e); return callback(cbarg, retCode, 'ERROR: Process failed with error ' + retCode);
} }
} catch (e) {
if (e.message?.includes('RPC call to file/exec failed with error -32000: Object not found')) {
console.warn('WARN: execAndRead: ' + e.message);
return; // goto next timer iteration
}
clearInterval(timer);
fixLogEnd();
let errtxt = 'ERROR: execAndRead: ' + e.message;
errtxt += 'ERROR: execAndRead: ' + e.stack?.trim().split('\n')[0];
return callback(cbarg, 540, errtxt);
} finally {
timerBusy = false;
} }
epoll(); }, 500);
});
}, },
POLLER: baseclass.extend({
__init__: function(opts = { })
{
Object.assign(this, {
interval: 1000, // milliseconds
func: null,
active: false,
running: false,
}, opts);
env_tools.load_env(this);
this.ticks = 0;
this.timer = null;
this.mode = 0;
},
init: function(func, interval = null)
{
this.func = func;
if (interval) {
this.interval = interval;
}
},
start: function(delay = 0)
{
if (this.active) {
return;
}
this.ticks = 0;
this.active = true;
if (delay === null) {
this.step();
delay = this.interval;
}
this.timer = window.setTimeout(this.step.bind(this), delay);
return true;
},
stop: function()
{
this.active = false;
if (this.timer) {
window.clearTimeout(this.timer);
this.timer = null;
}
},
step: function()
{
if (!this.active) {
return;
}
if (this.timer) {
window.clearTimeout(this.timer);
}
if (this.mode == 1 && this.running) {
this.timer = window.setTimeout(this.step.bind(this), 100);
return;
}
this.ticks += 1;
this.running = true;
Promise.resolve(this.func()).finally((function() {
if (this.mode == 0) {
this.running = false;
}
this.timer = null;
if (this.active) {
this.timer = window.setTimeout(this.step.bind(this), this.interval);
}
}).bind(this));
},
stopAndWait: async function(interval = 50)
{
this.stop();
if (!this.running) {
return;
}
return new Promise((resolve) => {
if (!this.running) {
return resolve();
}
const timer = setInterval(() => {
if (!this.running) {
resolve();
}
}, interval);
});
},
}),
// original code: https://github.com/openwrt/luci/blob/95319793a27a3554be06070db8c6db71c6e28df1/modules/luci-base/htdocs/luci-static/resources/ui.js#L5342
createHandlerFnEx: function(ctx, fn, opts = { }, ...args)
{
if (typeof(fn) === 'string') {
fn = ctx[fn];
}
if (typeof(fn) !== 'function') {
return null;
}
const {
callback = null, // callback(btn, result, error)
keepDisabled = false,
noSpin = false
} = opts;
return L.bind(function() {
const btn = arguments[args.length].currentTarget;
if (!noSpin) {
btn.classList.add('spinning');
}
btn.disabled = true;
if (btn.blur) btn.blur();
let result, error;
return Promise
.resolve()
.then(() => fn.apply(ctx, arguments))
.then(r => { result = r; })
.catch(e => { error = e; })
.finally(() => {
if (!noSpin) {
btn.classList.remove('spinning');
}
if (!keepDisabled) {
btn.disabled = false;
}
if (typeof(callback) === 'function') {
callback.call(ctx, btn, result, error);
}
if (error) {
throw error;
}
});
}, ctx, ...args);
},
}); });

158
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/updater.js → luci-app-zapret/htdocs/luci-static/resources/view/zapret/updater.js
View File

@@ -5,7 +5,7 @@
'require uci'; 'require uci';
'require ui'; 'require ui';
'require view'; 'require view';
'require view.zapret2.tools as tools'; 'require view.zapret.tools as tools';
const btn_style_neutral = 'btn'; const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action'; const btn_style_action = 'btn cbi-button-action';
@@ -25,28 +25,35 @@ return baseclass.extend({
this.logArea.scrollTop = this.logArea.scrollHeight; this.logArea.scrollTop = this.logArea.scrollHeight;
}, },
setBtnMode: function(check, install, cancel) setBtnMode: function(enable)
{ {
this.btn_check.disabled = check ? false : true; this.btn_cancel.disabled = enable ? false : true;
this.btn_install.disabled = install ? false : true; this.btn_action.disabled = (enable == 2) ? false : true;
this.btn_cancel.disabled = cancel ? false : true;
}, },
setStage: function(stage, btn_flag = true) setStage: function(stage, btn_flag = true)
{ {
if (stage == 0) this.setBtnMode(1, 0, 1); if (stage == 0) {
if (stage == 1) this.setBtnMode(0, 0, 1); this.btn_action.textContent = _('Check for updates');
if (stage == 2) this.setBtnMode(1, 1, 1); this.btn_action.classList.remove('hidden');
if (stage == 3) this.setBtnMode(0, 0, 0); } else
if (stage == 8) this.setBtnMode(0, 0, 1); if (stage == 1) {
if (stage >= 9) this.setBtnMode(0, 0, 0); this.btn_action.textContent = _('Update packages');
this.btn_action.classList.remove('hidden');
} else {
this.btn_action.classList.add('hidden');
}
if (stage > 1 && typeof(this.btn_action) == 'object') {
this.setBtnMode(1);
}
this.stage = stage; this.stage = stage;
}, },
checkUpdates: async function(ev) checkUpdates: async function()
{ {
this._action = 'checkUpdates'; this._action = 'checkUpdates';
this.setStage(1); this.setStage(0);
this.setBtnMode(0);
this.pkg_url = null; this.pkg_url = null;
this.appendLog(_('Checking for updates...')); this.appendLog(_('Checking for updates...'));
let cmd = [ fn_update_pkg_sh, '-c' ]; // check for updates let cmd = [ fn_update_pkg_sh, '-c' ]; // check for updates
@@ -54,92 +61,82 @@ return baseclass.extend({
cmd.push('-p'); // include prereleases ZIP-files cmd.push('-p'); // include prereleases ZIP-files
} }
this.forced_reinstall = document.getElementById('cfg_forced_reinstall').checked; this.forced_reinstall = document.getElementById('cfg_forced_reinstall').checked;
return tools.execAndRead({ let log = '/tmp/'+tools.appName+'_pkg_check.log';
cmd: cmd, let callback = this.execAndReadCallback;
log: '/tmp/'+tools.appName+'_pkg_check.log', let wnd = this;
logArea: this.logArea, return tools.execAndRead({ cmd: cmd, log: log, logArea: this.logArea, callback: callback, cbarg: wnd });
callback: this.execAndReadCallback,
ctx: this,
});
}, },
installUpdates: async function(ev) installUpdates: async function()
{ {
this._action = 'installUpdates';
this.setStage(1);
this.setBtnMode(0);
if (!this.pkg_url || this.pkg_url.length < 10) { if (!this.pkg_url || this.pkg_url.length < 10) {
this.appendLog('ERROR: pkg_url = null'); this.appendLog('ERROR: pkg_url = null');
this.setStage(9); this.setStage(999);
return; return;
} }
this._action = 'installUpdates';
this.setStage(3);
this.appendLog(_('Install updates...')); this.appendLog(_('Install updates...'));
let cmd = [ fn_update_pkg_sh, '-u', this.pkg_url ]; // update packages let cmd = [ fn_update_pkg_sh, '-u', this.pkg_url ]; // update packages
if (document.getElementById('cfg_forced_reinstall').checked == true) { if (document.getElementById('cfg_forced_reinstall').checked == true) {
cmd.push('-f'); // forced reinstall if same version cmd.push('-f'); // forced reinstall if same version
} }
//this._test = 1; cmd.push('-t'); cmd.push('45'); // only for testing //this._test = 1; cmd.push('-t'); cmd.push('45'); // only for testing
return tools.execAndRead({ let log = '/tmp/'+tools.appName+'_pkg_install.log';
cmd: cmd, let hiderow = /^ \* resolve_conffiles.*(?:\r?\n|$)/gm;
log: '/tmp/'+tools.appName+'_pkg_install.log', let callback = this.execAndReadCallback;
logArea: this.logArea, let wnd = this;
hiderow: /^ \* resolve_conffiles.*(?:\r?\n|$)/gm, return tools.execAndRead({ cmd: cmd, log: log, logArea: this.logArea, hiderow: hiderow, callback: callback, cbarg: wnd });
callback: this.execAndReadCallback,
ctx: this,
});
}, },
execAndReadCallback: function(rc, txt = '') execAndReadCallback: function(wnd, rc, txt = '')
{ {
//console.log('execAndReadCallback = ' + rc + '; _action = ' + this._action); //console.log('execAndReadCallback = ' + rc + '; _action = ' + wnd._action);
if (rc == 0 && txt) { if (rc == 0 && txt) {
let code = txt.match(/^RESULT:\s*\(([^)]+)\)\s+.+$/m); let code = txt.match(/^RESULT:\s*\(([^)]+)\)\s+.+$/m);
if (this._action == 'checkUpdates') { if (wnd._action == 'checkUpdates') {
this.appendLog('=========================================================');
if (code && code[1] == 'E') {
this.btn_install.textContent = _('Reinstall');
} else {
this.btn_install.textContent = _('Install');
}
let pkg_url = txt.match(/^ZAP_PKG_URL\s*=\s*(.+)$/m); let pkg_url = txt.match(/^ZAP_PKG_URL\s*=\s*(.+)$/m);
if (code && pkg_url) { if (code && pkg_url) {
if (!this.forced_reinstall) { wnd.appendLog('=========================================================');
if (code[1] == 'E' || code[1] == 'G') { wnd.pkg_url = pkg_url[1];
this.setStage(0); // install not needed code = code[1];
return; if (code == 'E' && !wnd.forced_reinstall) {
} wnd.setStage(999); // install not needed
return;
} }
this.pkg_url = pkg_url[1]; wnd.setStage(1);
this.setStage(2); // enable all buttons wnd.setBtnMode(2); // enable all buttons
return; // install allowed return; // install allowed
} }
} }
if (this._action == 'installUpdates') { if (wnd._action == 'installUpdates') {
if (this._test || (code && code[1] == '+')) { if (wnd._test || (code && code[1] == '+')) {
this.setStage(9); wnd.stage = 999;
this.appendLog('Please update WEB-page (press F5)'); wnd.btn_action.textContent = _('OK');
wnd.btn_action.disabled = false;
wnd.btn_cancel.disabled = true;
return; return;
} }
} }
} }
this.setStage(0);
if (rc >= 500) { if (rc >= 500) {
if (txt) { if (txt) {
this.appendLog(txt.startsWith('ERROR') ? txt : 'ERROR: ' + txt); wnd.appendLog(txt.startsWith('ERROR') ? txt : 'ERROR: ' + txt);
} else { } else {
this.appendLog('ERROR: ' + this._action + ': Terminated with error code = ' + rc); wnd.appendLog('ERROR: ' + wnd._action + ': Terminated with error code = ' + rc);
} }
} else { } else {
this.appendLog('ERROR: Process finished with retcode = ' + rc); wnd.appendLog('ERROR: Process finished with retcode = ' + rc);
}
wnd.setStage(999);
if (wnd._action == 'checkUpdates') {
wnd.appendLog('=========================================================');
} }
this.appendLog('=========================================================');
}, },
openUpdateDialog: function(pkg_arch) openUpdateDialog: function(pkg_arch)
{ {
if (tools.checkUnsavedChanges()) {
ui.addNotification(null, E('p', _('You have unapplied changes')));
return;
}
this.stage = 0; this.stage = 0;
this.pkg_arch = pkg_arch; this.pkg_arch = pkg_arch;
this.pkg_url = null; this.pkg_url = null;
@@ -169,30 +166,25 @@ return baseclass.extend({
}, _('Cancel')); }, _('Cancel'));
this.btn_cancel.onclick = ui.hideModal; this.btn_cancel.onclick = ui.hideModal;
this.btn_check = E('button', { this.btn_action = E('button', {
'id': 'btn_check', 'id': 'btn_action',
'name': 'btn_check', 'name': 'btn_action',
'class': btn_style_action, 'class': btn_style_action,
}, _('Check')); }, 'BUTTON_ACTION');
this.btn_check.onclick = ui.createHandlerFn(this, this.checkUpdates); this.btn_action.onclick = ui.createHandlerFn(this, () => {
if (this.stage == 0) {
this.btn_install = E('button', { return this.checkUpdates();
'id': 'btn_install',
'name': 'btn_install',
'class': btn_style_positive,
}, _('Install'));
this.btn_install.onclick = ui.createHandlerFn(this, async () => {
let res = await this.installUpdates();
if (true) {
setTimeout(() => {
this.btn_install.disabled = true;
}, 0);
} }
if (this.stage == 1) {
return this.installUpdates();
}
return ui.hideModal();
}); });
this.setStage(0); this.setStage(0);
this.setBtnMode(2);
ui.showModal(_('Check for updates and install'), [ ui.showModal(_('Package update'), [
E('div', { 'class': 'cbi-section' }, [ E('div', { 'class': 'cbi-section' }, [
exclude_prereleases, exclude_prereleases,
E('br'), E('br'), E('br'), E('br'),
@@ -202,11 +194,9 @@ return baseclass.extend({
this.logArea, this.logArea,
]), ]),
E('div', { 'class': 'right' }, [ E('div', { 'class': 'right' }, [
this.btn_check,
' ',
this.btn_install,
' ',
this.btn_cancel, this.btn_cancel,
' ',
this.btn_action,
]) ])
]); ]);
} }

46
luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json Normal file
View File

@@ -0,0 +1,46 @@
{
"admin/services/zapret": {
"title": "Zapret",
"order": 61,
"action": {
"type": "alias",
"path": "admin/services/zapret/service"
},
"depends": {
"acl": [ "luci-app-zapret" ],
"fs": {
"/opt/zapret/sync_config.sh": "executable",
"/opt/zapret/restore-def-cfg.sh": "executable",
"/etc/init.d/zapret": "executable"
},
"uci": { "zapret": true }
}
},
"admin/services/zapret/service": {
"title": "Service",
"order": 10,
"action": {
"type": "view",
"path": "zapret/service"
}
},
"admin/services/zapret/settings": {
"title": "Settings",
"order": 20,
"action": {
"type": "view",
"path": "zapret/settings"
}
},
"admin/services/zapret/dmnlog": {
"title": "Log Viewer",
"order": 30,
"action": {
"type": "view",
"path": "zapret/dmnlog"
}
}
}

40
luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json Normal file
View File

@@ -0,0 +1,40 @@
{
"luci-app-zapret": {
"description": "Grant access to zapret procedures",
"read": {
"cgi-io": [ "exec" ],
"file": {
"/opt/zapret/config": [ "read" ],
"/opt/zapret/ipset/*": [ "read" ],
"/opt/zapret/init.d/openwrt/custom.d/*": [ "read" ],
"/etc/crontabs/root": [ "read" ],
"/tmp/zapret*": [ "read" ],
"/etc/init.d/zapret*": [ "exec" ],
"/bin/ps*": [ "exec" ],
"/bin/cat*": [ "exec" ],
"/bin/busybox*": [ "exec" ],
"/bin/opkg*": [ "exec" ],
"/usr/bin/apk*": [ "exec" ],
"/usr/bin/find*": [ "exec" ],
"/opt/zapret/restore-def-cfg.sh*": [ "exec" ],
"/opt/zapret/script-exec.sh*": [ "exec" ],
"/opt/zapret/update-pkg.sh*": [ "exec" ],
"/opt/zapret/sync_config.sh*": [ "exec" ]
},
"uci": [ "zapret", "network" ],
"ubus": {
"luci": [ "getInitList", "setInitAction" ],
"service": [ "list" ]
}
},
"write": {
"file": {
"/opt/zapret/config": [ "write" ],
"/opt/zapret/ipset/*": [ "write" ],
"/opt/zapret/init.d/openwrt/custom.d/*": [ "write" ],
"/etc/crontabs/root": [ "write" ]
},
"uci": [ "zapret" ]
}
}
}

69
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/env.js
View File

@@ -1,69 +0,0 @@
'use strict';
'require baseclass';
return baseclass.extend({
packager : { },
appName : 'zapret2',
AppName : 'Zapret2',
execPath : '/etc/init.d/zapret2',
appDir : '/opt/zapret2',
syncCfgPath : '/opt/zapret2/sync_config.sh',
defCfgPath : '/opt/zapret2/def-cfg.sh',
defaultCfgPath : '/opt/zapret2/restore-def-cfg.sh',
hostsGoogleFN : '/opt/zapret2/ipset/zapret-hosts-google.txt',
hostsUserFN : '/opt/zapret2/ipset/zapret-hosts-user.txt',
hostsUserExcludeFN: '/opt/zapret2/ipset/zapret-hosts-user-exclude.txt',
iplstExcludeFN : '/opt/zapret2/ipset/zapret-ip-exclude.txt',
iplstUserFN : '/opt/zapret2/ipset/zapret-ip-user.txt',
iplstUserExcludeFN: '/opt/zapret2/ipset/zapret-ip-user-exclude.txt',
custFileMax : 4,
custFileTemplate : '/opt/zapret2/ipset/cust%s.txt',
customdPrefixList : [ 10, 20, 50, 60, 90 ] ,
customdFileFormat : '/opt/zapret2/init.d/openwrt/custom.d/%s-script.sh',
discord_num : 50,
discord_url : [ 'https://github.com/bol-van/zapret2/blob/master/init.d/custom.d.examples.linux/50-discord-media',
'https://github.com/bol-van/zapret2/blob/master/init.d/custom.d.examples.linux/50-stun4all',
'https://github.com/bol-van/zapret2/tree/master/init.d/custom.d.examples.linux'
],
nfqws_opt_url : 'https://github.com/remittor/zapret-openwrt/discussions/',
autoHostListFN : '/opt/zapret2/ipset/zapret-hosts-auto.txt',
autoHostListDbgFN : '/opt/zapret2/ipset/zapret-hosts-auto-debug.log',
load_env: function(ctx)
{
let env_proto = Object.getPrototypeOf(this);
Object.getOwnPropertyNames(env_proto).forEach(function(key) {
if (key === 'constructor' || key.startsWith('__')) {
return;
}
if (key === 'load_env' || key === 'load_feat_env') {
return;
}
ctx[key] = env_proto[key];
});
ctx.skey_pkg_dict = this.appName + '-pkg-dict';
ctx.skey_deffered_action = this.appName + '-deffered-action';
try {
L.hasSystemFeature('opkg');
this.load_feat_env(ctx);
} catch(e) {
// nothing
}
},
load_feat_env: function(ctx)
{
ctx.packager = { };
if (L.hasSystemFeature('apk')) {
ctx.packager.name = 'apk';
ctx.packager.path = '/usr/bin/apk';
ctx.packager.args = [ 'list', '-I', '*'+this.appName+'*' ];
} else {
ctx.packager.name = 'opkg';
ctx.packager.path = '/bin/opkg';
ctx.packager.args = [ 'list-installed', '*'+this.appName+'*' ];
}
},
});

41
luci-app-zapret2/root/usr/share/luci/menu.d/luci-app-zapret2.json
View File

@@ -1,41 +0,0 @@
{
"admin/services/zapret2": {
"title": "Zapret2",
"order": 62,
"action": {
"type": "alias",
"path": "admin/services/zapret2/service"
},
"depends": {
"acl": [ "luci-app-zapret2" ],
"uci": { "zapret2": true }
}
},
"admin/services/zapret2/service": {
"title": "Service",
"order": 10,
"action": {
"type": "view",
"path": "zapret2/service"
}
},
"admin/services/zapret2/settings": {
"title": "Settings",
"order": 20,
"action": {
"type": "view",
"path": "zapret2/settings"
}
},
"admin/services/zapret2/dmnlog": {
"title": "Log Viewer",
"order": 30,
"action": {
"type": "view",
"path": "zapret2/dmnlog"
}
}
}

40
luci-app-zapret2/root/usr/share/rpcd/acl.d/luci-app-zapret2.json
View File

@@ -1,40 +0,0 @@
{
"luci-app-zapret2": {
"description": "Grant access to zapret2 procedures",
"read": {
"cgi-io": [ "exec" ],
"file": {
"/opt/zapret2/config": [ "read" ],
"/opt/zapret2/ipset/*": [ "read" ],
"/opt/zapret2/init.d/openwrt/custom.d/*": [ "read" ],
"/etc/crontabs/root": [ "read" ],
"/tmp/zapret*": [ "read" ],
"/etc/init.d/zapret2*": [ "exec" ],
"/bin/ps*": [ "exec" ],
"/bin/cat*": [ "exec" ],
"/bin/busybox*": [ "exec" ],
"/bin/opkg*": [ "exec" ],
"/usr/bin/apk*": [ "exec" ],
"/usr/bin/find*": [ "exec" ],
"/opt/zapret2/restore-def-cfg.sh*": [ "exec" ],
"/opt/zapret2/script-exec.sh*": [ "exec" ],
"/opt/zapret2/update-pkg.sh*": [ "exec" ],
"/opt/zapret2/sync_config.sh*": [ "exec" ]
},
"uci": [ "zapret2", "network" ],
"ubus": {
"luci": [ "getInitList", "setInitAction" ],
"service": [ "list" ]
}
},
"write": {
"file": {
"/opt/zapret2/config": [ "write" ],
"/opt/zapret2/ipset/*": [ "write" ],
"/opt/zapret2/init.d/openwrt/custom.d/*": [ "write" ],
"/etc/crontabs/root": [ "write" ]
},
"uci": [ "zapret2" ]
}
}
}

161
zapret2/Makefile → zapret/Makefile
View File

@@ -1,55 +1,40 @@
# #
# Copyright (c) 2025 remittor # Copyright (c) 2024 remittor
# #
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=zapret2 PKG_NAME:=zapret
PKG_VERSION:=0.9.20260128 PKG_VERSION:=72.20260117
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_MAINTAINER:=bol-van PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=docs/LICENSE.txt PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE_URL:=https://github.com/bol-van/zapret2.git PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=c8722d1ed9ac58561dd555b1c5b205e2f5f62432 PKG_SOURCE_VERSION:=c849e55ef0f1c244206f5a05ff7b1ab41a3824ee
PKG_SOURCE_DATE:=2026-01-28 PKG_SOURCE_DATE:=2026-01-17
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz #PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret2/archive/refs/tags/v$(PKG_VERSION).tar.gz? #PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_HASH:=skip #PKG_HASH:=skip
LUA_JIT?=1
ifeq ($(LUA_JIT),1)
LUAJIT_VER?=2.1
LUA_VER?=5.1
LUA_DEPEND:=luajit
LUA_INCLUDE:=-I$(STAGING_DIR)/usr/include/luajit-$(LUAJIT_VER)
LUA_LIBRARY:=-L$(STAGING_DIR)/usr/lib -lluajit-$(LUA_VER)
else
LUA_VER?=5.5
LUA_DEPEND:=lua$(LUA_VER)
LUA_INCLUDE:=-I$(STAGING_DIR)/usr/include/lua$(LUA_VER)
LUA_LIBRARY:=-L$(STAGING_DIR)/usr/lib -llua$(LUA_VER)
endif
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS) #TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS) #TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
MAKE_PATH:=nfq2 MAKE_PATH:=nfq
define Package/$(PKG_NAME) define Package/$(PKG_NAME)
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network
TITLE:=$(PKG_NAME) TITLE:=$(PKG_NAME)
SUBMENU:=Zapret2 SUBMENU:=Zapret
URL:=https://github.com/bol-van/zapret2 URL:=https://github.com/bol-van/zapret
DEPENDS:= +nftables +curl +gzip +$(LUA_DEPEND) DEPENDS:= +nftables +curl +gzip
DEPENDS+= +coreutils +coreutils-sort +coreutils-sleep DEPENDS+= +coreutils +coreutils-sort +coreutils-sleep
DEPENDS+= +kmod-nft-nat +kmod-nft-offload +kmod-nft-queue DEPENDS+= +kmod-nft-nat +kmod-nft-offload +kmod-nft-queue
DEPENDS+= +libnetfilter-queue +libcap +zlib DEPENDS+= +libnetfilter-queue +libcap +zlib
@@ -57,7 +42,7 @@ endef
define Build/Prepare define Build/Prepare
$(Build/Prepare/Default) $(Build/Prepare/Default)
rm -f $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws2 rm -f $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws
rm -f $(PKG_BUILD_DIR)/ip2net/ip2net rm -f $(PKG_BUILD_DIR)/ip2net/ip2net
rm -f $(PKG_BUILD_DIR)/mdig/mdig rm -f $(PKG_BUILD_DIR)/mdig/mdig
endef endef
@@ -66,12 +51,12 @@ endef
#endef #endef
define Build/Compile define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) $(TARGET_CONFIGURE_OPTS) LUA_JIT=$(LUA_JIT) LUA_CFLAGS="$(LUA_INCLUDE)" LUA_LIB="$(LUA_LIBRARY)" $(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) $(TARGET_CONFIGURE_OPTS)
$(MAKE) -C $(PKG_BUILD_DIR)/ip2net $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(PKG_BUILD_DIR)/ip2net $(TARGET_CONFIGURE_OPTS)
$(MAKE) -C $(PKG_BUILD_DIR)/mdig $(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(PKG_BUILD_DIR)/mdig $(TARGET_CONFIGURE_OPTS)
endef endef
ZAPRET_DIR := /opt/zapret2 ZAPRET_DIR := /opt/zapret
define ZAPRET_CONFFILES_LIST define ZAPRET_CONFFILES_LIST
$(ZAPRET_DIR)/config $(ZAPRET_DIR)/config
@@ -100,37 +85,33 @@ endef
define Package/$(PKG_NAME)/install define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)$(ZAPRET_DIR) $(INSTALL_DIR) $(1)$(ZAPRET_DIR)
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/$(MAKE_PATH) $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/$(MAKE_PATH)
$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws2 $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/ip2net $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/ip2net
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ip2net/ip2net $(1)$(ZAPRET_DIR)/ip2net/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/ip2net/ip2net $(1)$(ZAPRET_DIR)/ip2net/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/mdig $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/mdig
$(INSTALL_BIN) $(PKG_BUILD_DIR)/mdig/mdig $(1)$(ZAPRET_DIR)/mdig/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/mdig/mdig $(1)$(ZAPRET_DIR)/mdig/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/common $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/common
$(CP) $(PKG_BUILD_DIR)/common/* $(1)$(ZAPRET_DIR)/common/ $(CP) $(PKG_BUILD_DIR)/common/* $(1)$(ZAPRET_DIR)/common/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/lua #$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/docs
$(CP) $(PKG_BUILD_DIR)/lua/* $(1)$(ZAPRET_DIR)/lua/
#$(INSTALL_DIR) $(1)$(ZAPRET_DIR)docs
#$(CP) $(PKG_BUILD_DIR)/docs/* $(1)$(ZAPRET_DIR)/docs/ #$(CP) $(PKG_BUILD_DIR)/docs/* $(1)$(ZAPRET_DIR)/docs/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/files $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/files
$(CP) $(PKG_BUILD_DIR)/files/* $(1)$(ZAPRET_DIR)/files/ $(CP) $(PKG_BUILD_DIR)/files/* $(1)$(ZAPRET_DIR)/files/
$(CP) ./files/* $(1)$(ZAPRET_DIR)/files/ $(CP) ./files/* $(1)$(ZAPRET_DIR)/files/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/ipset $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/ipset
$(CP) $(PKG_BUILD_DIR)/ipset/* $(1)$(ZAPRET_DIR)/ipset/ $(CP) $(PKG_BUILD_DIR)/ipset/* $(1)$(ZAPRET_DIR)/ipset/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/blockcheck2.d $(INSTALL_BIN) $(PKG_BUILD_DIR)/blockcheck.sh $(1)$(ZAPRET_DIR)/blockcheck.sh
$(CP) $(PKG_BUILD_DIR)/blockcheck2.d/* $(1)$(ZAPRET_DIR)/blockcheck2.d/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/blockcheck2.sh $(1)$(ZAPRET_DIR)/blockcheck2.sh
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/tmp $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/tmp
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt
$(CP) $(PKG_BUILD_DIR)/init.d/openwrt/* $(1)$(ZAPRET_DIR)/init.d/openwrt/ $(CP) $(PKG_BUILD_DIR)/init.d/openwrt/* $(1)$(ZAPRET_DIR)/init.d/openwrt/
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret2 $(1)/etc/hotplug.d/iface/90-zapret2 $(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret
$(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret2 $(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt/custom.d $(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt/custom.d
$(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret2-uci-def-cfg.sh $(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
# install all sh-scripts # install all sh-scripts
$(CP) ./*.sh $(1)$(ZAPRET_DIR)/ $(CP) ./*.sh $(1)$(ZAPRET_DIR)/
rm -f $(1)$(ZAPRET_DIR)/init.d.sh rm -f $(1)$(ZAPRET_DIR)/init.d.sh
@@ -166,19 +147,21 @@ define Package/$(PKG_NAME)/install
chmod 755 $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/* chmod 755 $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/*
chmod 755 $(1)$(ZAPRET_DIR)/ip2net/* chmod 755 $(1)$(ZAPRET_DIR)/ip2net/*
chmod 755 $(1)$(ZAPRET_DIR)/mdig/* chmod 755 $(1)$(ZAPRET_DIR)/mdig/*
# Disable TPWS in blockcheck
grep -q '^SKIP_TPWS=' $(1)$(ZAPRET_DIR)/blockcheck.sh || sed -i '/^NFT_TABLE=blockcheck$$$$/a SKIP_TPWS=$$$${SKIP_TPWS:-1}' $(1)$(ZAPRET_DIR)/blockcheck.sh
endef endef
define Package/$(PKG_NAME)/preinst define Package/$(PKG_NAME)/preinst
#!/bin/sh #!/bin/sh
# check if we are on real system # check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_DIR=/opt/zapret2 ZAPRET_DIR=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret2 ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_CFG=/etc/config/zapret2 ZAPRET_CFG=/etc/config/zapret
if [ -f "$${ZAPRET_INITD}" ]; then if [ -f "$${ZAPRET_INITD}" ]; then
SCRIPT=$$( readlink "$${ZAPRET_INITD}" ) SCRIPT=$$( readlink "$${ZAPRET_INITD}" )
if [ -n "$${SCRIPT}" ]; then if [ -n "$${SCRIPT}" ]; then
echo "Please uninstall incompatible \"zapret2\" service!" echo "Please uninstall incompatible \"zapret\" service!"
exit 44 exit 44
fi fi
fi fi
@@ -197,20 +180,20 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
$${ZAPRET_INITD} running && $${ZAPRET_INITD} stop >/dev/null 2>&1 $${ZAPRET_INITD} running && $${ZAPRET_INITD} stop >/dev/null 2>&1
fi fi
fi fi
if $${PKG_CHECK} zapret2 >/dev/null 2>&1; then if $${PKG_CHECK} zapret >/dev/null 2>&1; then
if [ ! -f "/opt/zapret2/sync_config.sh" ]; then if [ ! -f "/opt/zapret/sync_config.sh" ]; then
echo "Please uninstall incompatible \"zapret2\" package!" echo "Please uninstall incompatible \"zapret\" package!"
exit 47 exit 47
fi fi
if [ -f "$${ZAPRET_CFG}" ] && ! grep -q "run_on_boot" "$${ZAPRET_CFG}"; then if [ -f "$${ZAPRET_CFG}" ] && ! grep -q "run_on_boot" "$${ZAPRET_CFG}"; then
echo "Please uninstall incompatible \"zapret2\" package!" echo "Please uninstall incompatible \"zapret\" package!"
exit 48 exit 48
fi fi
fi fi
if $${PKG_CHECK} luci-app-zapret2 >/dev/null 2>&1; then if $${PKG_CHECK} luci-app-zapret >/dev/null 2>&1; then
SVC_FILE=/www/luci-static/resources/view/zapret2/service.js SVC_FILE=/www/luci-static/resources/view/zapret/service.js
if [ ! -f "$${SVC_FILE}" ] || ! grep -Fq "/remittor/zapret-openwrt" "$${SVC_FILE}"; then if [ ! -f "$${SVC_FILE}" ] || ! grep -Fq "/remittor/zapret-openwrt" "$${SVC_FILE}"; then
echo "Please uninstall incompatible \"luci-app-zapret2\" package!" echo "Please uninstall incompatible \"luci-app-zapret\" package!"
exit 55 exit 55
fi fi
fi fi
@@ -223,15 +206,23 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
[ -d "$${ZAPRET_DIR}" ] && rm -rf $${ZAPRET_DIR} [ -d "$${ZAPRET_DIR}" ] && rm -rf $${ZAPRET_DIR}
echo "All files of the previously installed package have been removed!" echo "All files of the previously installed package have been removed!"
fi fi
if $${PKG_CHECK} zapret2-mdig >/dev/null 2>&1; then if $${PKG_CHECK} zapret-mdig >/dev/null 2>&1; then
$${PKG_REMOVE} zapret2-mdig $${PKG_REMOVE} zapret-mdig
fi fi
if $${PKG_CHECK} zapret2-ip2net >/dev/null 2>&1; then if $${PKG_CHECK} zapret-ip2net >/dev/null 2>&1; then
$${PKG_REMOVE} zapret2-ip2net $${PKG_REMOVE} zapret-ip2net
fi fi
if [ ! -d "$${ZAPRET_DIR}" ]; then if [ ! -d "$${ZAPRET_DIR}" ]; then
mkdir -p $${ZAPRET_DIR} mkdir -p $${ZAPRET_DIR}
fi fi
if [ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ]; then
if [ -f "/opt/zapret/ipset/zapret-hosts-user.txt" ]; then
CFGLISTHASH=$$( md5sum "/opt/zapret/ipset/zapret-hosts-user.txt" | awk '{print $$1;}' )
if [ "$${CFGLISTHASH}" = "79e35df62b0d1ae455d0a7e04c4cecac" ]; then
rm -f "/opt/zapret/ipset/zapret-hosts-user.txt"
fi
fi
fi
fi fi
exit 0 exit 0
endef endef
@@ -240,36 +231,40 @@ define Package/$(PKG_NAME)/postinst
#!/bin/sh #!/bin/sh
# check if we are on real system # check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_DIR=/opt/zapret2 ZAPRET_DIR=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret2 ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_CFG=/etc/config/zapret2 ZAPRET_CFG=/etc/config/zapret
ZAPRET_CONFIG=/opt/zapret2/config ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret2/config.default" ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
# Fix permissions # Fix permissions
chmod 644 $${ZAPRET_CFG} >/dev/null 2>&1 chmod 644 $${ZAPRET_CFG} >/dev/null 2>&1
chmod 644 $${ZAPRET_DIR}/ipset/*.txt >/dev/null 2>&1 chmod 644 $${ZAPRET_DIR}/ipset/*.txt >/dev/null 2>&1
chmod 644 $${ZAPRET_DIR}/ipset_def/*.txt >/dev/null 2>&1 chmod 644 $${ZAPRET_DIR}/ipset_def/*.txt >/dev/null 2>&1
chmod 644 $${ZAPRET_DIR}/init.d/openwrt/custom.d/*.sh >/dev/null 2>&1 chmod 644 $${ZAPRET_DIR}/init.d/openwrt/custom.d/*.sh >/dev/null 2>&1
chmod 644 $${ZAPRET_DIR}/config* >/dev/null 2>&1 chmod 644 $${ZAPRET_DIR}/config* >/dev/null 2>&1
# cleanup custom.d directory
rm -f $${ZAPRET_DIR}/init.d/openwrt/custom.d/*-opkg*
rm -f $${ZAPRET_DIR}/init.d/openwrt/custom.d/*.opkg*
rm -f $${ZAPRET_DIR}/init.d/openwrt/custom.d/*.apk*
# creating main config if its not exists # creating main config if its not exists
if [ ! -f "$${ZAPRET_CONFIG}" ]; then if [ ! -f "$${ZAPRET_CONFIG}" ]; then
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}" cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi fi
# check obsolete format for main config
if grep -qE "^NFQWS_OPT_DESYNC=|^MODE_HTTP=|^MODE_HTTPS=|^MODE_QUIC=|^MODE=" "$${ZAPRET_CONFIG}" ; then
echo "Detect obsolute format for main config!"
ZAPRET_CONFIG_BACKUP="$${ZAPRET_CONFIG}.backup"
cp -f "$${ZAPRET_CONFIG}" "$${ZAPRET_CONFIG_BACKUP}"
echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# remove fake uci-config # remove fake uci-config
[ -f "$${ZAPRET_CFG}" ] && [ ! -s "$${ZAPRET_CFG}" ] && rm -f "$${ZAPRET_CFG}" [ -f "$${ZAPRET_CFG}" ] && [ ! -s "$${ZAPRET_CFG}" ] && rm -f "$${ZAPRET_CFG}"
# check existing uci-config # check existing uci-config
[ -f "$${ZAPRET_CFG}" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0 [ -f "$${ZAPRET_CFG}" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
# create or merge uci-config # create or merge uci-config
/opt/zapret2/uci-def-cfg.sh /opt/zapret/uci-def-cfg.sh
[ "$${ZAPRET_CFG_EXISTS}" = "1" ] && echo "Config /etc/config/zapret2 merged with default uci-config" [ "$${ZAPRET_CFG_EXISTS}" = "1" ] && echo "Config /etc/config/zapret merged with default uci-config"
# remove uci-default script from system dir (used into /etc/init.d/boot) # remove uci-default script from system dir (used into /etc/init.d/boot)
rm -f /etc/uci-defaults/zapret2-uci-def-cfg.sh rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
# copy (sync) all params from uci-config to main config # copy (sync) all params from uci-config to main config
/opt/zapret2/sync_config.sh /opt/zapret/sync_config.sh
# check main config # check main config
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}" sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58 sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58
@@ -278,7 +273,7 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
# stop all # stop all
$${ZAPRET_INITD} stop_fw >/dev/null 2>&1 $${ZAPRET_INITD} stop_fw >/dev/null 2>&1
$${ZAPRET_INITD} stop_daemons >/dev/null 2>&1 $${ZAPRET_INITD} stop_daemons >/dev/null 2>&1
ps w | grep '/opt/zapret2/nfq2/nfqws2' | grep -v grep | awk '{print $$1}' | xargs -r kill -9 ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
# start main service # start main service
$${ZAPRET_INITD} start $${ZAPRET_INITD} start
# restart firewall # restart firewall
@@ -291,17 +286,17 @@ define Package/$(PKG_NAME)/prerm
#!/bin/sh #!/bin/sh
# check if we are on real system # check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_DIR=/opt/zapret2 ZAPRET_DIR=/opt/zapret
ZAPRET_BASE=/opt/zapret2 ZAPRET_BASE=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret2 ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_CFG=/etc/config/zapret2 ZAPRET_CFG=/etc/config/zapret
ZAPRET_CONFIG=/opt/zapret2/config ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret2/config.default" ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
OPENWRT_FW_INCLUDE=/etc/firewall.zapret2 OPENWRT_FW_INCLUDE=/etc/firewall.zapret
# check main config # check main config
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}" sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then
ps w | grep '/opt/zapret2/nfq2/nfqws2' | grep -v grep | awk '{print $$1}' | xargs -r kill -9 ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
exit 0 exit 0
fi fi
. "$${ZAPRET_CONFIG}" . "$${ZAPRET_CONFIG}"
@@ -311,7 +306,7 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
. "$${ZAPRET_BASE}/common/installer.sh" . "$${ZAPRET_BASE}/common/installer.sh"
$${ZAPRET_INITD} running && $${ZAPRET_INITD} stop >/dev/null 2>&1 $${ZAPRET_INITD} running && $${ZAPRET_INITD} stop >/dev/null 2>&1
$${ZAPRET_INITD} disable >/dev/null 2>&1 $${ZAPRET_INITD} disable >/dev/null 2>&1
ps w | grep '/opt/zapret2/nfq2/nfqws2' | grep -v grep | awk '{print $$1}' | xargs -r kill -9 ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
remove_openwrt_firewall remove_openwrt_firewall
nft_del_table nft_del_table
restart_openwrt_firewall restart_openwrt_firewall
@@ -323,12 +318,12 @@ define Package/$(PKG_NAME)/postrm
#!/bin/sh #!/bin/sh
# check if we are on real system # check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then if [ -z "$${IPKG_INSTROOT}" ]; then
rm -f /etc/config/zapret2-opkg* rm -f /etc/config/zapret-opkg*
rm -f /etc/config/zapret2.opkg* rm -f /etc/config/zapret.opkg*
rm -f /etc/config/zapret2.apk* rm -f /etc/config/zapret.apk*
[ -f "/opt/zapret2/config" ] && cp -f /opt/zapret2/config "/opt/zapret2/config.backup" [ -f "/opt/zapret/config" ] && cp -f /opt/zapret/config "/opt/zapret/config.backup"
#rm -rf /opt/zapret2 #rm -rf /opt/zapret
#echo "Directory /opt/zapret2 removed!" #echo "Directory /opt/zapret removed!"
fi fi
exit 0 exit 0
endef endef

44
zapret2/comfunc.sh → zapret/comfunc.sh
View File

@@ -1,20 +1,20 @@
#!/bin/sh #!/bin/sh
# Copyright (c) 2024 remittor # Copyright (c) 2024 remittor
EXEDIR=/opt/zapret2 EXEDIR=/opt/zapret
ZAPRET_BASE=/opt/zapret2 ZAPRET_BASE=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret2 ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret2" ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret"
ZAP_LOG_TAG=ZAPRET2 ZAP_LOG_TAG=ZAPRET
ZAPRET_CONFIG="$ZAPRET_BASE/config" ZAPRET_CONFIG="$ZAPRET_BASE/config"
ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new" ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default" ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
ZAPRET_CFG=/etc/config/zapret2 ZAPRET_CFG=/etc/config/zapret
ZAPRET_CFG_NAME=zapret2 ZAPRET_CFG_NAME=zapret
ZAPRET_CFG_SEC=$ZAPRET_CFG_NAME.config ZAPRET_CFG_SEC=$ZAPRET_CFG_NAME.config
ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_SEC )" ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_SEC )"
@@ -170,25 +170,17 @@ function merge_cfg_with_def_values
function remove_cron_task_logs function remove_cron_task_logs
{ {
[ ! -f $CRONTAB_FILE ] && return 0 if [ -f "$CRONTAB_FILE" ]; then
if grep -q -e "-name '$ZAPRET_CFG_NAME+\*\.log' -size " $CRONTAB_FILE; then sed -i "/-name '$ZAPRET_CFG_NAME+\*.log' -size +/d" "$CRONTAB_FILE"
sed -i "/-name '$ZAPRET_CFG_NAME+\*.log' -size /d" $CRONTAB_FILE
#/etc/init.d/cron restart 2> /dev/null
fi fi
} }
function insert_cron_task_logs function insert_cron_task_logs
{ {
local daemon_log_size_max=${1:-2000} [ ! -f "$CRONTAB_FILE" ] && touch "$CRONTAB_FILE"
[ ! -f $CRONTAB_FILE ] && touch $CRONTAB_FILE [ ! -f "$CRONTAB_FILE" ] && return 1
[ ! -f $CRONTAB_FILE ] && return 1 if ! grep -q -e "-name '$ZAPRET_CFG_NAME+\*\.log' -size \+" "$CRONTAB_FILE"; then
if ! grep -q -e "-name '$ZAPRET_CFG_NAME+\*\.log' -size " $CRONTAB_FILE; then echo "*/2 * * * * /usr/bin/find /tmp -maxdepth 1 -type f -name '$ZAPRET_CFG_NAME+*.log' -size +2600k -exec rm -f {} \;" >> "$CRONTAB_FILE"
case "$daemon_log_size_max" in
''|'0'|*[!0-9]*)
daemon_log_size_max=2000
;;
esac
echo "*/1 * * * * /usr/bin/find /tmp -maxdepth 1 -type f -name '$ZAPRET_CFG_NAME+*.log' -size +${daemon_log_size_max}k -exec rm -f {} \;" >> $CRONTAB_FILE
/etc/init.d/cron restart 2> /dev/null /etc/init.d/cron restart 2> /dev/null
fi fi
return 0 return 0
@@ -196,19 +188,15 @@ function insert_cron_task_logs
function init_before_start function init_before_start
{ {
local daemon_log_enable=$1 local DAEMON_LOG_ENABLE=$1
local daemon_log_size_max=${2:-2000}
local HOSTLIST_FN="$ZAPRET_BASE/ipset/zapret-hosts-user.txt" local HOSTLIST_FN="$ZAPRET_BASE/ipset/zapret-hosts-user.txt"
[ ! -f "$HOSTLIST_FN" ] && touch "$HOSTLIST_FN" [ ! -f "$HOSTLIST_FN" ] && touch "$HOSTLIST_FN"
chmod 644 $ZAPRET_BASE/ipset/*.txt chmod 644 $ZAPRET_BASE/ipset/*.txt
chmod 666 $ZAPRET_BASE/ipset/*.log chmod 666 $ZAPRET_BASE/ipset/*.log
rm -f $ZAPRET_BASE/init.d/openwrt/custom.d/*-opkg*
rm -f $ZAPRET_BASE/init.d/openwrt/custom.d/*.opkg*
rm -f $ZAPRET_BASE/init.d/openwrt/custom.d/*.apk*
rm -f /tmp/$ZAPRET_CFG_NAME+*.log rm -f /tmp/$ZAPRET_CFG_NAME+*.log
#*/ #*/
if [ "$daemon_log_enable" = "1" ]; then if [ "$DAEMON_LOG_ENABLE" = "1" ]; then
insert_cron_task_logs "$daemon_log_size_max" insert_cron_task_logs
else else
remove_cron_task_logs remove_cron_task_logs
fi fi

63
zapret2/config.default → zapret/config.default
View File

@@ -30,25 +30,14 @@ IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5" IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist # options for auto hostlist
# NOTE : in order for these adjustment to work it's required to redirect enough starting packets
# NOTE : set PKT_IN, PKT_OUT variables appropriately
AUTOHOSTLIST_INCOMING_MAXSEQ=4096
AUTOHOSTLIST_RETRANS_MAXSEQ=32768
AUTOHOSTLIST_RETRANS_RESET=1
AUTOHOSTLIST_RETRANS_THRESHOLD=3 AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3 AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60 AUTOHOSTLIST_FAIL_TIME=60
AUTOHOSTLIST_UDP_IN=1
AUTOHOSTLIST_UDP_OUT=4
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log # 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0 AUTOHOSTLIST_DEBUGLOG=0
# number of parallel threads for domain list resolves # number of parallel threads for domain list resolves
MDIG_THREADS=30 MDIG_THREADS=30
# EAI_AGAIN retries
MDIG_EAGAIN=10
# delay between EAI_AGAIN retries (ms)
MDIG_EAGAIN_DELAY=500
# ipset/*.sh can compress large lists # ipset/*.sh can compress large lists
GZIP_LISTS=0 GZIP_LISTS=0
@@ -74,30 +63,47 @@ DESYNC_MARK_POSTNAT=0x20000000
FILTER_MARK="" FILTER_MARK=""
NFQWS2_ENABLE=1 TPWS_SOCKS_ENABLE=0
# tpws socks listens on this port on localhost and LAN interfaces
TPPORT_SOCKS=987
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
TPWS_ENABLE=0
TPWS_PORTS="80,443"
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
NFQWS_ENABLE=1
# redirect outgoing traffic with connbytes limiter applied in both directions. # redirect outgoing traffic with connbytes limiter applied in both directions.
NFQWS2_PORTS_TCP="80,443" NFQWS_PORTS_TCP="80,443"
NFQWS2_PORTS_UDP="443" NFQWS_PORTS_UDP="443"
# PKT_OUT means connbytes dir original # PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply # PKT_IN means connbytes dir reply
NFQWS2_TCP_PKT_OUT="20" # this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU.
NFQWS2_TCP_PKT_IN="10" NFQWS_TCP_PKT_OUT="9"
NFQWS2_UDP_PKT_OUT="5" NFQWS_TCP_PKT_IN="3"
NFQWS2_UDP_PKT_IN="3" NFQWS_UDP_PKT_OUT="9"
NFQWS_UDP_PKT_IN="0"
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter # redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session # normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives # typical example are plain HTTP keep alives
# this mode can be very CPU consuming. enable with care ! # this mode can be very CPU consuming. enable with care !
NFQWS2_PORTS_TCP_KEEPALIVE="" NFQWS_PORTS_TCP_KEEPALIVE=""
NFQWS2_PORTS_UDP_KEEPALIVE="" NFQWS_PORTS_UDP_KEEPALIVE=""
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir # use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy # hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list # <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
NFQWS2_OPT="--filter-tcp=80 --filter-l7=http <HOSTLIST> --payload=http_req --lua-desync=fake:blob=fake_default_http:tcp_md5 --lua-desync=multisplit:pos=method+2 --new --filter-tcp=443 --filter-l7=tls <HOSTLIST> --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000 --lua-desync=multidisorder:pos=1,midsld --new --filter-udp=443 --filter-l7=quic <HOSTLIST_NOAUTO> --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6" NFQWS_OPT="--filter-tcp=80 <HOSTLIST> --dpi-desync=fake,fakedsplit --dpi-desync-autottl=2 --dpi-desync-fooling=badsum --new --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --filter-udp=443 <HOSTLIST_NOAUTO> --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=443 <HOSTLIST> --dpi-desync=multidisorder --dpi-desync-split-pos=1,sniext+1,host+1,midsld-2,midsld,midsld+2,endhost-1"
DISABLE_CUSTOM=1 DISABLE_CUSTOM=1
@@ -115,8 +121,9 @@ FLOWOFFLOAD=none
# for routers based on desktop linux and macos. has no effect in openwrt. # for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES # CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router # or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_WAN="eth0 eth1 eth2" # it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN # if IFACE_WAN6 is not defined it take the value of IFACE_WAN
#IFACE_LAN=eth0
#IFACE_WAN=eth1 #IFACE_WAN=eth1
#IFACE_WAN6="ipsec0 wireguard0 he_net" #IFACE_WAN6="ipsec0 wireguard0 he_net"
@@ -125,10 +132,10 @@ FLOWOFFLOAD=none
INIT_APPLY_FW=1 INIT_APPLY_FW=1
# firewall apply hooks # firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret2.hook.pre_up" #INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret2.hook.post_up" #INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret2.hook.pre_down" #INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret2.hook.post_down" #INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
# do not work with ipv4 # do not work with ipv4
DISABLE_IPV4=0 DISABLE_IPV4=0
@@ -148,5 +155,5 @@ FILTER_TTL_EXPIRED_ICMP=1
DAEMON_LOG_ENABLE=0 DAEMON_LOG_ENABLE=0
DAEMON_LOG_SIZE_MAX=2000
DAEMON_LOG_FILE="/tmp/zapret2+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log" DAEMON_LOG_FILE="/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log"

6
zapret2/custom.d/50-script.sh → zapret/custom.d/50-script.sh
View File

@@ -3,7 +3,7 @@
# NOTE: @ih requires nft 1.0.1+ and updated kernel version. it's confirmed to work on 5.15 (openwrt 23) and not work on 5.10 (openwrt 22) # NOTE: @ih requires nft 1.0.1+ and updated kernel version. it's confirmed to work on 5.15 (openwrt 23) and not work on 5.10 (openwrt 22)
# can override in config : # can override in config :
NFQWS_OPT_DESYNC_STUN="${NFQWS_OPT_DESYNC_STUN:---payload stun --lua-desync=fake:blob=0x00000000000000000000000000000000:repeats=2}" NFQWS_OPT_DESYNC_STUN="${NFQWS_OPT_DESYNC_STUN:---dpi-desync=fake --dpi-desync-repeats=2}"
alloc_dnum DNUM_STUN4ALL alloc_dnum DNUM_STUN4ALL
alloc_qnum QNUM_STUN4ALL alloc_qnum QNUM_STUN4ALL
@@ -17,14 +17,14 @@ zapret_custom_daemons()
} }
zapret_custom_firewall() zapret_custom_firewall()
{ {
# $1 - 1 - run, 0 - stop # $1 - 1 - run, 0 - stop
local f='-p udp -m u32 --u32' local f='-p udp -m u32 --u32'
fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=28:65535&&0>>22&0x3C@12=0x2112A442&&0>>22&0x3C@8&0xC0000003=0" "$f 44>>16=28:65535&&52=0x2112A442&&48&0xC0000003=0" $QNUM_STUN4ALL fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=28:65535&&0>>22&0x3C@12=0x2112A442&&0>>22&0x3C@8&0xC0000003=0" "$f 44>>16=28:65535&&52=0x2112A442&&48&0xC0000003=0" $QNUM_STUN4ALL
} }
zapret_custom_firewall_nft() zapret_custom_firewall_nft()
{ {
# stop logic is not required # stop logic is not required
local f="udp length >= 28 @ih,32,32 0x2112A442 @ih,0,2 0 @ih,30,2 0" local f="udp length >= 28 @ih,32,32 0x2112A442 @ih,0,2 0 @ih,30,2 0"
nft_fw_nfqws_post "$f" "$f" $QNUM_STUN4ALL nft_fw_nfqws_post "$f" "$f" $QNUM_STUN4ALL

458
zapret/def-cfg.sh Executable file
View File

@@ -0,0 +1,458 @@
#!/bin/sh
# Copyright (c) 2024 remittor
function set_cfg_reset_values
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.run_on_boot='0'
# settings for zapret service
set $cfgname.config.FWTYPE='nftables'
set $cfgname.config.POSTNAT='1'
set $cfgname.config.FLOWOFFLOAD='none'
set $cfgname.config.INIT_APPLY_FW='1'
set $cfgname.config.DISABLE_IPV4='0'
set $cfgname.config.DISABLE_IPV6='1'
set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.DISABLE_CUSTOM='1'
set $cfgname.config.WS_USER='daemon'
set $cfgname.config.DAEMON_LOG_ENABLE='0'
set $cfgname.config.DAEMON_LOG_FILE='/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
# autohostlist options
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
# nfqws options
set $cfgname.config.NFQWS_ENABLE='1'
set $cfgname.config.DESYNC_MARK='0x40000000'
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
set $cfgname.config.FILTER_MARK='$TAB'
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
set $cfgname.config.NFQWS_TCP_PKT_IN='3'
set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
set $cfgname.config.NFQWS_UDP_PKT_IN='0'
set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
# save changes
commit $cfgname
EOF
return 0
}
function clear_nfqws_strat
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT='$TAB'
commit $cfgname
EOF
}
function set_cfg_nfqws_strat
{
local strat=${1:--}
local cfgname=${2:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
commit $cfgname
EOF
if [ "$strat" = "empty" ]; then
clear_nfqws_strat $cfgname
fi
if [ "$strat" = "v1_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake,multidisorder
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=badseq
--dpi-desync-badseq-increment=10000000
--dpi-desync-repeats=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v2_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v3_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/t2.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=m.ok.ru
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v4_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,multisplit
--dpi-desync-split-pos=2,sld
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=google.com
--dpi-desync-split-seqovl=2108
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fooling=badseq
--new
--filter-tcp=443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync-any-protocol=1
--dpi-desync-cutoff=n5
--dpi-desync=multisplit
--dpi-desync-split-seqovl=582
--dpi-desync-split-pos=1
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/4pda.bin
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v5_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-tcp=443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
--dpi-desync-fake-tls-mod=rnd,dupsid
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v6_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443,2053,2083,2087,2096,8443'
set $cfgname.config.NFQWS_PORTS_UDP='443,19294-19344,50000-50100'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=multisplit
--dpi-desync-split-pos=1,sniext+1
--dpi-desync-split-seqovl=1
--new
--filter-tcp=443 <HOSTLIST>
--dpi-desync=hostfakesplit
--dpi-desync-hostfakesplit-mod=host=rzd.ru
--dpi-desync-hostfakesplit-midhost=host-2
--dpi-desync-split-seqovl=726
--dpi-desync-fooling=badsum,badseq
--dpi-desync-badseq-increment=0
--new
--filter-udp=443 <HOSTLIST_NOAUTO>
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
--new
--filter-udp=19294-19344,50000-50100
--filter-l7=discord,stun
--dpi-desync=fake
--dpi-desync-repeats=6
--new
--filter-tcp=2053,2083,2087,2096,8443
--hostlist-domains=discord.media
--dpi-desync=multisplit
--dpi-desync-split-seqovl=652
--dpi-desync-split-pos=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v7_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443,2053,2083,2087,2096,8443'
set $cfgname.config.NFQWS_PORTS_UDP='443,19294-19344,50000-50100'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake,multisplit
--dpi-desync-split-pos=2,sld
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=ggpht.com
--dpi-desync-split-seqovl=620
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fooling=badsum,badseq
--new
--filter-tcp=443 <HOSTLIST>
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=654
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/max.bin
--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
--new
--filter-udp=443 <HOSTLIST_NOAUTO>
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
--new
--filter-udp=19294-19344,50000-50100
--filter-l7=discord,stun
--dpi-desync=fake
--dpi-desync-repeats=6
--new
--filter-tcp=2053,2083,2087,2096,8443
--hostlist-domains=discord.media
--dpi-desync=multisplit
--dpi-desync-split-seqovl=652
--dpi-desync-split-pos=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "ALT7_by_Flowseal" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=multisplit
--dpi-desync-split-pos=2,sniext+1
--dpi-desync-split-seqovl=679
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-tcp=80,443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=multisplit
--dpi-desync-split-pos=2,sniext+1
--dpi-desync-split-seqovl=679
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "TLS_AUTO_ALT3_by_Flowseal" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com
--new
--filter-tcp=80,443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=11
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
return 0
}
function set_cfg_default_values
{
local opt_flags=${1:--}
local opt_strat=${2:-v6_by_StressOzz}
local cfgname=${3:-$ZAPRET_CFG_NAME}
if ! echo "$opt_flags" | grep -q "(skip_base)"; then
set_cfg_reset_values $cfgname
fi
if [ "$opt_strat" != "-" ]; then
set_cfg_nfqws_strat "$opt_strat" $cfgname
fi
if echo "$opt_flags" | grep -q "(set_mode_autohostlist)"; then
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='autohostlist'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(enable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='0'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(disable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='1'
commit $cfgname
EOF
fi
return 0
}

108
zapret2/dwc.sh → zapret/dwc.sh
View File

@@ -1,17 +1,15 @@
#!/bin/sh #!/bin/sh
# Copyright (c) 2026 remittor # Copyright (c) 2026 remittor
ZAP_TMP_DIR=/tmp/zapret2_dwc ZAP_TMP_DIR=/tmp/zapret_dwc
opt_sites=
opt_dig= opt_dig=
opt_recom= opt_recom=
opt_tmp_dir= opt_tmp_dir=
opt_test= opt_test=
while getopts "sd:RT:t" opt; do while getopts "d:RT:t" opt; do
case $opt in case $opt in
s) opt_sites="true";;
d) opt_dig="$OPTARG";; d) opt_dig="$OPTARG";;
R) opt_recom="true";; # Recommendations R) opt_recom="true";; # Recommendations
T) opt_tmp_dir="$OPTARG";; T) opt_tmp_dir="$OPTARG";;
@@ -27,7 +25,7 @@ TARGET_LIST_FILE="$ZAP_TMP_DIR/targets"
[ -f "$TARGET_LIST_FILE" ] && exit 3 [ -f "$TARGET_LIST_FILE" ] && exit 3
CURL_TIMEOUT=5 CURL_TIMEOUT=5
CURL_MAXBODY=65536 CURL_RANGETO=65535
CURL_NOCACHE='cache-control: no-cache' CURL_NOCACHE='cache-control: no-cache'
CURL_NOCACHE2='pragma: no-cache' CURL_NOCACHE2='pragma: no-cache'
CURL_USERAGENT='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' CURL_USERAGENT='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36'
@@ -69,7 +67,7 @@ fi
#echo 'Original sources: https://github.com/hyperion-cs/dpi-checkers' #echo 'Original sources: https://github.com/hyperion-cs/dpi-checkers'
#echo 'WEB-version: https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20/' #echo 'WEB-version: https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20/'
TEST_SUITE=' TEST_SUITE='[
{ id: "US.CF-01", provider: "🇺🇸 Cloudflare", times: 1, url: "https://img.wzstats.gg/cleaver/gunFullDisplay" }, { id: "US.CF-01", provider: "🇺🇸 Cloudflare", times: 1, url: "https://img.wzstats.gg/cleaver/gunFullDisplay" },
{ id: "US.CF-02", provider: "🇺🇸 Cloudflare", times: 1, url: "https://genshin.jmp.blue/characters/all#" }, { id: "US.CF-02", provider: "🇺🇸 Cloudflare", times: 1, url: "https://genshin.jmp.blue/characters/all#" },
{ id: "US.CF-03", provider: "🇺🇸 Cloudflare", times: 1, url: "https://api.frankfurter.dev/v1/2000-01-01..2002-12-31" }, { id: "US.CF-03", provider: "🇺🇸 Cloudflare", times: 1, url: "https://api.frankfurter.dev/v1/2000-01-01..2002-12-31" },
@@ -78,7 +76,7 @@ TEST_SUITE='
{ id: "DE.HE-01", provider: "🇩🇪 Hetzner", times: 1, url: "https://j.dejure.org/jcg/doctrine/doctrine_banner.webp" }, { id: "DE.HE-01", provider: "🇩🇪 Hetzner", times: 1, url: "https://j.dejure.org/jcg/doctrine/doctrine_banner.webp" },
{ id: "DE.HE-02", provider: "🇩🇪 Hetzner", times: 1, url: "https://maps.gnosis.earth/ogcapi/api/swagger-ui/swagger-ui-standalone-preset.js#" }, { id: "DE.HE-02", provider: "🇩🇪 Hetzner", times: 1, url: "https://maps.gnosis.earth/ogcapi/api/swagger-ui/swagger-ui-standalone-preset.js#" },
{ id: "FI.HE-01", provider: "🇫🇮 Hetzner", times: 1, url: "https://251b5cd9.nip.io/1MB.bin" }, { id: "FI.HE-01", provider: "🇫🇮 Hetzner", times: 1, url: "https://251b5cd9.nip.io/1MB.bin" },
{ id: "FI.HE-02", provider: "🇫🇮 Hetzner", times: 1, url: "https://nioges.com/libs/fontawesome/webfonts/fa-solid-900.woff2" }, { id: "FI.HE-02", provider: "🇫🇮 Hetzner", times: 1, url: "https://5fd8c176.nip.io/1MB.bin" },
{ id: "FI.HE-03", provider: "🇫🇮 Hetzner", times: 1, url: "https://5fd8bdae.nip.io/1MB.bin" }, { id: "FI.HE-03", provider: "🇫🇮 Hetzner", times: 1, url: "https://5fd8bdae.nip.io/1MB.bin" },
{ id: "FI.HE-04", provider: "🇫🇮 Hetzner", times: 1, url: "https://5fd8bca5.nip.io/1MB.bin" }, { id: "FI.HE-04", provider: "🇫🇮 Hetzner", times: 1, url: "https://5fd8bca5.nip.io/1MB.bin" },
{ id: "FR.OVH-01", provider: "🇫🇷 OVH", times: 1, url: "https://eu.api.ovh.com/console/rapidoc-min.js" }, { id: "FR.OVH-01", provider: "🇫🇷 OVH", times: 1, url: "https://eu.api.ovh.com/console/rapidoc-min.js" },
@@ -95,38 +93,7 @@ TEST_SUITE='
{ id: "FR.CNTB-01", provider: "🇫🇷 Contabo", times: 1, url: "https://airsea.no/images/main_logo.png" }, { id: "FR.CNTB-01", provider: "🇫🇷 Contabo", times: 1, url: "https://airsea.no/images/main_logo.png" },
{ id: "NL.SW-01", provider: "🇳🇱 Scaleway", times: 1, url: "https://www.velivole.fr/img/header.jpg" }, { id: "NL.SW-01", provider: "🇳🇱 Scaleway", times: 1, url: "https://www.velivole.fr/img/header.jpg" },
{ id: "US.CNST-01", provider: "🇺🇸 Constant", times: 1, url: "https://cdn.xuansiwei.com/common/lib/font-awesome/4.7.0/fontawesome-webfont.woff2?v=4.7.0" } { id: "US.CNST-01", provider: "🇺🇸 Constant", times: 1, url: "https://cdn.xuansiwei.com/common/lib/font-awesome/4.7.0/fontawesome-webfont.woff2?v=4.7.0" }
' ]'
if [ "$opt_sites" = true ]; then
TEST_SUITE='
gosuslugi.ru | @ | 40000 | https://gosuslugi.ru/__jsch/static/script.js
esia.gosuslugi.ru | @ | 40000 | https://esia.gosuslugi.ru/__jsch/static/script.js
gu-st.ru | | | https://gu-st.ru/portal-st/lib-assets/fonts/Lato-Regular-v3.woff2
nalog.ru | | | https://data.nalog.ru/images/new/buttons/TSET-button.png
lkfl2.nalog.ru | | | https://lkfl2.nalog.ru/lkfl/static/assets/main-desktop-1920-CvJsHANg.jpg
rutube.ru | @ | 40000 | https://static.rutube.ru/static/wdp/fonts/Semibold/OpenSans-Semibold.woff2?20231026
youtube.com | @# | 300000 | https://youtube.com
instagram.com | @# | 300000 | https://instagram.com
rutracker.org | @# | 80000 | https://rutracker.org
nnmclub.to | @# | 120000 | https://nnmclub.to
rutor.info | @# | 110000 | https://rutor.info
epidemz.net.co | @# | 40000 | https://epidemz.net.co
filmix.my | @ | 23000 | https://filmix.my/templates/Filmix/media/fonts/Roboto/roboto-v20-latin_cyrillic-italic.woff2
openwrt.org | + | 60000 | https://openwrt.org/lib/tpl/bootstrap3/assets/bootstrap/default/bootstrap.min.css
ntc.party | @# | 200000 | https://ntc.party
sxyprn.net | @# | 310000 | https://sxyprn.net
pornhub.com | @# | 700000 | https://pornhub.com
spankbang.com | @# | 80000 | https://spankbang.com
discord.com | @# | 120000 | https://discord.com
x.com | @ | 39000 | https://abs.twimg.com/fonts/v1/chirp-extended-heavy-web.woff2
flightradar24.com | @ | 100000 | https://www.flightradar24.com/mobile/airlines?format=2&version=0
cdn77.com | @ | 24000 | https://cdn77.com/fonts/Eina01-Regular.woff2
play.google.com | @# | 100000 | https://gstatic.com/feedback/js/help/prod/service/lazy.min.js
genderize.io | @# | 210000 | https://genderize.io
ottai.com | @ | 70000 | https://seas.static.ottai.com/ottai-website/public/images/new/home/banner/uk/banner.webp
'
CURL_TIMEOUT=7
fi
function trim function trim
{ {
@@ -138,17 +105,6 @@ mkdir -p "$ZAP_TMP_DIR"
: > "$TARGET_LIST_FILE" : > "$TARGET_LIST_FILE"
IDX=0 IDX=0
while IFS= read -r line; do while IFS= read -r line; do
if [ "$opt_sites" = true ]; then
echo -n "$line" | grep -q ' | http' || continue
IDX=$((IDX + 1))
TAG=$( printf '%s\n' "$line" | cut -d'|' -f1 | awk '{$1=$1;print}' )
FLAGS=$( printf '%s\n' "$line" | cut -d'|' -f2 | awk '{$1=$1;print}' )
TSIZE=$( printf '%s\n' "$line" | cut -d'|' -f3 | awk '{$1=$1;print}' )
URL=$( printf '%s\n' "$line" | cut -d'|' -f4 | awk '{$1=$1;print}' )
COUNTRY="XX"
echo "${IDX}|${TAG}|${COUNTRY}|${FLAGS}|${TSIZE}|${URL}" >> "$TARGET_LIST_FILE"
continue
fi
case "$line" in case "$line" in
*id:*provider:*url:*) *id:*provider:*url:*)
IDX=$((IDX + 1)) IDX=$((IDX + 1))
@@ -171,31 +127,10 @@ CURL_SPEED_LIMIT=1
while IFS='|' read -r ID TAG COUNTRY PROVIDER TIMES URL; do while IFS='|' read -r ID TAG COUNTRY PROVIDER TIMES URL; do
[ -z "$TAG" ] && continue [ -z "$TAG" ] && continue
ID=$((ID+1))
ID3=$( printf '%03d' "$ID" ) ID3=$( printf '%03d' "$ID" )
RANGETO="" COUNTRY=$( echo "$TAG" | cut -d. -f1 )
REDIRECT="" CNTFLAG=$( echo "$PROVIDER" | awk '{print $1}' )
USERAGENT="$CURL_USERAGENT"
if [ "$opt_sites" = true ]; then
FLAGS="$PROVIDER"
TSIZE="$TIMES"
[ "$TSIZE" = "" ] && TSIZE=$CURL_MAXBODY
if echo "$FLAGS" | grep -q '@'; then
RANGETO=""
else
RANGETO="--range 0-$((TSIZE - 1))"
fi
PROVIDER="$TSIZE"
if echo "$FLAGS" | grep -q '#'; then
REDIRECT="-L"
fi
if echo "$FLAGS" | grep -q '+'; then
USERAGENT="curl/8.12"
fi
else
RANGETO="--range 0-$((CURL_MAXBODY - 1))"
COUNTRY=$( echo "$TAG" | cut -d. -f1 )
CNTFLAG=$( echo "$PROVIDER" | awk '{print $1}' )
fi
URL_NO_PROTO="${URL#*://}" URL_NO_PROTO="${URL#*://}"
DOMAIN="${URL_NO_PROTO%%/*}" DOMAIN="${URL_NO_PROTO%%/*}"
URLPATH="/${URL_NO_PROTO#*/}" URLPATH="/${URL_NO_PROTO#*/}"
@@ -222,13 +157,12 @@ while IFS='|' read -r ID TAG COUNTRY PROVIDER TIMES URL; do
echo "$URL" > "$FNAME.url" echo "$URL" > "$FNAME.url"
curl "$URL" \ curl "$URL" \
$RESOLVE_OPT \ $RESOLVE_OPT \
$REDIRECT \
--connect-timeout $CURL_CON_TIMEOUT \ --connect-timeout $CURL_CON_TIMEOUT \
--max-time $CURL_TIMEOUT \ --max-time $CURL_TIMEOUT \
--speed-time $CURL_SPEED_TIME \ --speed-time $CURL_SPEED_TIME \
--speed-limit $CURL_SPEED_LIMIT \ --speed-limit $CURL_SPEED_LIMIT \
$RANGETO \ --range 0-$CURL_RANGETO \
-A "$USERAGENT" \ -A "$CURL_USERAGENT" \
-D "$FNAME.hdr" \ -D "$FNAME.hdr" \
-o "$FNAME.body" -o "$FNAME.body"
) > "$FNAME.log" 2>&1 & ) > "$FNAME.log" 2>&1 &
@@ -247,8 +181,6 @@ printf '%s\n' "$ZAP_TMP_DIR"/*.log | sort | while IFS= read -r file; do
TAG=$( echo "$FILENAME" | cut -d= -f2) TAG=$( echo "$FILENAME" | cut -d= -f2)
PROVIDER=$(echo "$FILENAME" | cut -d= -f3 ) PROVIDER=$(echo "$FILENAME" | cut -d= -f3 )
FNAME="$ZAP_TMP_DIR/$FILENAME" FNAME="$ZAP_TMP_DIR/$FILENAME"
REQ_SIZE=$CURL_MAXBODY
[ "$opt_sites" = true ] && REQ_SIZE="$PROVIDER"
BODY_SIZE=0 BODY_SIZE=0
[ -f "$FNAME.body" ] && BODY_SIZE=$( wc -c < "$FNAME.body" ) [ -f "$FNAME.body" ] && BODY_SIZE=$( wc -c < "$FNAME.body" )
IPADDR="x.x.x.x" IPADDR="x.x.x.x"
@@ -264,7 +196,7 @@ printf '%s\n' "$ZAP_TMP_DIR"/*.log | sort | while IFS= read -r file; do
elif [ ! -s "$FNAME.body" ]; then elif [ ! -s "$FNAME.body" ]; then
status="Possibly detected" status="Possibly detected"
else else
if [ $BODY_SIZE -lt $REQ_SIZE ]; then if [ "$BODY_SIZE" -le $CURL_RANGETO ]; then
status="Failed (recv $BODY_SIZE bytes)" status="Failed (recv $BODY_SIZE bytes)"
res=5 res=5
else else
@@ -272,21 +204,21 @@ printf '%s\n' "$ZAP_TMP_DIR"/*.log | sort | while IFS= read -r file; do
res=100 res=100
fi fi
fi fi
if [ "$opt_sites" = true ]; then if [ $res -lt 100 ] && [ -f "$FNAME.hdr" ] && [ $BODY_SIZE -eq 0 ]; then
printf '%18s / %-15s : %s \n' "$TAG" "$IPADDR" "$status" if grep -q 'x-amzn-waf-action: challenge' "$FNAME.hdr"; then
else status="WARN: tested site required JS-challenge"
printf '%12s / %-15s / %-13s: %s \n' "$TAG" "$IPADDR" "$PROVIDER" "$status" res=999
fi
fi fi
printf '%12s / %-15s / %-13s: %s \n' "$TAG" "$IPADDR" "$PROVIDER" "$status"
echo "$BODY_SIZE" > "$FNAME.size" echo "$BODY_SIZE" > "$FNAME.size"
if [ $res != 100 ]; then if [ $res -lt 100 ]; then
URL=$( cat "$FNAME.url" ) URL=$( cat "$FNAME.url" )
echo "$FILENAME : $URL" >> "$FAIL_URL_LIST" echo "$FILENAME : $URL" >> "$FAIL_URL_LIST"
fi fi
done done
if [ "$opt_test" != true ]; then rm -f "$ZAP_TMP_DIR"/*.body >/dev/null 2>&1
rm -f "$ZAP_TMP_DIR"/*.body >/dev/null 2>&1
fi
[ "$opt_recom" != "true" ] && return 0 [ "$opt_recom" != "true" ] && return 0

0
zapret2/files/fake/4pda.bin → zapret/files/fake/4pda.bin
View File

0
zapret2/files/fake/max.bin → zapret/files/fake/max.bin
View File

0
zapret2/files/fake/t2.bin → zapret/files/fake/t2.bin
View File

0
zapret2/files/fake/tls_clienthello_max_ru.bin → zapret/files/fake/tls_clienthello_max_ru.bin
View File

8
zapret2/init.d.sh → zapret/init.d.sh
View File

@@ -7,7 +7,7 @@ START=21
SCRIPT_FILENAME=$1 SCRIPT_FILENAME=$1
. /opt/zapret2/comfunc.sh . /opt/zapret/comfunc.sh
if ! is_valid_config ; then if ! is_valid_config ; then
logger -p err -t $ZAP_LOG_TAG "Wrong main config: $ZAPRET_CONFIG" logger -p err -t $ZAP_LOG_TAG "Wrong main config: $ZAPRET_CONFIG"
@@ -70,18 +70,18 @@ function boot
fi fi
fi fi
fi fi
init_before_start "$DAEMON_LOG_ENABLE" "$DAEMON_LOG_SIZE_MAX" init_before_start "$DAEMON_LOG_ENABLE"
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@" /bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
} }
function start function start
{ {
init_before_start "$DAEMON_LOG_ENABLE" "$DAEMON_LOG_SIZE_MAX" init_before_start "$DAEMON_LOG_ENABLE"
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@" /bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
} }
function restart function restart
{ {
init_before_start "$DAEMON_LOG_ENABLE" "$DAEMON_LOG_SIZE_MAX" init_before_start "$DAEMON_LOG_ENABLE"
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD restart "$@" /bin/sh /etc/rc.common $ZAPRET_ORIG_INITD restart "$@"
} }

0
zapret2/ipset/zapret-hosts-google.txt → zapret/ipset/zapret-hosts-google.txt
View File

39
zapret2/ipset/zapret-hosts-user-exclude.txt → zapret/ipset/zapret-hosts-user-exclude.txt
View File

@@ -11,7 +11,6 @@ fe80::/10
nalog.ru nalog.ru
gstatic.com gstatic.com
gosuslugi.ru gosuslugi.ru
mos.ru
mos-gorsud.ru mos-gorsud.ru
gov.ru gov.ru
sudrf.ru sudrf.ru
@@ -285,42 +284,4 @@ huaweicloud-dns.cn
huaweicloud-dns.ru huaweicloud-dns.ru
huaweicloud-dns.com huaweicloud-dns.com
huaweicloud-dns.org huaweicloud-dns.org
#################################### Okko
okko.tv
playfamily.ru
#################################### Beeline
beeline.ru
beeline.tv
#################################### Delta Force
volces.com
wetest.net
intlgame.com
fleetlogd.com
dgameglobal.com
tdatamaster.com
playdeltaforce.com
quovadisglobal.com
jupiterlauncher.com
anticheatexpert.com
#################################### Microsoft
live.com
lync.com
skype.com
microsoft
msauth.net
office.net
office.com
msocdn.com
mojang.com
windows.net
msftauth.net
xboxlive.com
microsoft.com
office365.com
azureedge.net
skypeassets.com
windowsupdate.com
microsoftonline.com
microsoftonline-p.com
minecraftservices.com
#################################### ####################################

0
zapret2/ipset/zapret-hosts-user.txt → zapret/ipset/zapret-hosts-user.txt
View File

0
zapret2/ipset/zapret-ip-exclude.txt → zapret/ipset/zapret-ip-exclude.txt
View File

12
zapret2/patches/0001-Add-support-log-file-for-each-daemons.patch → zapret/patches/0001-Add-support-log-file-for-each-daemons.patch
View File

@@ -25,10 +25,10 @@ index 0af19c0..41c0967 100644
done done
} }
} }
diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret2 diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret
index 8d6d3a9..fcb1e91 100755 index 8d6d3a9..fcb1e91 100755
--- a/init.d/openwrt/zapret2 --- a/init.d/openwrt/zapret
+++ b/init.d/openwrt/zapret2 +++ b/init.d/openwrt/zapret
@@ -58,12 +58,29 @@ run_daemon() @@ -58,12 +58,29 @@ run_daemon()
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile # use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local DAEMONBASE="$(basename "$2")" local DAEMONBASE="$(basename "$2")"
@@ -51,15 +51,15 @@ index 8d6d3a9..fcb1e91 100755
procd_open_instance procd_open_instance
- procd_set_param command $2 $3 - procd_set_param command $2 $3
+ procd_set_param command $DAEMON_PATH $DAEMON_ARGS + procd_set_param command $DAEMON_PATH $DAEMON_ARGS
procd_set_param pidfile $PIDDIR/${DAEMONBASE}_$1.pid procd_set_param pidfile $PIDDIR/$DAEMONBASE$1.pid
procd_close_instance procd_close_instance
} }
+DAEMON_CFGNAME="main" +DAEMON_CFGNAME="main"
+ +
run_nfqws() run_tpws()
{ {
run_daemon $1 "$NFQWS2" "$NFQWS2_OPT_BASE $2" [ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && return 0
-- --
2.41.0.windows.3 2.41.0.windows.3

0
zapret2/renew-cfg.sh → zapret/renew-cfg.sh
View File

0
zapret2/restore-def-cfg.sh → zapret/restore-def-cfg.sh
View File

0
zapret2/script-exec.sh → zapret/script-exec.sh
View File

1
zapret2/sync_config.sh → zapret/sync_config.sh
View File

@@ -93,7 +93,6 @@ sync_param MODE_FILTER
sync_param DISABLE_CUSTOM sync_param DISABLE_CUSTOM
sync_param WS_USER str sync_param WS_USER str
sync_param DAEMON_LOG_ENABLE sync_param DAEMON_LOG_ENABLE
sync_param DAEMON_LOG_SIZE_MAX
sync_param DAEMON_LOG_FILE str sync_param DAEMON_LOG_FILE str
sync_param AUTOHOSTLIST_RETRANS_THRESHOLD sync_param AUTOHOSTLIST_RETRANS_THRESHOLD

4
zapret2/uci-def-cfg.sh → zapret/uci-def-cfg.sh
View File

@@ -1,9 +1,9 @@
#!/bin/sh #!/bin/sh
# Copyright (c) 2024 remittor # Copyright (c) 2024 remittor
[ ! -f /opt/zapret2/comfunc.sh ] && exit 0 [ ! -f /opt/zapret/comfunc.sh ] && exit 0
. /opt/zapret2/comfunc.sh . /opt/zapret/comfunc.sh
mkdir -p $ZAPRET_BASE/ipset mkdir -p $ZAPRET_BASE/ipset

0
zapret2/update-pkg.sh → zapret/update-pkg.sh
View File

281
zapret2/def-cfg.sh
View File

@@ -1,281 +0,0 @@
#!/bin/sh
# Copyright (c) 2025 remittor
function set_cfg_reset_values
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.run_on_boot='0'
# settings for zapret service
set $cfgname.config.FWTYPE='nftables'
set $cfgname.config.POSTNAT='1'
set $cfgname.config.FLOWOFFLOAD='none'
set $cfgname.config.INIT_APPLY_FW='1'
set $cfgname.config.DISABLE_IPV4='0'
set $cfgname.config.DISABLE_IPV6='1'
set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.DISABLE_CUSTOM='1'
set $cfgname.config.WS_USER='daemon'
set $cfgname.config.DAEMON_LOG_ENABLE='0'
set $cfgname.config.DAEMON_LOG_SIZE_MAX='2000'
set $cfgname.config.DAEMON_LOG_FILE='/tmp/zapret2+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
# autohostlist options
set $cfgname.config.AUTOHOSTLIST_INCOMING_MAXSEQ='4096'
set $cfgname.config.AUTOHOSTLIST_RETRANS_MAXSEQ='32768'
set $cfgname.config.AUTOHOSTLIST_RETRANS_RESET='1'
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
set $cfgname.config.AUTOHOSTLIST_UDP_IN='1'
set $cfgname.config.AUTOHOSTLIST_UDP_OUT='4'
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
# nfqws options
set $cfgname.config.NFQWS2_ENABLE='1'
set $cfgname.config.DESYNC_MARK='0x40000000'
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
set $cfgname.config.FILTER_MARK='$TAB'
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_TCP_PKT_OUT='20'
set $cfgname.config.NFQWS2_TCP_PKT_IN='10'
set $cfgname.config.NFQWS2_UDP_PKT_OUT='5'
set $cfgname.config.NFQWS2_UDP_PKT_IN='3'
set $cfgname.config.NFQWS2_PORTS_TCP_KEEPALIVE='0'
set $cfgname.config.NFQWS2_PORTS_UDP_KEEPALIVE='0'
# save changes
commit $cfgname
EOF
return 0
}
function clear_nfqws_strat
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT='$TAB'
commit $cfgname
EOF
}
function set_cfg_nfqws_strat
{
local strat=${1:--}
local cfgname=${2:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
commit $cfgname
EOF
if [ "$strat" = "empty" ]; then
clear_nfqws_strat $cfgname
fi
if [ "$strat" = "default" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--filter-tcp=80
--filter-l7=http <HOSTLIST>
--payload=http_req
--lua-desync=fake:blob=fake_default_http:tcp_md5
--lua-desync=multisplit:pos=method+2
--new
--filter-tcp=443
--filter-l7=tls <HOSTLIST>
--payload=tls_client_hello
--lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000
--lua-desync=multidisorder:pos=1,midsld
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--payload=quic_initial
--lua-desync=fake:blob=fake_default_quic:repeats=6
"
commit $cfgname
EOF
fi
if [ "$strat" = "v1_by_Schiz23" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--filter-tcp=80
--filter-l7=http <HOSTLIST>
--payload=http_req
--lua-desync=fake:blob=fake_default_http:tcp_md5
--lua-desync=multisplit:pos=method+2
--new
--filter-tcp=443
--filter-l7=tls <HOSTLIST>
--lua-desync=fake:blob=fake_default_tls:ip_ttl=1:ip6_ttl=1:tls_mod=rnd,rndsni,padencap
--lua-desync=multidisorder:payload=tls_client_hello:pos=3
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--lua-desync=fake:blob=fake_default_quic:repeats=11:payload=all:out_range=-d10
"
commit $cfgname
EOF
fi
if [ "$strat" = "v2_by_Schiz23" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--filter-tcp=80
--filter-l7=http <HOSTLIST>
--payload=http_req
--lua-desync=fake:blob=fake_default_http:tcp_md5
--lua-desync=multisplit:pos=method+2
--new
--filter-tcp=443
--filter-l7=tls <HOSTLIST>
--payload=tls_client_hello
--lua-desync=multidisorder:payload=tls_client_hello:pos=100,midsld,sniext+1,endhost-2,-10
--lua-desync=send:sni=.microsoft
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--payload=quic_initial
--lua-desync=fake:blob=fake_default_quic:repeats=4
"
commit $cfgname
EOF
fi
if [ "$strat" = "v1_by_Routerich" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--blob=blob_tls_clienthello_www_google_com:@/opt/zapret2/files/fake/tls_clienthello_www_google_com.bin
--blob=blob_tls_clienthello_vk_com:@/opt/zapret2/files/fake/tls_clienthello_vk_com.bin
--blob=blob_tls_clienthello_gosuslugi_ru:@/opt/zapret2/files/fake/tls_clienthello_gosuslugi_ru.bin
--blob=blob_tls_clienthello_www_max_ru:@/opt/zapret2/files/fake/max.bin
--blob=blob_tls_clienthello_t2_ru:@/opt/zapret2/files/fake/t2.bin
--blob=blob_tls_clienthello_www_4pda_to:@/opt/zapret2/files/fake/4pda.bin
--filter-tcp=443
--filter-l3=ipv4
--filter-l7=tls
--hostlist=/opt/zapret2/ipset/zapret-hosts-google.txt
--out-range=-s34228
--in-range=-s5556 --lua-desync=circular:fails=2:maxtime=60
--in-range=x
--payload=tls_client_hello
--lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=-10000:tcp_ack=-66000:badsum:strategy=1
--lua-desync=fake:blob=blob_tls_clienthello_www_google_com:optional:tcp_seq=-10000:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=ggpht.com:strategy=1
--lua-desync=multisplit:pos=2,sld:seqovl=620:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=1
--lua-desync=fake:blob=0x00000000:tcp_ack=-66000:strategy=2
--lua-desync=fake:blob=blob_tls_clienthello_www_google_com:tls_mod=rnd,dupsid,rndsni,padencap:tcp_ack=-66000:strategy=2
--lua-desync=multisplit:pos=2,endhost:strategy=2
--lua-desync=multisplit:pos=1:seqovl=681:seqovl_pattern=blob_tls_clienthello_www_google_com:ip_id=zero:strategy=3
--lua-desync=multisplit:pos=1,sniext+1:seqovl=1:strategy=4
--lua-desync=multisplit:seqovl=681:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=5
--lua-desync=fake:blob=blob_tls_clienthello_www_google_com:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=fonts.google.com:strategy=6
--lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=6
--lua-desync=fakeddisorder:pos=10,midsld:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=6
--lua-desync=multidisorder:pos=7,sld+1:strategy=7
--lua-desync=multidisorder:pos=1,midsld,endhost-1:strategy=8
--lua-desync=fake:blob=0x00000000:tcp_seq=-10000:tcp_ack=-66000:repeats=2:strategy=9
--lua-desync=fake:blob=fake_default_tls:tcp_seq=-10000:tcp_ack=-66000:repeats=2:tls_mod=rnd,dupsid,sni=www.google.com:strategy=9
--lua-desync=multisplit:pos=1,midsld:strategy=9
--lua-desync=multidisorder:pos=1,midsld:strategy=10
--lua-desync=multisplit:pos=1,2:seqovl=4:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=11
--lua-desync=multidisorder:pos=2,5,105,host+5,sld-1,endsld-5,endsld:strategy=12
--lua-desync=fake:blob=0x0F0F0F0F:badsum:tcp_seq=-10000:tcp_ack=-66000:strategy=13
--lua-desync=fake:blob=blob_tls_clienthello_www_google_com:badsum:tcp_seq=-10000:tcp_ack=-66000:tls_mod=rnd,dupsid,sni=ggpht.com:strategy=13
--lua-desync=multisplit:pos=2,sld:seqovl=2108:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=13
--lua-desync=hostfakesplit:midhost=host-2:host=rzd.ru:tcp_seq=0:tcp_ack=-66000:badsum:strategy=14:final
--new
--filter-tcp=443
--filter-l3=ipv4
--filter-l7=tls <HOSTLIST_AUTO>
--out-range=-s34228
--in-range=-s5556 --lua-desync=circular:fails=2:maxtime=60
--in-range=x
--payload=tls_client_hello
--lua-desync=fake:blob=blob_tls_clienthello_www_max_ru:tcp_ts=-600000:repeats=8:strategy=1
--lua-desync=multisplit:pos=1:seqovl=654:seqovl_pattern=blob_tls_clienthello_www_max_ru:strategy=1
--lua-desync=fake:blob=blob_tls_clienthello_t2_ru:tls_mod=rnd,dupsid,sni=m.ok.ru:badsum:tcp_seq=-10000:strategy=2
--lua-desync=fake:blob=0x0F0F0F0F:tls_mod=none:badsum:tcp_seq=-10000:strategy=2
--lua-desync=fakeddisorder:pos=10,midsld:pattern=blob_tls_clienthello_vk_com:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:badsum:tcp_seq=-10000:strategy=2
--lua-desync=fake:blob=fake_default_tls:tcp_seq=10000000:tcp_ack=-66000:repeats=2:tls_mod=rnd,dupsid,sni=fonts.google.com:strategy=3
--lua-desync=multidisorder:pos=1:seqovl=681:seqovl_pattern=blob_tls_clienthello_www_google_com:strategy=3
--lua-desync=fake:blob=blob_tls_clienthello_www_google_com:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=fonts.google.com:strategy=4
--lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=4
--lua-desync=fakeddisorder:pos=10,midsld:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=4
--lua-desync=fake:blob=blob_tls_clienthello_t2_ru:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid,sni=m.ok.ru:strategy=5
--lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=5
--lua-desync=fakeddisorder:pos=10,midsld:seqovl=336:seqovl_pattern=blob_tls_clienthello_gosuslugi_ru:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=5
--lua-desync=multisplit:pos=1:seqovl=582:seqovl_pattern=blob_tls_clienthello_www_4pda_to:strategy=6
--lua-desync=fake:blob=blob_tls_clienthello_www_max_ru:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=rnd,dupsid:strategy=7
--lua-desync=fake:blob=0x0F0F0F0F:tcp_seq=0:tcp_ack=-66000:badsum:tls_mod=none:strategy=7
--lua-desync=fakeddisorder:pos=10,midsld:pattern=blob_tls_clienthello_vk_com:tcp_seq=0:tcp_ack=-66000:badsum:strategy=7
--lua-desync=hostfakesplit:midhost=host-2:host=rzd.ru:tcp_seq=0:tcp_ack=-66000:badsum:strategy=8:final
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--payload=quic_initial
--lua-desync=fake:blob=fake_default_quic:repeats=6
"
commit $cfgname
EOF
fi
return 0
}
function set_cfg_default_values
{
local opt_flags=${1:--}
local opt_strat=${2:-default}
local cfgname=${3:-$ZAPRET_CFG_NAME}
if ! echo "$opt_flags" | grep -q "(skip_base)"; then
set_cfg_reset_values $cfgname
fi
if [ "$opt_strat" != "-" ]; then
set_cfg_nfqws_strat "$opt_strat" $cfgname
fi
if echo "$opt_flags" | grep -q "(set_mode_autohostlist)"; then
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='autohostlist'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(enable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='0'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(disable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='1'
commit $cfgname
EOF
fi
return 0
}