Mirror/zapret-openwrt
1
0
Fork 0
mirror of https://github.com/remittor/zapret-openwrt.git synced 2026-01-03 15:18:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:v64-20241012
Branches Tags
Mirror:master Mirror:zap1 Mirror:gh-pages
Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012
...
compare: Mirror:v72.20251225-r2
Branches Tags
Mirror:master Mirror:zap1 Mirror:gh-pages
Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012

192 Commits
v64-202410 ... v72.202512

Author SHA1 Message Date
remittor
5550820fdc Bump version to v72.20251225-r2 2025-12-25 18:04:53 +03:00
remittor
0e8366f7d1 luci: tools: Fix show and close modal dialog for NFQWS_OPT 2025-12-25 18:02:11 +03:00
remittor
ea3c774537 updater: Fix find base package after ZIP unpack 2025-12-25 14:57:36 +03:00
remittor
57b7e65532 github: Fix bug_report.yml 2025-12-25 12:01:27 +03:00
remittor
eeacc486f9 Add ISSUE_TEMPLATE 2025-12-25 11:52:35 +03:00
remittor
101382faf7 Bump version to v72.20251225 2025-12-25 08:58:38 +03:00
remittor
21229ef152 def-cfg: Add strategies by Flowseal (ALT7 + TLS_AUTO_ALT3) 2025-12-25 08:54:40 +03:00
remittor
9aaf2b29e3 fake: Add TLS 1.3 hello from max.ru 2025-12-25 08:25:26 +03:00
remittor
246f4a08a0 luci: tools: Fix close modal dialog for NFQWS_OPT 2025-12-24 18:50:48 +03:00
remittor
3d3eb82b7b luci: updater: Fix timer using 2025-12-24 14:39:52 +03:00
remittor
8aff441b88 luci: tools: Fix close modal dialog for NFQWS_OPT 2025-12-23 14:14:07 +03:00
remittor
1c866d5de1 comfunc: Fix remove debug log 2025-12-20 10:11:18 +03:00
remittor
57d5ab5060 Bump version to v72.20251219 2025-12-19 11:17:04 +03:00
remittor
5a685cfa27 updater: Add check for unzip installed 2025-12-19 11:11:47 +03:00
remittor
21017047a8 updater: Fix parsing package version (APK) 2025-12-19 10:22:54 +03:00
remittor
9298388a12 build: Fix build package for riscv64 arch 2025-12-18 13:34:24 +03:00
remittor
0972ce0889 Bump version to v72.20251218 2025-12-18 11:32:56 +03:00
remittor
40084f0762 luci: Show package version with release number (exclude r1) 2025-12-18 11:30:16 +03:00
remittor
a616c6fa4e updater: Added retcode file (pid-file deleted) 2025-12-18 10:46:29 +03:00
remittor
06f45e3fbb updater: Replace wget to curl and other fixes 2025-12-18 09:19:08 +03:00
remittor
252a7eab9d Bump version to v72.20251217 2025-12-17 11:38:50 +03:00
remittor
73104ca3ca zapret: Fix makefile for install new sh-files 2025-12-17 11:33:59 +03:00
remittor
a5156e0d0c Add support check and install updates from GitHub 2025-12-17 11:31:13 +03:00
remittor
565ef66299 luci: Fix getting CPU arch info 2025-12-17 10:10:18 +03:00
remittor
1364bcbf1a ipset: Update zapret-hosts-user-exclude.txt 2025-12-16 08:23:47 +03:00
remittor
57ba961b07 github: releases: Remove draft releases 2025-12-16 08:14:32 +03:00
remittor
3a37ec9172 build: Add release number to pkg version string 2025-12-16 08:02:18 +03:00
remittor
e0ecbf5145 github: releases: Fix auto run 2025-12-15 23:15:05 +03:00
remittor
cc7ae8a91c build: Fix creation draft release 2025-12-15 23:05:32 +03:00
remittor
50ce130e1c build: Create releases.yml and auto mark all releases as prereleases 2025-12-15 20:55:20 +03:00
remittor
ac97bfae89 luci: Add showing CPU arch 2025-12-15 12:19:35 +03:00
remittor
058b3af2b3 build: releases: Create directory for releases 2025-12-14 15:11:05 +03:00
remittor
029923bac7 build: releases: Create releases for each ARCH 2025-12-14 14:25:28 +03:00
remittor
6aa114e87f build: releases: Add support second branch 2025-12-14 13:09:18 +03:00
remittor
ebd13f65c3 build: Add releases.yml to gh-pages 2025-12-14 12:42:20 +03:00
remittor
a95c938c78 build: Add arch riscv64 2025-12-14 12:42:20 +03:00
remittor
98dcd66524 luci: settings: Rename checkbox DISABLE_CUSTOM 2025-12-14 12:41:32 +03:00
remittor
1e2a9f48a2 luci: Remove unused controls from service-page 2025-12-14 12:41:03 +03:00
remittor
f63ce9d1e2 Bump version to v72.20251213 2025-12-13 10:33:20 +03:00
remittor
3f17898289 luci: Show option MODE_FILTER as checkbox: hostlist/autohostlist 2025-12-13 10:31:44 +03:00
remittor
52bd72079c install: Fix copy fake-files into distributive 2025-12-13 10:08:53 +03:00
remittor
6627678827 custom.d: Mark files into custom.d as configs 2025-12-13 10:06:56 +03:00
remittor
5691882d5e config: Fix using autohostlist option into NFQWS_OPT 2025-12-13 10:04:08 +03:00
remittor
fee8b480b0 Bump version to v72.20251212 2025-12-12 13:23:21 +03:00
remittor
2fb3ac3cc1 build: Return arm_cortex-a7_neon-vfpv4 for SNAPSHOT 2025-12-12 13:23:03 +03:00
remittor
f443195a44 build: fix gpg import 
PR: https://github.com/remittor/zapret-openwrt/pull/443
 2025-12-12 12:56:31 +03:00
remittor
5b65e2078f luci: Improved display of logs 
PR: https://github.com/remittor/zapret-openwrt/pull/526
 2025-12-12 12:53:51 +03:00
remittor
18b9394679 config: Add new options to reset settings dialog (choice of NFQWS strategy) 2025-12-12 12:27:18 +03:00
remittor
6ea3432d0c config: set DISABLE_CUSTOM=1 by default 2025-12-12 09:24:55 +03:00
remittor
5b28626ac0 custom.d: Add Stun4ALL script (50-script.sh) 2025-12-12 09:24:55 +03:00
remittor
6cbf1e3c47 ipset: Add ability for restore default ipset configs 2025-12-12 09:24:54 +03:00
remittor
2b04a6f37a fake: Added new TLS HELLO fakes 2025-12-09 14:57:25 +03:00
remittor
8ed3a6e3ae ipset: Update zapret-hosts-user-exclude.txt 2025-12-09 14:55:42 +03:00
remittor
55daf2f006 Bump version to v72.20251122 2025-11-22 11:58:46 +03:00
remittor
c60b70a02f config: Update default configs (by StressOzz v2) 2025-11-22 11:58:26 +03:00
remittor
44ff0ec3e1 Bump version to v72.20251022 2025-10-22 15:15:29 +03:00
remittor
65d90d8ed3 luci: Open each link on new page 2025-10-22 15:11:39 +03:00
remittor
e8dfb187e3 Bump version to v72.20250924 2025-09-24 13:25:50 +03:00
remittor
1b2057f00f luci: Add examples for custom.d scripts 2025-09-23 12:09:18 +03:00
remittor
7941f12c63 Bump version to v71.20250918 2025-09-18 15:17:37 +03:00
remittor
81f4b493f6 Add FILTER_MARK support 2025-09-18 15:17:18 +03:00
remittor
bd2e62c8a6 Bump version to v71.20250708 2025-07-08 11:55:41 +03:00
remittor
caa82938c1 ipset: Update zapret-hosts-google.txt 2025-07-08 11:54:28 +03:00
remittor
b1fd577bd1 config: Update default config (v71) 2025-07-08 11:46:05 +03:00
remittor
e8fc868226 Bump version to v71.20250607 2025-06-07 22:06:10 +03:00
remittor
2670ff2985 build: Exclude arch arm_cortex-a7_neon-vfpv4 for SNAPSHOT 2025-06-07 22:05:49 +03:00
remittor
dda8f254a0 comfunc: MiniFix in init_before_start 2025-06-07 15:17:18 +03:00
remittor
62401bbad5 Bump version to v70.20250505 2025-05-05 15:26:18 +03:00
remittor
c31fab4aaf config: Add new param FILTER_TTL_EXPIRED_ICMP 
Source: dc1dc5c876
 2025-05-05 15:26:17 +03:00
remittor
d56cd06281 luci: Fix access to files into custom.d dir 2025-05-05 15:26:17 +03:00
remittor
5f681a372a install: Patch luci header.ut for force update browser-cache 
Aux info: https://github.com/openwrt/luci/pull/7725
 2025-05-05 15:26:17 +03:00
remittor
d9d339e157 comfunc: Fix stdout into func adapt_for_sed 2025-05-05 15:26:17 +03:00
remittor
dfbd77bb91 install: Check service running before stop 2025-04-27 20:30:01 +03:00
remittor
aa4adc0c50 Bump version to v70.20250419 2025-04-19 17:59:55 +03:00
remittor
919c91a6c7 luci: Fix get service info on OpenWrt 21.02 2025-04-19 17:59:31 +03:00
remittor
da2cf34f9f config: Remove comment-line from NFQWS_OPT on sync 2025-04-19 17:58:52 +03:00
remittor
6b1825387f luci: Add link to help page for NFQWS_OPT 2025-04-19 14:36:58 +03:00
remittor
ca2b1378c6 luci: Fix view multiline for NFQWS_OPT 2025-04-19 14:36:58 +03:00
remittor
d0b03e60b6 config: Fix process empty value for NFQWS_PORTS_xxx_KEEPALIVE 2025-04-18 14:07:00 +03:00
remittor
d4fb54c2c0 Bump version to v70.20250405 2025-04-05 12:03:52 +03:00
remittor
5a7676c6f5 luci: Update link to discord custom script 2025-04-04 19:51:38 +03:00
remittor
60865aa602 ipset: Add file "zapret-hosts-user.txt" 2025-03-31 20:08:32 +03:00
remittor
f6dd684b62 comfunc: Delete auto preset "abra-cadabra.com" 2025-03-31 20:03:09 +03:00
remittor
fee8520332 Revert "build: Exclude arch arm_cortex-a7_neon-vfpv4" 
This reverts commit f912f30944.
 2025-03-28 21:21:25 +03:00
remittor
d317bcf541 Bump version to v70.20250323 2025-03-23 12:43:45 +03:00
remittor
1d27f12791 luci: Fix version check for v24.10 release pkg 2025-03-23 12:43:27 +03:00
remittor
f912f30944 build: Exclude arch arm_cortex-a7_neon-vfpv4 2025-03-23 10:39:22 +03:00
remittor
2fb9ff7095 build: Remove arch arm_mpcore 2025-03-23 08:48:01 +03:00
remittor
8792204b57 build: Add arch aarch64_cortex-a76 2025-03-23 08:41:10 +03:00
remittor
59aaa0c3eb build: Using 24.10 branch 2025-03-23 08:39:57 +03:00
remittor
f77e985d37 ipset: Add play.google.com into zapret-hosts-user-exclude.txt 2025-02-25 10:47:18 +03:00
remittor
fa668eaaff ipset: add localhost to zapret-hosts-user-exclude.txt 2025-02-25 10:46:22 +03:00
remittor
6deb6f70fb init: Fix empty zapret-hosts-user.txt on start daemons 2025-02-25 10:41:38 +03:00
remittor
d234b5f762 Bump version to v70.20250213 2025-02-13 08:49:40 +03:00
remittor
7a36045383 luci: Fix initialization L.sysFeatures 2025-02-13 08:48:47 +03:00
remittor
55036bc03c init: Add cron task for removing huge log-files 2025-02-12 20:36:43 +03:00
remittor
f2e6b6fc7e luci: Rename blacklist to HostList 2025-02-12 20:27:37 +03:00
remittor
e2313c9096 luci: Add human readable messages (dmnlog) 2025-02-11 21:21:49 +03:00
remittor
a2fe8816f1 init: Fix ipset permissions on restart 2025-02-11 19:12:03 +03:00
remittor
71794ca7e0 readme: Update badges (add actual version) 2025-02-11 10:10:48 +03:00
remittor
cded72542e Bump version to v70.20250210 2025-02-10 21:03:36 +03:00
remittor
31522f53d7 config: Fix bug (add option DAEMON_LOG_FILE for sync) 2025-02-10 21:03:03 +03:00
remittor
794f86a34c luci: Fix refresh textarea with logs 2025-02-10 19:50:03 +03:00
remittor
2529444929 luci: Use fs.read_direct instead fs.exec_direct 2025-02-10 15:00:12 +03:00
remittor
8ef98e1bcd luci: Transfer option DISABLE_CUSTOM to tab custom.d 2025-02-10 14:56:52 +03:00
remittor
57cfc5af29 install: Fix file permissions 2025-02-10 14:03:22 +03:00
remittor
8e783c4bd6 init: Fix bug (remove log on each start) 2025-02-10 09:51:56 +03:00
remittor
f7114167eb init: Remove logs on start and restart 2025-02-09 20:55:44 +03:00
remittor
adab5d93c5 luci: Add log viewer 2025-02-09 20:42:51 +03:00
remittor
41df444327 config: Add new option DAEMON_LOG_ENABLE 2025-02-09 13:28:59 +03:00
remittor
c187d544e3 build: Add init step 2025-02-09 11:59:21 +03:00
remittor
c524434b43 build: Add option TEST_BUILD 2025-02-09 11:35:01 +03:00
remittor
b73f7e93d6 build: Disable JS minification 2025-02-09 09:57:53 +03:00
remittor
4c224634c1 config: Add new option WS_USER 2025-02-08 16:13:02 +03:00
remittor
82fafaa6fe config: Add new option DISABLE_CUSTOM 2025-02-05 20:14:11 +03:00
remittor
768ebb6241 readme: Add new badges 2025-01-31 12:52:45 +03:00
remittor
0891e9d2fa github: Cleanup build script 2025-01-17 11:30:08 +03:00
remittor
fbb1239606 readme: Add download counter for latest release 2025-01-17 11:26:36 +03:00
remittor
88d82932c9 Bump version to v70.20250116 2025-01-16 19:57:33 +03:00
remittor
d169c51a11 github: Global changes 2025-01-16 19:57:22 +03:00
remittor
474baa09aa readme: Add download counter 2025-01-16 14:27:41 +03:00
remittor
b9621559c3 luci: Add support custom.d scripts 2025-01-14 09:14:14 +03:00
remittor
e0fd21187b Bump version to v70-20250109 2025-01-09 12:33:23 +03:00
remittor
47822364d5 luci: Forced use busybox ps 2024-12-13 21:32:55 +03:00
remittor
72d1ac6d7a Bump version to v69-20241206 2024-12-06 21:27:16 +03:00
remittor
b1c289c397 github: Exclude arch arm_cortex-a9_vfpv3-d16 2024-12-06 21:26:50 +03:00
remittor
ce1563dc7d Bump version to v69-20241123 2024-11-23 20:44:17 +03:00
remittor
566f3376ae readme: Add about of tool 2024-11-21 18:11:40 +03:00
remittor
e377c7aa4d Bump version to v69-20241121 2024-11-21 18:10:59 +03:00
remittor
a36853921e github: Add support SNAPSHOT branch 2024-11-21 18:10:27 +03:00
remittor
bddb0f395d readme: Add donation address 2024-11-21 12:17:18 +03:00
remittor
9719c11a58 luci: Adapt code for APK support 2024-11-21 10:39:54 +03:00
remittor
51fc9739d8 config: Skip run_on_boot option on restore default uci-config 2024-11-20 22:08:40 +03:00
remittor
5f584bcf58 config: Renew default config (v69) 
Source: https://github.com/bol-van/zapret-win-bundle/blob/master/zapret-winws/preset_russia.cmd
 2024-11-19 21:09:36 +03:00
remittor
cedb032eee Bump version to v69-20241118 2024-11-18 16:55:09 +03:00
remittor
8ea92829c8 init: Log enabled status only on boot 2024-11-17 13:40:54 +03:00
remittor
cdbd9c80e0 install: Enable service when upgrade package 2024-11-17 13:39:45 +03:00
remittor
0cd2c5b088 Bump version to v68-20241115 2024-11-15 22:25:24 +03:00
remittor
2b178173de Add many new scripts for manage service 2024-11-15 22:25:24 +03:00
remittor
b0953bbaaf luci: Add removing quotes from DESYNC_OPT param 2024-11-13 21:23:01 +03:00
remittor
d595f1eaa3 config: Add check syntax of main config into sync_config.sh 2024-11-13 21:15:20 +03:00
remittor
f8905bf0d4 luci: Allow to reset and sync settings during service error 2024-11-13 20:32:27 +03:00
remittor
e6c901a06a install: Check syntax of main config on install and uninstall 2024-11-12 22:38:45 +03:00
remittor
4811af79da Remove PKG_RELEASE from all Makefiles 
Reason: for compatibility with OpenWrt 24+
 2024-11-12 20:15:56 +03:00
remittor
c0d77d6c8a Bump version to v68-20241110 2024-11-11 10:29:54 +03:00
remittor
d03ca95c93 github: Fix auto build (add setup for SDK) 2024-11-11 10:29:54 +03:00
remittor
f42c6da005 config: Update default desync config 2024-11-11 10:29:53 +03:00
remittor
1b2bd2bdd5 luci: Catch incorrect JSON into function decode_svc_info 2024-11-11 10:29:53 +03:00
remittor
2cf3d0b996 Bump version to v67-20241030 2024-10-30 15:19:16 +03:00
remittor
d463d2e39e config: Fix bug in default config (forced use google hostlist) 2024-10-30 15:18:57 +03:00
remittor
148a397051 install: Replace default hostlist "zapret-hosts-user.txt" to "zapret-hosts-google.txt" 2024-10-30 13:10:56 +03:00
remittor
9f73af44dd ipset: Rename "zapret-hosts-user.txt" to "zapret-hosts-google.txt" 2024-10-30 12:41:35 +03:00
remittor
40f0432b1c config: luci: Add support new hostlist file "zapret-hosts-google.txt" 2024-10-30 12:40:26 +03:00
remittor
ca11a6cd55 ipset: Remove empty txt files from ipset directory 2024-10-30 12:15:28 +03:00
remittor
39833fdcea config: Add info about <HOSTLIST_NOAUTO> (new in v67) 2024-10-30 11:59:40 +03:00
remittor
425fde748f luci: Add button "Reset settings" 2024-10-30 11:22:28 +03:00
remittor
0df621f443 Bump version to v66-20241026 2024-10-26 17:37:06 +03:00
remittor
f17b00c107 config: luci: Adapt settings for Zapret v66 (new config format) 2024-10-26 17:34:48 +03:00
remittor
c67ce19626 luci: Add support multiline long string editing 2024-10-26 15:46:27 +03:00
remittor
4b932b2c4a luci: Fix detect daemons status (empty instances dict) 2024-10-26 15:18:52 +03:00
remittor
a8d25b2d2b config: luci: Add AutoHostList settings 2024-10-26 11:23:45 +03:00
Oleg S.
9f40c1fcd1 readme: Add screenshot of main page 2024-10-25 15:25:29 +03:00
remittor
3154d3f5f6 Bump version to v65-20241025 2024-10-25 14:20:35 +03:00
remittor
7e901513c5 config: luci: Fix merging longstr values (NFQWS_DESYNC_*) 2024-10-25 14:04:12 +03:00
remittor
5373d5dd2a config: Replace static uci-config to dynamic uci-config 2024-10-25 12:15:24 +03:00
remittor
836b324a0b luci: Show and check versions of installed packages 2024-10-24 15:08:37 +03:00
remittor
2db3bd7514 luci: Cleanup code (elems of btn) 2024-10-24 15:05:36 +03:00
remittor
0b20fe4a93 luci: Add postinst script for luci-reload 2024-10-24 13:20:23 +03:00
remittor
5f3dfe04ab config: Fix update and append params into main config 2024-10-24 13:18:51 +03:00
remittor
030b243bd6 Bump version to v65-20241023 2024-10-23 14:01:34 +03:00
remittor
f72a82bfe7 config: luci: Add options for overriding ports 2024-10-23 14:01:09 +03:00
remittor
ed09612065 luci: Fix show actual service status 2024-10-23 13:26:28 +03:00
remittor
144b9369b9 github: Change extension for out zip-files 2024-10-20 16:14:22 +03:00
remittor
79af08d99e readme: Add link to download page 2024-10-19 19:18:13 +03:00
Oleg S.
8d915f3e1d Create README.md 2024-10-19 14:33:39 +03:00
remittor
241a733eec Bump version to v65-20241018 2024-10-18 10:14:11 +03:00
remittor
6cfcaf2a03 luci: Fix path to main zapret script 2024-10-18 10:11:30 +03:00
remittor
2e58533b4e [install] Add detect for installed original zapret 2024-10-18 08:07:46 +03:00
remittor
6999144837 [install] Fix syntax 2024-10-18 08:06:08 +03:00
remittor
a6b89f3c2f [install] Remove empty custom files from ipset 2024-10-18 07:54:38 +03:00
remittor
facc4ac2bd Bump version to v65-20241016 2024-10-16 21:45:20 +03:00
remittor
8940c4bfa7 Add support for custom txt-configs 
Example: /opt/zapret/ipset/cust1.txt
 2024-10-16 21:45:20 +03:00
remittor
256c357554 Add other configs from original ipset directory 2024-10-16 21:45:20 +03:00
remittor
6c0c3498bd Add params DESYNC_MARK and DESYNC_MARK_POSTNAT 2024-10-16 21:45:20 +03:00
remittor
b28c89e569 Reformat type of parameters 2024-10-16 21:45:13 +03:00
remittor
0f6e981616 [install] Fix upgrade and remove main package 2024-10-16 10:34:29 +03:00
remittor
86310e3cf9 [install] Disable copy directory "docs" 2024-10-15 22:03:14 +03:00
remittor
f8feb83348 Bump version to v64-20241014 2024-10-14 19:57:38 +03:00
remittor
80518c32dc [github] Update auto builder 2024-10-14 19:56:45 +03:00
remittor
8f84cf46a8 [ipset] Update youtube hostnames 
src: https://github.com/bol-van/zapret/blob/master/binaries/win64/zapret-winws/list-youtube.txt
 2024-10-14 15:31:36 +03:00
remittor
bdff1d6a50 [github] Add auto builder 2024-10-13 22:08:59 +03:00
remittor
f8a756dd77 [zapret] Update config for Youtube 2024-10-13 11:36:39 +03:00
46 changed files with 4367 additions and 610 deletions
Expand all files Collapse all files

31
.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1,31 @@
# These are supported funding model platforms
# Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
github:
# Replace with a single Patreon username
patreon:
# Replace with a single Open Collective username
open_collective:
# Replace with a single Ko-fi username
ko_fi:
# Replace with a single Tidelift platform-name/package-name e.g., npm/babel
tidelift:
# Replace with a single Community Bridge project-name e.g., cloud-foundry
community_bridge:
# Replace with a single Liberapay username
liberapay:
# Replace with a single IssueHunt username
issuehunt:
# Replace with a single Otechie username
otechie:
# Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
custom: ['https://github.com/remittor/donate']

80
.github/ISSUE_TEMPLATE/bug_report_en.yml vendored Normal file
View File

@@ -0,0 +1,80 @@
---
name: 🐛 Bug Report
description: Report a reproducible bug
title: "[BUG] "
labels: ["bug"]
assignees: []
body:
- type: markdown
attributes:
value: |
Thanks for reporting a bug! Please fill out the form below.
Before sending, please:
- Check [existing issues](https://github.com/remittor/zapret-openwrt/issues)
- Read [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Bug description
description: A clear and concise description of what is not working
placeholder: A clear and concise description of the bug
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Steps to reproduce
description: Steps to reproduce the problem. If you're following a manual, please include a link to it.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Expected behavior
description: A clear and concise description of what was to happen
placeholder: Describe the expected behavior
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ System Information
description: |
Information about your system (fill in all that used)
value: |
- **OpenWrt version**:
- **Zapret version**:
- **Router model**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ The NFQWS strategy used
description: All parameters of the NFQWS strategy, or its name
placeholder: If the problem is caused by the NFQWS strategy
- type: textarea
id: config
attributes:
label: ⚙️ System Configurations
description: |
Relevant parts of the configuration (remove sensitive information!)
placeholder: |
For example:
- Contents of /etc/config/zapret
- Firewall configuration (Flow offloading, etc.)
- Additional configurations required for wireless/network/dhcp, etc.
render: shell

80
.github/ISSUE_TEMPLATE/bug_report_ru.yml vendored Normal file
View File

@@ -0,0 +1,80 @@
---
name: 🐛 Сообщение об ошибке
description: Сообщить об ошибке
title: "[BUG] "
labels: ["bug"]
assignees: []
body:
- type: markdown
attributes:
value: |
Спасибо за создание отчета об ошибке!
Перед отправкой, пожалуйста:
- Проверьте [существующие issues](https://github.com/remittor/zapret-openwrt/issues)
- Просмотрите [документацию](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Описание проблемы
description: Четкое и краткое описание того, что не работает
placeholder: Опишите проблему
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Шаги для воспроизведения
description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по какому либо мануалу, приложите ссылку на него.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Ожидаемое поведение
description: Четкое и краткое описание того, что должно было произойти
placeholder: Опишите ожидаемое поведение
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ Информация о системе
description: |
Информация о вашей системе (заполните всё применяемое)
value: |
- **OpenWrt версия**:
- **Zapret версия**:
- **Роутер модель**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ Используемая стратегия NFQWS
description: Все параметры стратегии NFQWS, либо её название
placeholder: Если проблема вызвана стратегией NFQWS
- type: textarea
id: config
attributes:
label: ⚙️ Конфигурация
description: |
Релевантные части конфигурации (удалите чувствительную информацию!)
placeholder: |
Например:
- Содержимое /etc/config/zapret
- Конфигурация файервола (опция Flow offloading и т.п.)
- Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
render: shell

9
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@@ -0,0 +1,9 @@
blank_issues_enabled: false
contact_links:
- name: 💬 Installation instructions / Инструкция по установке
url: https://github.com/remittor/zapret-openwrt/wiki/Installing-zapret%E2%80%90openwrt-package
about: Installation instructions / Инструкция по установке
- name: 📚 Original documetation / Оригинальная документация к zapret'у
url: https://github.com/bol-van/zapret/blob/master/docs/readme.md
about: README zapret

66
.github/ISSUE_TEMPLATE/feature_request_en.yml vendored Normal file
View File

@@ -0,0 +1,66 @@
---
name: ✨ Feature Request
description: Suggest a new feature or improvement
title: "[FEATURE] "
labels: ["enhancement", "needs-discussion"]
assignees: []
body:
- type: markdown
attributes:
value: |
Before sending, please:
- Check [existing requests](https://github.com/remittor/zapret-openwrt/issues?q=is%3Aissue+label%3Aenhancement)
- Make sure the function doesn't exist in [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: summary
attributes:
label: Brief description
description: Brief description of the proposed function
placeholder: In one sentence, describe what you want to add...
validations:
required: true
- type: textarea
id: problem
attributes:
label: The problem it solves
description: |
Description of the problem or inconvenience this feature will solve
placeholder: |
There is no possibility now [...]
validations:
required: true
- type: textarea
id: solution
attributes:
label: 💡 Proposed solution
description: A clear and concise description of what you want to achieve
placeholder: |
I want Zapret to be able to [...]
I suggest adding a feature that [...]
Could be improved [...]
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Workaround
description: |
Describe any alternative solutions or features you considered.
Are there any workarounds you currently use?
placeholder: |
I'm currently solving this problem by [...]
An alternative would be [...]
I tried using [...], but it doesn't work because [...]
- type: textarea
id: implementation
attributes:
label: Implementation ideas (optional)
description: |
If you have any ideas on how this could be implemented, please share them. Please keep LuCI's limitations in mind.
placeholder: |
This can be achieved using [...]

68
.github/ISSUE_TEMPLATE/feature_request_ru.yml vendored Normal file
View File

@@ -0,0 +1,68 @@
---
name: ✨ Запрос новой функции
description: Предложите новую функцию или улучшение для Zapret
title: "[FEATURE] "
labels: ["enhancement", "needs-discussion"]
assignees: []
body:
- type: markdown
attributes:
value: |
Спасибо за предложение новой функции!
Перед отправкой, пожалуйста:
- Проверьте [существующие запросы](https://github.com/remittor/zapret-openwrt/issues?q=is%3Aissue+label%3Aenhancement)
- Убедитесь, что функции не существует в [документации](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: summary
attributes:
label: Краткое описание
description: Краткое описание предлагаемой функции
placeholder: В одном предложении опишите, что вы хотите добавить...
validations:
required: true
- type: textarea
id: problem
attributes:
label: Проблема, которую решает
description: |
Описание проблемы или неудобства, которое решит эта функция
placeholder: |
Сейчас нет возможности [...]
validations:
required: true
- type: textarea
id: solution
attributes:
label: 💡 Предлагаемое решение
description: Четкое и краткое описание того, что вы хотите реализовать
placeholder: |
Я хочу, чтобы Zapret мог [...]
Предлагаю добавить функцию, которая [...]
Можно было бы улучшить [...] путем [...]
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Workaround
description: |
Опишите альтернативные решения или функции, которые вы рассматривали
Есть ли обходные пути, которые вы используете сейчас?
placeholder: |
Сейчас я решаю это проблему путем [...]
Альтернативой могло бы быть [...]
Пробовал использовать [...], но это не подходит потому что [...]
- type: textarea
id: implementation
attributes:
label: Идеи реализации (опционально)
description: |
Если у вас есть идеи о том, как это можно реализовать, поделитесь ими. Помните про ограничения LuCI.
placeholder: |
Это можно реализовать с помощью [...]

357
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,357 @@
name: build
on:
workflow_dispatch:
inputs:
test_build:
description: 'Test build'
required: false
default: 'false'
type: choice
options:
- true
- false
fake_build:
description: 'Fake build'
required: false
default: 'false'
type: choice
options:
- true
- false
max_speed:
description: 'Build with max speed'
required: false
default: 'true'
type: choice
options:
- true
- false
push:
tags:
- v[0-9]+*
env:
TEST_BUILD: ${{ github.event.inputs.test_build == 'true' }}
FAKE_BUILD: ${{ github.event.inputs.fake_build == 'true' }}
MAX_SPEED: ${{ github.event.inputs.max_speed != 'false' }}
TAG_SUFFIX: ${{ github.event.inputs.fake_build == 'true' && '-fake' || github.event.inputs.test_build == 'true' && '-test' || '' }}
REPO_URL: https://github.com/remittor/zapret-openwrt
REPO_LNK: remittor/zapret-openwrt
REPO_BRANCH: master
BUILD_ROOT: ${{ github.workspace }}/builder
BUILD_DATE: unknown
REPO_DATE: unknown
LUCI_ARCH: aarch64_cortex-a53
jobs:
check:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.gh.outputs.tag }}
date: ${{ steps.gh.outputs.date }}
sha: ${{ steps.gh.outputs.sha }}
url: ${{ steps.gh.outputs.url }}
message: ${{ steps.gh.outputs.message }}
build_date: ${{ steps.gh.outputs.build_date }}
fw_date: ${{ steps.gh.outputs.fw_date }}
is_active: ${{ steps.activity.outputs.is_active }}
test_build: ${{ env.TEST_BUILD }}
fake_build: ${{ env.FAKE_BUILD }}
steps:
- name: Get repo data via GH API
id: gh
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Tag name from GITHUB_REF_NAME: $GITHUB_REF_NAME"
echo "Tag name from github.ref_name: ${{ github.ref_name }}"
BRANCH=$(gh api repos/$REPO_LNK --jq '.default_branch')
REPO_DATE=$(gh api repos/$REPO_LNK/commits/$BRANCH --jq '.commit.committer.date')
BUILD_DATE=$( date --utc +'%Y%m%d' )
FW_DATE=$( date --utc +'%Y-%m-%d' )
{
echo "tag=$GITHUB_REF_NAME"
echo "date=$(date --utc -d $REPO_DATE +%Y%m%d)"
echo "sha=$(gh api repos/$REPO_LNK/commits/$BRANCH --jq '.sha[0:7]')"
echo "url=$(gh api repos/$REPO_LNK/commits/$BRANCH --jq '.html_url')"
echo "message<<EOF"
gh api repos/$REPO_LNK/commits/$BRANCH --jq '.commit.message'
echo EOF
echo "build_date=$BUILD_DATE"
echo "fw_date=$FW_DATE"
} >> $GITHUB_OUTPUT
echo "REPO_DATE=$REPO_DATE" >> $GITHUB_ENV
- name: Check for repo activity
id: activity
env:
REPO_DATE: ${{ env.REPO_DATE }}
URL: ${{ steps.gh.outputs.url }}
run: |
TIMESTAMP=$(date --utc -d $REPO_DATE +%s)
DAYS=$(( ( $(date --utc +%s) - $TIMESTAMP ) / 86400 ))
echo "Repository activity: $(date --utc -d $REPO_DATE)"
echo "Commit: $URL"
if [ "${{ github.event_name }}" != "schedule" ]; then
is_active=true
elif [[ $DAYS -lt 1 ]] ; then
is_active=true
else
echo "Repository not updated within last 24 hours."
is_active=false
fi
echo "is_active=$is_active" >> $GITHUB_OUTPUT
build:
needs: check
#if: needs.check.outputs.is_active == 'true'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
branch: [ openwrt-24.10, SNAPSHOT ]
arch:
- aarch64_cortex-a53
- aarch64_cortex-a72
- aarch64_cortex-a76
- aarch64_generic
- arm_arm1176jzf-s_vfp
- arm_arm926ej-s
- arm_cortex-a15_neon-vfpv4
- arm_cortex-a5_vfpv4
- arm_cortex-a7
- arm_cortex-a7_neon-vfpv4
- arm_cortex-a7_vfpv4
- arm_cortex-a8_vfpv3
- arm_cortex-a9
- arm_cortex-a9_neon
- arm_cortex-a9_vfpv3-d16
- arm_fa526
- arm_xscale
- mips64_octeonplus
- mips_24kc
- mips_4kec
- mips_mips32
- mipsel_24kc
- mipsel_24kc_24kf
- mipsel_74kc
- mipsel_mips32
- riscv64_generic
- x86_64
isTestOrFake:
- ${{ needs.check.outputs.test_build == 'true' || needs.check.outputs.fake_build == 'true' }}
exclude:
- branch: openwrt-24.10
arch: riscv64_generic
- branch: SNAPSHOT
arch: arm_cortex-a9_vfpv3-d16
- { isTestOrFake: true }
include:
- branch: openwrt-24.10
arch: x86_64
- branch: openwrt-24.10
arch: aarch64_cortex-a53
- branch: SNAPSHOT
arch: aarch64_cortex-a53
container:
image: openwrt/sdk:${{ matrix.arch }}-${{ matrix.branch }}
options: --user root
outputs:
pkgver: ${{ steps.build.outputs.pkgver }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ env.REPO_LNK }}
path: zapret-openwrt
- name: Setup OpenWrt SDK
working-directory: /builder
env:
BRANCH: ${{ matrix.branch }}
shell: bash
run: |
# gpg --verbose --recv-keys 0x1D53D1877742E911
# gpg --verbose --import <(wget -qO- 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/0x1D53D1877742E911.asc')
gpg --verbose --import <(wget -qO- 'https://raw.githubusercontent.com/openwrt/keyring/refs/heads/master/gpg/0x1D53D1877742E911.asc')
# disable check signatures
sed -i 's/gpg --/#gpg --/g' setup.sh
# disable cleanup keys
sed -r -i 's/^rm.+//' setup.sh
./setup.sh
ls -lh
if [ "$BRANCH" = "openwrt-24.10" ]; then
echo "PKGTYPE=ipk" >> $GITHUB_ENV
else
echo "PKGTYPE=apk" >> $GITHUB_ENV
fi
- name: Setup ccache
uses: actions/cache@v4
with:
path: '/builder/.ccache'
key: ccache-${{ matrix.arch }}-${{ matrix.branch }}-${{ github.run_id }}
restore-keys: |
ccache-${{ matrix.arch }}-${{ matrix.branch }}-
- name: Init packages
id: init
working-directory: '/builder'
env:
FAKE_BUILD: ${{ env.FAKE_BUILD == 'true' || ( env.TEST_BUILD == 'true' && matrix.branch == 'SNAPSHOT' ) }}
BUILD_DATE: ${{ needs.check.outputs.build_date }}
ARCH: ${{ matrix.arch }}
BRANCH: ${{ matrix.branch }}
SIGN_KEY: ${{ secrets.SIGN_PRIVATE_KEY }}
CCACHE_DIR: '/builder/.ccache'
shell: bash
run: |
PKGDIR=$GITHUB_WORKSPACE/zapret-openwrt
MKFN=$PKGDIR/luci-app-zapret/Makefile
PKGVER=$( grep -s '^PKG_VERSION:=.*' $MKFN | cut -d'=' -f2 )
PKGREL=$( grep -s '^PKG_RELEASE:=.*' $MKFN | cut -d'=' -f2 )
[ "$PKGREL" != "1" ] && PKGVER=$PKGVER-r$PKGREL
echo "PKG_VERSION = $PKGVER"
cp -vr $PKGDIR ./package/zapret-openwrt/
mv feeds.conf.default feeds.conf
sed -i -e 's|base.*\.git|base https://github.com/openwrt/openwrt.git|' feeds.conf
sed -i -e 's|packages.*\.git|packages https://github.com/openwrt/packages.git|' feeds.conf
sed -i -e 's|luci.*\.git|luci https://github.com/openwrt/luci.git|' feeds.conf
mkdir -p ./logs
if [ "$FAKE_BUILD" = "false" ]; then
./scripts/feeds update base packages luci
./scripts/feeds install -a
fi
echo "FAKE_BUILD=$FAKE_BUILD" >> $GITHUB_ENV
echo "PKGVER=$PKGVER" >> $GITHUB_ENV
echo "pkgver=$PKGVER" >> $GITHUB_OUTPUT
echo "status=success" >> $GITHUB_OUTPUT
- name: Build packages
id: build
if: steps.init.outputs.status == 'success'
working-directory: '/builder'
env:
BUILD_DATE: ${{ needs.check.outputs.build_date }}
ARCH: ${{ matrix.arch }}
BRANCH: ${{ matrix.branch }}
SIGN_KEY: ${{ secrets.SIGN_PRIVATE_KEY }}
CCACHE_DIR: '/builder/.ccache'
shell: bash
run: |
MAKE_JOBS=$(($(nproc)+1))
echo "$MAKE_JOBS thread compile"
if [ "$FAKE_BUILD" = "false" ]; then
make defconfig
sed -i 's/CONFIG_LUCI_JSMIN=y/CONFIG_LUCI_JSMIN=n/g' .config
echo "------------- .config BEG -------------------"
cat .config
echo "------------- .config END -------------------"
if [ "$ARCH" = "$LUCI_ARCH" ]; then
PKGLIST=`echo package/zapret-openwrt/{zapret,zapret-tpws,zapret-mdig,zapret-ip2net,luci-app-zapret}/compile`
else
PKGLIST=`echo package/zapret-openwrt/{zapret,zapret-tpws,zapret-mdig,zapret-ip2net}/compile`
fi
if [ "$MAX_SPEED" = "false" ]; then
make $PKGLIST V=s CONFIG_CCACHE=1 BUILD_LOG=1
else
make -j$MAKE_JOBS $PKGLIST CONFIG_CCACHE=1
fi
else
OUT_DIR=./bin/packages/dev_x/base
mkdir -p $OUT_DIR
touch $OUT_DIR/zapret_$PKGVER-$ARCH.$PKGTYPE
touch $OUT_DIR/luci-app-zapret_$PKGVER-all.$PKGTYPE
fi
find ./bin/packages/*/base -type f ! -regex ".*\(zapret\).*\.[ai]pk$" -delete
#echo ">>>>>>> build a repository index to make the output directory usable as local OPKG source"
#ln -s `which usign` staging_dir/host/bin/usign
#echo "$SIGN_KEY" | base64 -d > key-build
#make package/index
OUTDIR=$GITHUB_WORKSPACE/$PKGTYPE-$ARCH
mkdir -p $OUTDIR
cp -R ./bin/packages/*/base/. $OUTDIR/
./staging_dir/host/bin/ccache --max-size=10M --show-stats
echo "OUTDIR=$OUTDIR" >> $GITHUB_ENV
echo "pkgver=$PKGVER" >> $GITHUB_OUTPUT
echo "status=success" >> $GITHUB_OUTPUT
- name: Compress build logs
if: always()
env:
ARCH: ${{ matrix.arch }}
BRANCH: ${{ matrix.branch }}
LOGS_DIR: '/builder/logs'
run: |
tar -cJvf logs-$BRANCH-$ARCH.tar.xz $LOGS_DIR
- name: Upload packages
if: steps.build.outcome == 'success'
uses: actions/upload-artifact@main
with:
path: ${{ env.OUTDIR }}
name: zapret,${{ env.PKGTYPE }},${{ matrix.arch }}
if-no-files-found: error
- name: Upload build logs
if: always()
uses: actions/upload-artifact@v4
with:
path: logs-*.tar.xz
name: logs-${{ matrix.branch }}-${{ matrix.arch }}
release:
needs: [ check, build ]
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
pattern: zapret,*
- name: Put packages into zip
env:
TAG: ${{ needs.check.outputs.tag }}
DATE: ${{ needs.check.outputs.date }}
BUILD_DATE: ${{ needs.check.outputs.build_date }}
PKGVER: ${{ needs.build.outputs.pkgver }}
run: |
echo "------------- DIR BEG -------------------"
ls -la
echo "------------- DIR END -------------------"
mkdir -p sorted
find . -maxdepth 1 -type d -name "zapret,ipk,*" -exec sh -c 'mkdir -p sorted/$(basename "{}" | cut -d, -f3)' \;
find . -maxdepth 1 -type d -name "zapret,apk,*" -exec sh -c 'mkdir -p sorted/$(basename "{}" | cut -d, -f3)/apk' \;
find . -maxdepth 1 -type d -name "zapret,ipk,*" -exec sh -c 'cp -R "{}/." sorted/$(basename "{}" | cut -d, -f3)' \;
find . -maxdepth 1 -type d -name "zapret,apk,*" -exec sh -c 'cp -R "{}/." sorted/$(basename "{}" | cut -d, -f3)/apk' \;
LUCI_IPK=$( find . -type f -path "*/zapret,ipk,*/luci-app-zapret*.ipk" -print | head -n 1 )
LUCI_APK=$( find . -type f -path "*/zapret,apk,*/luci-app-zapret*.apk" -print | head -n 1 )
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec cp -f "$LUCI_IPK" "{}/" \;
find ./sorted -mindepth 2 -maxdepth 2 -type d -name "apk" -exec cp -f "$LUCI_APK" "{}/" \;
mkdir -p public
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec sh -c '7z a ./public/zapret_v${PKGVER}_$(basename "{}" | cut -d, -f3).zip {}/*' \;
ls -lh ./public/*.zip
- name: Upload assets
uses: softprops/action-gh-release@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ needs.check.outputs.tag }}
with:
draft: ${{ env.TEST_BUILD == 'true' || env.FAKE_BUILD == 'true' }}
prerelease: true
tag_name: v${{ needs.build.outputs.pkgver }}${{ env.TAG_SUFFIX }}
name: zapret v${{ needs.build.outputs.pkgver }}
body: |
zapret v${{ needs.build.outputs.pkgver }} for OpenWrt
files: ./public/*.zip

140
.github/workflows/releases.yml vendored Normal file
View File

@@ -0,0 +1,140 @@
name: Update releases.json
on:
workflow_run:
workflows: ["build"]
types: [completed]
release:
types: [published, created, edited]
permissions:
contents: write
jobs:
update-json:
if: |
github.event_name != 'workflow_run' ||
github.event.workflow_run.conclusion == 'success'
runs-on: ubuntu-latest
steps:
- name: Checkout gh-pages
uses: actions/checkout@v4
with:
ref: gh-pages
continue-on-error: true
- name: Save FULL releases.json
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
run: |
curl -s \
-H "Authorization: Bearer $GH_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/$OWNER/$REPO/releases \
> releases.json
- name: Generate releases_BRANCH.json
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
run: |
curl -s \
-H "Authorization: Bearer $GH_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/$OWNER/$REPO/releases \
| jq '
def normalize_release:
{
id: .id,
version: (.tag_name | sub("^v"; "")),
tag: .tag_name,
name: .name,
draft: .draft,
prerelease: .prerelease,
created_at: .created_at,
published_at: .published_at,
url: .html_url,
assets: (
.assets | map({
id: .id,
name: .name,
size: .size,
content_type: .content_type,
browser_download_url: .browser_download_url
})
)
};
sort_by(.created_at) | reverse
| {
zap1: (
map(select(.draft == false))
| map(select(.name | startswith("zapret ")))
| .[0:20]
| {
generated_at: (now | todate),
releases: map(normalize_release)
}
),
zap2: (
map(select(.draft == false))
| map(select(.name | startswith("zapret2 ")))
| .[0:20]
| {
generated_at: (now | todate),
releases: map(normalize_release)
}
)
}
' \
| tee \
>(jq '.zap1' > releases_zap1.json) \
>(jq '.zap2' > releases_zap2.json)
- name: Generate releases_BRANCH_ARCH.json
run: |
BRANCHES=("zap1" "zap2")
for ARCH in $(jq -r '.[] | .assets[].name | capture("^[^_]+_[^_]+_(?<arch>.+)\\.zip$").arch' releases.json | sort -u); do
for BRANCH in "${BRANCHES[@]}"; do
if [ "$BRANCH" == "zap1" ]; then
PREFIX="zapret "
else
PREFIX="zapret2 "
fi
jq --arg prefix "$PREFIX" --arg arch "$ARCH" '
sort_by(.created_at) | reverse
| map(select(.draft == false))
| map(select(.name | startswith($prefix)))
| .[0:20]
| map(
. as $release
| {
tag: $release.tag_name,
name: $release.name,
prerelease: $release.prerelease,
created_at: $release.created_at,
updated_at: $release.updated_at,
published_at: $release.published_at,
url: $release.html_url,
assets: ($release.assets | map(select(.name | test("_\($arch)\\.zip$"))))
}
)
| { generated_at: (now | todate), releases: . }
' releases.json > "releases_${BRANCH}_${ARCH}.json"
done
done
- name: Commit and push ALL releases.json
run: |
mkdir -p releases
mv releases*.json releases/
git config user.name "github-actions"
git config user.email "github-actions@github.com"
git checkout -B gh-pages
git add releases/*
git commit -m "Update releases" || exit 0
git push origin gh-pages

21
README.md Normal file
View File

@@ -0,0 +1,21 @@
[![GitHub Release](https://img.shields.io/github/release/remittor/zapret-openwrt)](https://github.com/remittor/zapret-openwrt/releases)
[![Github All Releases](https://img.shields.io/github/downloads/remittor/zapret-openwrt/total.svg)](https://github.com/remittor/zapret-openwrt/releases)
[![Github Latest Release](https://img.shields.io/github/downloads/remittor/zapret-openwrt/latest/total.svg)](https://github.com/remittor/zapret-openwrt/releases)
[![ViewCount](https://views.whatilearened.today/views/github/remittor/zapret-openwrt.svg)](https://github.com/remittor/zapret-openwrt)
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fremittor%2Fzapret-openwrt&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false)](https://github.com/remittor/zapret-openwrt/releases)
[![Donations Page](https://github.com/andry81-cache/gh-content-static-cache/raw/master/common/badges/donate/donate.svg)](https://github.com/remittor/donate)
# zapret-openwrt
Zapret is not a VPN! Zapret is an Anti-DPI utility!
[Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki/Installing-zapretopenwrt-package)
[Download page](https://github.com/remittor/zapret-openwrt/releases)
## Screenshots
![image](https://github.com/user-attachments/assets/b79940b3-6a0d-4310-bd58-e461be004397)
## Donations
[![Donations Page](https://github.com/andry81-cache/gh-content-static-cache/raw/master/common/badges/donate/donate.svg)](https://github.com/remittor/donate)

19
luci-app-zapret/Makefile
View File

@@ -5,15 +5,28 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-zapret
PKG_RELEASE:=20241012
PKG_VERSION:=64-$(PKG_RELEASE)
PKG_VERSION:=72.20251225
PKG_RELEASE:=2
PKG_LICENSE:=MIT
PKG_MAINTAINER:=remittor <https://github.com/remittor>
LUCI_TITLE:=LuCI support for zapret
LUCI_DEPENDS:=+zapret
LUCI_PKGARCH:=all
#include ../../luci.mk
define Package/$(PKG_NAME)/postinst
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
rm -f /tmp/luci-index*
rm -rf /tmp/luci-modulecache/
#killall -HUP rpcd 2>/dev/null
/etc/init.d/rpcd reload
[ -f "/sbin/luci-reload" ] && /sbin/luci-reload
[ -f "/etc/init.d/uhttpd" ] && /etc/init.d/uhttpd reload
fi
exit 0
endef
include $(TOPDIR)/feeds/luci/luci.mk
# call BuildPackage - OpenWrt buildroot signature

200
luci-app-zapret/htdocs/luci-static/resources/view/zapret/dmnlog.js Normal file
View File

@@ -0,0 +1,200 @@
'use strict';
'require view';
'require fs';
'require form';
'require poll';
'require uci';
'require ui';
'require view.zapret.tools as tools';
return view.extend({
retrieveLog: async function() {
return Promise.all([
L.resolveDefault(fs.stat('/bin/cat'), null),
fs.exec('/usr/bin/find', [ '/tmp', '-maxdepth', '1', '-type', 'f', '-name', 'zapret+*.log' ]),
uci.load(tools.appName),
]).then(function(status_array) {
var filereader = status_array[0] ? status_array[0].path : null;
var log_data = status_array[1]; // stdout: multiline text
if (log_data.code != 0) {
ui.addNotification(null, E('p', _('Unable to get log files') + '(code = ' + log_data.code + ') : retrieveLog()'));
return null;
}
var reason = '';
var uci_cfg = uci.get(tools.appName, 'config');
if (uci_cfg !== null && typeof(uci_cfg) === 'object') {
let flag = uci_cfg.DAEMON_LOG_ENABLE;
if (flag != '1') {
reason = ' (Reason: option DAEMON_LOG_ENABLE = ' + flag + ')';
}
}
if (typeof(log_data.stdout) !== 'string') {
return 'Log files not found.' + reason;
}
var log_list = log_data.stdout.trim().split('\n');
if (log_list.length <= 0) {
return 'Log files not found!' + reason;
}
for (let i = 0; i < log_list.length; i++) {
let logfn = log_list[i].trim();
if (logfn.startsWith('/tmp/') && logfn.endsWith('+main.log')) {
log_list.splice(i, 1);
log_list.unshift(logfn);
break;
}
}
var tasks = [ ];
var logdata = [ ];
for (let i = 0; i < log_list.length; i++) {
let logfn = log_list[i].trim();
if (logfn.startsWith('/tmp/')) {
//console.log('LOG: ' + logfn);
logdata.push( { filename: logfn, data: null, rows: 0 } );
tasks.push( fs.read_direct(logfn) );
}
}
return Promise.all(tasks).then(function(log_array) {
for (let i = 0; i < log_array.length; i++) {
if (log_array[i]) {
logdata[i].data = log_array[i];
logdata[i].rows = tools.getLineCount(log_array[i]) + 1;
}
}
return logdata;
}).catch(function(e) {
ui.addNotification(null, E('p', _('Unable to execute or read contents')
+ ': %s [ %s | %s | %s ]'.format(
e.message, 'retrieveLogData', 'uci.zapret'
)));
return null;
});
}).catch(function(e) {
const [, lineno, colno] = e.stack.match(/(\d+):(\d+)/);
ui.addNotification(null, E('p', _('Unable to execute or read contents')
+ ': %s [ lineno: %s | %s | %s | %s ]'.format(
e.message, lineno, 'retrieveLog', 'uci.zapret'
)));
return null;
});
},
pollLog: async function() {
let logdate_len = -2;
let logdata;
for (let txt_id = 0; txt_id < 10; txt_id++) {
let elem = document.getElementById('dmnlog_' + txt_id);
if (!elem)
break;
if (logdate_len == -2) {
logdata = await this.retrieveLog();
logdate_len = (Array.isArray(logdata)) ? logdata.length : -1;
}
let elem_name = elem.getAttribute("name");
let founded = false;
if (logdate_len > 0) {
for (let log_num = 0; log_num < logdate_len; log_num++) {
if (logdata[log_num].filename == elem_name) {
if (logdata[log_num].data) {
elem.value = logdata[log_num].data;
elem.rows = logdata[log_num].rows;
founded = true;
//console.log('POLL: updated ' + elem_name);
}
break;
}
}
}
if (!founded) {
elem.value = '';
elem.rows = 0;
}
}
},
load: async function() {
poll.add(this.pollLog.bind(this));
return await this.retrieveLog();
},
render: function(logdata) {
if (!logdata) {
return;
}
if (typeof(logdata) === 'string') {
return E('div', {}, [
E('p', {'class': 'cbi-title-field'}, [ logdata ]),
]);
}
if (!Array.isArray(logdata)) {
ui.addNotification(null, E('p', _('Unable to get log files') + ' : render()'));
return;
}
var h2 = E('div', {'class' : 'cbi-title-section'}, [
E('h2', {'class': 'cbi-title-field'}, [ _('Zapret') + ' - ' + _('Log Viewer') ]),
]);
var tabs = E('div', {}, E('div'));
for (let log_num = 0; log_num < logdata.length; log_num++) {
//console.log('REN: ' + logdata[log_num].filename + ' : ' + logdata[log_num].data.length);
var logfn = logdata[log_num].filename;
let filename = logfn.replace(/.*\//, '');
let fname = filename.split('.')[0];
fname = fname.replace(/^(zapret\+)/, '');
let fn = fname.split('+');
let tabNameText = fname.replace(/\+/g, ' ');
let tabname = 'tablog_' + log_num;
var scrollDownButton = null;
var scrollUpButton = null;
scrollDownButton = E('button', {
'id': 'scrollDownButton_' + log_num,
'class': 'cbi-button cbi-button-neutral'
}, _('Scroll to tail', 'scroll to bottom (the tail) of the log file')
);
scrollDownButton.addEventListener('click', function() {
scrollUpButton.focus();
});
scrollUpButton = E('button', {
'id' : 'scrollUpButton_' + log_num,
'class': 'cbi-button cbi-button-neutral'
}, _('Scroll to head', 'scroll to top (the head) of the log file')
);
scrollUpButton.addEventListener('click', function() {
scrollDownButton.focus();
});
let log_id = 'dmnlog_' + log_num;
let log_name = logdata[log_num].filename;
let log_text = (logdata[log_num].data) ? logdata[log_num].data : '';
let tab = E('div', { 'data-tab': tabname, 'data-tab-title': tabNameText }, [
E('div', { 'id': 'content_dmnlog_' + log_num }, [
E('div', {'style': 'margin-bottom: 20px; '}, [ scrollDownButton ]),
E('textarea', {
'id': log_id,
'name': log_name,
'style': 'font-size:12px; width: 100%; max-height: 50vh;',
'readonly': 'readonly',
'wrap': 'off',
'rows': logdata[log_num].rows,
}, [ log_text ]),
E('div', {'style': 'margin-top: 20px'}, [ scrollUpButton ]),
]),
]);
tabs.firstElementChild.appendChild(tab);
}
ui.tabs.initTabGroup(tabs.firstElementChild.childNodes);
//this.pollFn = L.bind(this.handleScanRefresh, this);
//poll.add(this.pollFn);
return E('div', { }, [ h2, tabs ]);
},
handleSaveApply: null,
handleSave: null,
handleReset: null
});

402
luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js
View File

@@ -5,6 +5,7 @@
'require ui';
'require view';
'require view.zapret.tools as tools';
'require view.zapret.updater as updater';
const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action';
@@ -14,111 +15,118 @@ const btn_style_warning = 'btn cbi-button-negative';
const btn_style_success = 'btn cbi-button-success important';
return view.extend({
disableButtons: function(flag, btn, elems = [ ]) {
let btn_start = elems[1] || document.getElementById("btn_start");
//let btn_destroy = elems[4] || document.getElementById("btn_destroy");
let btn_enable = elems[2] || document.getElementById("btn_enable");
let btn_update = elems[3] || document.getElementById("btn_update");
btn_start.disabled = flag;
btn_update.disabled = true; // TODO
//btn_destroy.disabled = flag;
if (btn === btn_update) {
btn_enable.disabled = false;
} else {
btn_enable.disabled = flag;
get_svc_buttons: function(elems = { }) {
return {
enable : elems.btn_enable || document.getElementById('btn_enable'),
disable : elems.btn_disable || document.getElementById('btn_disable'),
start : elems.btn_start || document.getElementById('btn_start'),
restart : elems.btn_restart || document.getElementById('btn_restart'),
stop : elems.btn_stop || document.getElementById('btn_stop'),
reset : elems.btn_reset || document.getElementById('btn_reset'),
update : elems.btn_update || document.getElementById('btn_update'),
};
},
disableButtons: function(flag, button, elems = { }) {
let error_code = 0;
if (Number.isInteger(button) && button < 0) {
error_code = button;
}
let btn = this.get_svc_buttons(elems);
btn.enable.disabled = flag;
btn.disable.disabled = flag;
btn.start.disabled = flag;
btn.restart.disabled = flag;
btn.stop.disabled = flag;
btn.reset.disabled = (error_code == 0) ? flag : false;
btn.update.disabled = (error_code == 0) ? flag : false;
},
getAppStatus: function() {
return Promise.all([
{ code: -1 }, //fs.exec(tools.execPath, [ 'raw-status' ]),
{ code: -1 }, //fs.exec(tools.execPath, [ 'vpn-route-status' ]),
tools.getInitStatus(tools.appName),
//L.resolveDefault(fs.read(tools.tokenFile), 0),
uci.load(tools.appName),
tools.getInitState(tools.appName), // svc_boot
fs.exec(tools.execPath, [ 'enabled' ]), // svc_en
tools.getSvcInfo(), // svc_info
fs.exec('/bin/busybox', [ 'ps' ]), // process list
fs.exec(tools.packager.path, tools.packager.args), // installed packages
tools.getStratList(), // nfqws strategy list
fs.exec('/bin/cat', [ '/etc/openwrt_release' ]), // CPU arch
uci.load(tools.appName), // config
]).catch(e => {
ui.addNotification(null, E('p', _('Unable to execute or read contents')
+ ': %s [ %s | %s | %s ]'.format(
e.message, tools.execPath, 'tools.getInitStatus', 'uci.zapret'
e.message, tools.execPath, 'tools.getInitState', 'uci.zapret'
)));
});
},
setAppStatus: function(status_array, elems = [ ], force_app_code = 0) {
let section = uci.get(tools.appName, 'config');
if (!status_array || section == null || typeof(section) !== 'object') {
(elems[0] || document.getElementById("status")).innerHTML = tools.makeStatusString(1);
setAppStatus: function(status_array, elems = { }, force_app_status = 0) {
let cfg = uci.get(tools.appName, 'config');
if (!status_array || cfg == null || typeof(cfg) !== 'object') {
let elem_status = elems.status || document.getElementById("status");
elem_status.innerHTML = tools.makeStatusString(null, '', '');
ui.addNotification(null, E('p', _('Unable to read the contents') + ': setAppStatus()'));
this.disableButtons(true, null, elems);
this.disableButtons(true, -1, elems);
return;
}
let app_status_code = (force_app_code) ? force_app_code : status_array[0].code;
let vpn_route_status_code = status_array[1].code;
let enabled_flag = status_array[2];
let z_fwtype = section.FWTYPE;
let z_mode = section.MODE;
let bllist_preset = 'user_only';
let btn_enable = elems[2] || document.getElementById('btn_enable');
/*
if (enabled_flag == true) {
btn_enable.onclick = ui.createHandlerFn(this, this.serviceAction, 'disable', 'btn_enable');
btn_enable.textContent = _('Enabled');
btn_enable.className = btn_style_positive;
let svc_boot = status_array[0] ? true : false;
let svc_en = status_array[1]; // stdout: empty or error text
let svc_info = status_array[2]; // stdout: JSON as text
let proc_list = status_array[3]; // stdout: multiline text
let pkg_list = status_array[4]; // stdout: installed packages
let stratlist = status_array[5]; // array of strat names
let sys_info = status_array[6]; // stdout: openwrt distrib info
this.nfqws_strat_list = stratlist;
this.pkg_arch = tools.getConfigPar(sys_info.stdout, 'DISTRIB_ARCH', 'unknown');
//console.log('svc_en: ' + svc_en.code);
svc_en = (svc_en.code == 0) ? true : false;
if (typeof(svc_info) !== 'object') {
ui.addNotification(null, E('p', _('Unable to read the service info') + ': setAppStatus()'));
this.disableButtons(true, -1, elems);
return;
}
if (proc_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to read process list') + ': setAppStatus()'));
this.disableButtons(true, -1, elems);
return;
}
if (pkg_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
this.disableButtons(true, -1, elems);
return;
}
let svcinfo;
if (force_app_status) {
svcinfo = force_app_status;
} else {
btn_enable.onclick = ui.createHandlerFn(this, this.serviceAction, 'enable', 'btn_enable');
btn_enable.textContent = _('Disabled');
btn_enable.className = btn_style_negative;
svcinfo = tools.decode_svc_info(svc_en, svc_info, proc_list, cfg);
}
*/
let btn_start = elems[1] || document.getElementById('btn_start');
let btn_update = elems[3] || document.getElementById('btn_update');
//let btn_destroy = elems[4] || document.getElementById('btn_destroy');
let btn = this.get_svc_buttons(elems);
btn.reset.disabled = false;
btn.update.disabled = false;
let btnStartStateOn = () => {
//btn_start.onclick = ui.createHandlerFn(this, this.appAction, 'stop', 'btn_start');
//btn_start.textContent = _('Enabled');
//btn_start.className = btn_style_positive;
};
let btnStartStateOff = () => {
//btn_start.onclick = ui.createHandlerFn(this, this.appAction, 'start', 'btn_start');
//btn_start.textContent = _('Disabled');
//btn_start.className = btn_style_negative;
};
if (app_status_code == -1) {
this.disableButtons(false, null, elems);
btnStartStateOn();
}
else if (app_status_code == 0) {
this.disableButtons(false, null, elems);
btnStartStateOn();
//btn_destroy.disabled = false;
btn_update.disabled = false;
}
else if (app_status_code == 2) {
this.disableButtons(false, null, elems);
btnStartStateOff();
btn_update.disabled = true;
}
else if (app_status_code == 3) {
btnStartStateOff();
this.disableButtons(true, btn_start, elems);
}
else if (app_status_code == 4) {
btnStartStateOn();
this.disableButtons(true, btn_update, elems);
}
else {
if (Number.isInteger(svcinfo)) {
ui.addNotification(null, E('p', _('Error')
+ ' %s: return code = %s'.format(tools.execPath, app_status_code)));
this.disableButtons(true, null, elems);
+ ' %s: return code = %s'.format('decode_svc_info', svcinfo + ' ')));
this.disableButtons(true, -1, elems);
} else {
btn.enable.disabled = (svc_en) ? true : false;
btn.disable.disabled = (svc_en) ? false : true;
if (!svcinfo.dmn.inited) {
btn.start.disabled = false;
btn.restart.disabled = true;
btn.stop.disabled = true;
} else {
btn.start.disabled = true;
btn.restart.disabled = false;
btn.stop.disabled = false;
}
}
(elems[0] || document.getElementById("status")).innerHTML = tools.makeStatusString(app_status_code, z_fwtype, bllist_preset);
let elem_status = elems.status || document.getElementById("status");
elem_status.innerHTML = tools.makeStatusString(svcinfo, this.pkg_arch, '');
if (!poll.active()) {
poll.start();
@@ -130,31 +138,67 @@ return view.extend({
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
poll.stop();
let _this = this;
return fs.exec('/opt/zapret/sync_config.sh')
return tools.handleServiceAction(tools.appName, action)
.then(() => {
return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
}
);
})
.catch(e => {
ui.addNotification(null, E('p', _('Unable to run service action.') + ' Error: ' + e.message));
});
},
serviceActionEx: function(action, button, args = [ ], hide_modal = false) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
poll.stop();
let _this = this;
let exec_cmd = null;
let exec_arg = [ ];
let errmsg = 'ERROR:';
if (action == 'start' || action == 'restart') {
exec_cmd = tools.syncCfgPath;
errmsg = _('Unable to run sync_config.sh script.');
}
else if (action == 'reset') {
exec_cmd = tools.defaultCfgPath;
exec_arg = args; // (reset_ipset)(sync) ==> restore all configs + sync config
errmsg = _('Unable to run restore-def-cfg.sh script.');
action = null;
} else {
ui.addNotification(null, E('p', 'ERROR: unknown action'));
return null;
}
return fs.exec(exec_cmd, exec_arg)
.then(function(res) {
if (res.code != 0) {
ui.addNotification(null, E('p', _('Unable to run sync_config.sh script.') + ' res.code = ' + res.code));
ui.addNotification(null, E('p', errmsg + ' res.code = ' + res.code));
action = null; // return with error
}
if (hide_modal) {
ui.hideModal();
}
if (!action) {
return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
}
);
}
return tools.handleServiceAction(tools.appName, action).then(() => {
return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
}
);
});
return _this.serviceAction(action, null);
})
.catch(e => {
ui.addNotification(null, E('p', _('Unable to run sync_config.sh script.') + ' Error: ' + e.message));
ui.addNotification(null, E('p', errmsg + ' Error: ' + e.message));
});
},
@@ -163,17 +207,7 @@ return view.extend({
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
poll.stop();
if (action === 'update') {
this.getAppStatus().then(
(status_array) => {
this.setAppStatus(status_array, [], 4);
}
);
}
return fs.exec_direct(tools.execPath, [ action ]).then(res => {
return this.getAppStatus().then(
(status_array) => {
@@ -190,43 +224,103 @@ return view.extend({
);
},
dialogDestroy: function(ev) {
dialogResetCfg: function(ev) {
ev.target.blur();
let reset_base = E('label', [
E('input', { type: 'checkbox', id: 'cfg_reset_base', checked: true }),
' ', _('Restore all base settings')
]);
let reset_ipset = E('label', [
E('input', { type: 'checkbox', id: 'cfg_reset_ipset', checked: true }),
' ', _('Restore ipset configs')
]);
let set_autohostlist = E('label', [
E('input', { type: 'checkbox', id: 'cfg_autohostlist', checked: true }),
' ', _('Set AutoHostList mode')
]);
let strat_list = [ ];
strat_list.push( E('option', { value: 'strat__skip__' }, [ '-' ] ) );
for (let id = 0; id < this.nfqws_strat_list.length; id++) {
let strat = '' + this.nfqws_strat_list[id];
strat_list.push( E('option', { value: 'strat_' + id }, [ strat ] ) );
}
let nfqws_strat = E('label', [
_('NFQWS_OPT strategy: '),
E('select', { id: 'cfg_nfqws_strat' }, strat_list)
]);
let cancel_button = E('button', {
'class': btn_style_neutral,
'click': ui.hideModal,
}, _('Cancel'));
let shutdown_btn = E('button', {
'class': btn_style_warning,
}, _('Shutdown'));
shutdown_btn.onclick = ui.createHandlerFn(this, () => {
cancel_button.disabled = true;
return this.appAction('destroy');
let resetcfg_btn = E('button', {
'class': btn_style_action,
}, _('Reset settings'));
resetcfg_btn.onclick = ui.createHandlerFn(this, () => {
//cancel_button.disabled = true;
let opt_flags = '';
if (document.getElementById('cfg_reset_base').checked == false) {
opt_flags += '(skip_base)';
};
if (document.getElementById('cfg_reset_ipset').checked) {
opt_flags += '(reset_ipset)';
};
if (document.getElementById('cfg_autohostlist').checked) {
opt_flags += '(set_mode_autohostlist)';
};
//console.log('RESET: opt_flags = ' + opt_flags);
let sel_strat = document.getElementById('cfg_nfqws_strat');
let opt_strat = sel_strat.options[sel_strat.selectedIndex].text;
//console.log('RESET: strat = ' + opt_strat);
opt_flags += '(sync)';
let args = [ opt_flags, opt_strat ];
return this.serviceActionEx('reset', resetcfg_btn, args, true);
});
ui.showModal(_('Shutdown'), [
ui.showModal(_('Reset settings to default'), [
E('div', { 'class': 'cbi-section' }, [
E('p', _('The service will be disabled. Continue?')),
reset_base,
E('br'), E('br'),
reset_ipset,
E('br'), E('br'),
set_autohostlist,
E('br'), E('br'),
nfqws_strat,
E('br'), E('br')
]),
E('div', { 'class': 'right' }, [
shutdown_btn,
' ',
cancel_button,
' ',
resetcfg_btn,
])
]);
},
load: function() {
return this.getAppStatus();
var _this = this;
return Promise.all([
L.resolveDefault(fs.stat('/bin/cat'), null),
]).then(function(data) {
return _this.getAppStatus();
});
},
render: function(status_array) {
if (!status_array) {
return;
}
let cfg = uci.get(tools.appName, 'config');
let section = uci.get(tools.appName, 'config');
let pkg_list = status_array[4];
if (pkg_list === undefined || typeof(pkg_list) !== 'object' || pkg_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
return;
}
let status_string = E('div', {
'id' : 'status',
@@ -236,15 +330,15 @@ return view.extend({
let layout = E('div', { 'class': 'cbi-section-node' });
function layout_append(title, descr, elem) {
function layout_append(title, descr, elems) {
descr = (descr) ? E('div', { 'class': 'cbi-value-description' }, descr) : '';
let elist;
if (elem instanceof E) {
elist = [ elem ];
} else {
elist = elem;
let elist = elems;
let elem_list = [ ];
for (let i = 0; i < elist.length; i++) {
elem_list.push(elist[i]);
elem_list.push(' ');
}
let vlist = [ E('div', {}, elist ) ];
let vlist = [ E('div', {}, elem_list ) ];
for (let i = 0; i < elist.length; i++) {
let input = E('input', {
'id' : elist[i].id + '_hidden',
@@ -252,9 +346,10 @@ return view.extend({
});
vlist.push(input);
}
let elem_name = (elist.length == 1) ? elist[0].id + '_hidden' : null;
layout.append(
E('div', { 'class': 'cbi-value' }, [
E('label', { 'class': 'cbi-value-title', 'for': elem.id + '_hidden' || null }, title),
E('label', { 'class': 'cbi-value-title', 'for': elem_name }, title),
E('div', { 'class': 'cbi-value-field' }, vlist),
])
);
@@ -272,35 +367,61 @@ return view.extend({
btn_enable.onclick = ui.createHandlerFn(this, this.serviceAction, 'enable', 'btn_enable');
let btn_disable = create_btn('btn_disable', btn_style_warning, _('Disable'));
btn_disable.onclick = ui.createHandlerFn(this, this.serviceAction, 'disable', 'btn_disable');
layout_append(_('Service Status'), null, [ btn_enable, btn_disable ] );
layout_append(_('Service autorun control'), null, [ btn_enable, btn_disable ] );
let btn_start = create_btn('btn_start', btn_style_action, _('Start'));
btn_start.onclick = ui.createHandlerFn(this, this.serviceAction, 'start', 'btn_start');
btn_start.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'start', 'btn_start');
let btn_restart = create_btn('btn_restart', btn_style_action, _('Restart'));
btn_restart.onclick = ui.createHandlerFn(this, this.serviceAction, 'restart', 'btn_restart');
btn_restart.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'restart', 'btn_restart');
let btn_stop = create_btn('btn_stop', btn_style_warning, _('Stop'));
btn_stop.onclick = ui.createHandlerFn(this, this.serviceAction, 'stop', 'btn_stop');
layout_append(_('Service Control'), null, [ btn_start, btn_restart, btn_stop ] );
layout_append(_('Service daemons control'), null, [ btn_start, btn_restart, btn_stop ] );
let btn_reset = create_btn('btn_reset', btn_style_action, _('Reset settings'));
btn_reset.onclick = L.bind(this.dialogResetCfg, this);
layout_append(_('Reset settings to default'), null, [ btn_reset ] );
let btn_update = create_btn('btn_update', btn_style_action, _('Update'));
btn_update.onclick = ui.createHandlerFn(this, () => { this.appAction('update', 'btn_update') });
layout_append(_('Update blacklist'), null, btn_update);
let btn_destroy = create_btn('btn_destroy', btn_style_negative, _('Shutdown'));
btn_destroy.onclick = L.bind(this.dialogDestroy, this);
//layout_append(_('Shutdown'), _('Complete service shutdown'), btn_destroy);
btn_update.onclick = ui.createHandlerFn(this, () => { updater.openUpdateDialog(this.pkg_arch) });
layout_append(_('Update package'), null, [ btn_update ] );
//let elems = [ status_string, btn_start, btn_enable, btn_update, btn_destroy ];
let elems = [ status_string, btn_start, btn_enable, btn_update ];
let elems = {
"status": status_string,
"btn_enable": btn_enable,
"btn_disable": btn_disable,
"btn_start": btn_start,
"btn_restart": btn_restart,
"btn_stop": btn_stop,
"btn_reset": btn_reset,
"btn_update": btn_update,
};
this.setAppStatus(status_array, elems);
poll.add(L.bind(this.statusPoll, this));
let page_title = _('Zapret');
let pkgdict = tools.decode_pkg_list(pkg_list.stdout, false);
page_title += ' &nbsp ';
if (pkgdict['zapret'] === undefined || pkgdict['zapret'] == '') {
page_title += 'unknown version';
} else {
page_title += 'v' + pkgdict['zapret'];
}
let aux1 = E('em');
let aux2 = E('em');
if (pkgdict['zapret'] != pkgdict['luci-app-zapret']) {
let errtxt = 'LuCI APP v' + pkgdict['luci-app-zapret'] + ' [ incorrect version! ]';
aux1 = E('div', { 'class': 'label-status error' }, errtxt);
aux2 = E('div', { }, '&nbsp');
}
let url1 = 'https://github.com/bol-van/zapret';
let url2 = 'https://github.com/remittor/zapret-openwrt';
return E([
E('h2', { 'class': 'fade-in' }, _('Zapret')),
E('h2', { 'class': 'fade-in' }, page_title),
aux1,
aux2,
E('div', { 'class': 'cbi-section-descr fade-in' },
E('a', { 'href': url1, 'target': '_blank' }, url1),
),
@@ -309,7 +430,6 @@ return view.extend({
),
E('div', { 'class': 'cbi-section fade-in' }, [
status_string,
E('hr'),
]),
E('div', { 'class': 'cbi-section fade-in' },
layout

369
luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js
View File

@@ -60,143 +60,346 @@ return view.extend({
s.tab(tabname, _('Main settings'));
o = s.taboption(tabname, form.ListValue, 'FWTYPE', _('FWTYPE'));
o.value('nftables', 'NFTables');
//o.value('iptables', 'IPTables');
o.value('nftables', 'nftables');
//o.value('iptables', 'iptables');
//o.value('ipfw', 'ipfw');
o = s.taboption(tabname, form.ListValue, 'MODE', _('MODE'));
o.value('nfqws', 'nfqws');
//o.value('tpws', 'tpws');
o = s.taboption(tabname, form.Flag, 'POSTNAT', _('POSTNAT'));
o.rmempty = false;
o.default = 1;
o = s.taboption(tabname, form.ListValue, 'FLOWOFFLOAD', _('FLOWOFFLOAD'));
o.value('donttouch', 'donttouch');
o.value('none', 'none');
o.value('software', 'software');
o.value('hardware', 'hardware');
o = s.taboption(tabname, form.ListValue, 'INIT_APPLY_FW', _('INIT_APPLY_FW'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.Flag, 'INIT_APPLY_FW', _('INIT_APPLY_FW'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.ListValue, 'DISABLE_IPV4', _('DISABLE_IPV4'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.Flag, 'DISABLE_IPV4', _('DISABLE_IPV4'));
o.rmempty = false;
o.default = 1;
o = s.taboption(tabname, form.ListValue, 'DISABLE_IPV6', _('DISABLE_IPV6'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.Flag, 'DISABLE_IPV6', _('DISABLE_IPV6'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.ListValue, 'MODE_FILTER', _('MODE_FILTER'));
o = s.taboption(tabname, form.Flag, 'FILTER_TTL_EXPIRED_ICMP', 'FILTER_TTL_EXPIRED_ICMP');
o.rmempty = false;
o.default = 1;
//o = s.taboption(tabname, form.ListValue, 'MODE_FILTER', _('MODE_FILTER'));
//o.value('none', 'none');
//o.value('ipset', 'ipset');
o.value('hostlist', 'hostlist');
o.value('autohostlist', 'autohostlist');
//o.value('hostlist', 'hostlist');
//o.value('autohostlist', 'autohostlist');
o = s.taboption(tabname, form.ListValue, 'MODE_HTTP', _('MODE_HTTP'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.Value, 'WS_USER', _('WS_USER'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.ListValue, 'MODE_HTTP_KEEPALIVE', _('MODE_HTTP_KEEPALIVE'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.ListValue, 'MODE_HTTPS', _('MODE_HTTPS'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.ListValue, 'MODE_QUIC', _('MODE_QUIC'));
o.value('0', 'False');
o.value('1', 'True');
o = s.taboption(tabname, form.Flag, 'DAEMON_LOG_ENABLE', _('DAEMON_LOG_ENABLE'));
o.rmempty = false;
o.default = 0;
/* NFQWS_OPT_DESYNC tab */
tabname = 'nfqws_params';
s.tab(tabname, _('NFQWS options'));
let add_delim = function(sec) {
let add_delim = function(sec, url = null) {
let o = sec.taboption(tabname, form.DummyValue, '_hr');
o.rawhtml = true;
o.default = '<hr style="width: 620px; height: 1px; margin: 1px 0 1px; border-top: 1px solid;">';
if (url) {
o.default += '<br/>' + _('Help') + ': <a target=_blank href=%s>%s</a>'.format(url);
}
};
let add_param = function(sec, param, locname = null, rows = 10) {
let add_param = function(sec, param, locname = null, rows = 10, multiline = false) {
if (!locname)
locname = param;
let btn = sec.taboption(tabname, form.Button, '_' + param + '_btn', locname);
btn.inputtitle = _('Edit');
btn.inputstyle = 'edit btn';
let val = sec.taboption(tabname, form.DummyValue, '_' + param);
val.rawhtml = false;
val.rawhtml = multiline ? true : false;
val.cfgvalue = function(section_id) {
let name = uci.get(tools.appName, section_id, param);
if (name == null || name == "")
name = "";
return name;
let value = uci.get(tools.appName, section_id, param);
if (value == null) {
return "";
}
value = value.trim();
if (multiline == 2) {
value = value.replace(/\n --/g, "\n--");
value = value.replace(/\n --/g, "\n--");
value = value.replace(/ --/g, "\n--");
}
if (val.rawhtml) {
value = value.replace(/</g, '˂');
value = value.replace(/>/g, '˃');
value = value.replace(/\n/g, '<br/>');
}
return value;
};
val.validate = function(section_id, value) {
if (!value)
return "";
return value.trim();
return (value) ? value.trim() : "";
};
btn.onclick = () => new tools.longstrEditDialog('config', param, param, locname, rows).show();
let desc = locname;
if (multiline == 2) {
desc += '<br/>' + _('Example') + ': <a target=_blank href=%s>%s</a>'.format(tools.nfqws_opt_url);
}
btn.onclick = () => new tools.longstrEditDialog('config', param, param, desc, rows, multiline).show();
};
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP6');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTP6_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS6');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_HTTPS6_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC_SUFFIX');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC6');
add_delim(s);
add_param(s, 'NFQWS_OPT_DESYNC_QUIC6_SUFFIX');
o = s.taboption(tabname, form.Flag, 'NFQWS_ENABLE', _('NFQWS_ENABLE'));
o.rmempty = false;
o.default = 1;
o = s.taboption(tabname, form.Value, 'DESYNC_MARK', _('DESYNC_MARK'));
//o.description = _("nfqws option for DPI desync attack");
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'DESYNC_MARK_POSTNAT', _('DESYNC_MARK_POSTNAT'));
//o.description = _("nfqws option for DPI desync attack");
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'FILTER_MARK', _('FILTER_MARK'));
o.rmempty = false;
o.validate = function(section_id, value) { return true; };
o.write = function(section_id, value) { return form.Value.prototype.write.call(this, section_id, (value == null || value.trim() == '') ? "\t" : value.trim()); };
/* Blacklist settings */
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_TCP', _('NFQWS_PORTS_TCP'));
o.rmempty = false;
o.datatype = 'string';
tabname = 'blacklist_tab';
s.tab(tabname, _('Blacklist settings'));
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_UDP', _('NFQWS_PORTS_UDP'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Button, '_user_entries_btn', _('User hostname entries'));
o = s.taboption(tabname, form.Value, 'NFQWS_TCP_PKT_OUT', _('NFQWS_TCP_PKT_OUT'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_TCP_PKT_IN', _('NFQWS_TCP_PKT_IN'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_UDP_PKT_OUT', _('NFQWS_UDP_PKT_OUT'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_UDP_PKT_IN', _('NFQWS_UDP_PKT_IN'));
o.rmempty = false;
o.datatype = 'string';
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_TCP_KEEPALIVE', _('NFQWS_PORTS_TCP_KEEPALIVE'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Value, 'NFQWS_PORTS_UDP_KEEPALIVE', _('NFQWS_PORTS_UDP_KEEPALIVE'));
o.rmempty = false;
o.datatype = 'uinteger';
add_delim(s, tools.nfqws_opt_url);
add_param(s, 'NFQWS_OPT', null, 21, 2);
/* AutoHostList settings */
tabname = 'autohostlist_tab';
s.tab(tabname, _('AutoHostList'));
o = s.taboption(tabname, form.Flag, 'MODE_FILTER', _('Use AutoHostList mode'));
o.rmempty = false;
o.default = '0';
o.validate = function(section_id, value) { return true; };
o.load = function(section_id) {
return uci.load(tools.appName).then(L.bind(function() {
var v = uci.get(tools.appName, section_id, 'MODE_FILTER');
return (v === 'autohostlist') ? '1' : '0';
}, this));
};
o.write = function(section_id, value) {
return uci.set(tools.appName, section_id, 'MODE_FILTER', value === '1' ? 'autohostlist' : 'hostlist');
};
o = s.taboption(tabname, form.Value, 'AUTOHOSTLIST_RETRANS_THRESHOLD', _('RETRANS_THRESHOLD'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Value, 'AUTOHOSTLIST_FAIL_THRESHOLD', _('FAIL_THRESHOLD'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Value, 'AUTOHOSTLIST_FAIL_TIME', _('FAIL_TIME'));
o.rmempty = false;
o.datatype = 'uinteger';
o = s.taboption(tabname, form.Button, '_auto_host_btn', _('Auto host list entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.onclick = () => new tools.fileEditDialog(
tools.userEntriesFile,
_('User entries'),
_('One hostname per line.<br />Examples:'),
'<code>domain.net<br />sub.domain.com<br />googlevideo.com</code>',
o.description = tools.autoHostListFN;
o.onclick = () => new tools.fileEditDialog(
tools.autoHostListFN,
_('Auto host list'),
'',
'',
15
).show();
o = s.taboption(tabname, form.Button, '_ip_filter_btn', _('User IP entries'));
o = s.taboption(tabname, form.Flag, 'AUTOHOSTLIST_DEBUGLOG', _('DEBUGLOG'));
o.rmempty = false;
o.default = 0;
o = s.taboption(tabname, form.Button, '_auto_host_debug_btn', _('Auto host debug list entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.autoHostListDbgFN;
o.onclick = () => new tools.fileEditDialog(
tools.ipFilterFile,
_('IP filter'),
tools.autoHostListDbgFN,
_('Auto host debug list'),
'',
'',
15
).show();
/* HostList settings */
tabname = 'hostlist_tab';
s.tab(tabname, _('Host lists'));
o = s.taboption(tabname, form.Button, '_google_entries_btn', _('Google hostname entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.hostsGoogleFN;
o.onclick = () => new tools.fileEditDialog(
tools.hostsGoogleFN,
_('Google hostname entries'),
_('One hostname per line.<br />Examples:'),
'<code>youtube.com<br />googlevideo.com</code>',
15
).show();
o = s.taboption(tabname, form.Button, '_user_entries_btn', _('User hostname entries <HOSTLIST>'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.hostsUserFN;
o.onclick = () => new tools.fileEditDialog(
tools.hostsUserFN,
_('User entries'),
_('One hostname per line.<br />Examples:'),
'<code>domain.net<br />sub.domain.com<br />facebook.com</code>',
15
).show();
o = s.taboption(tabname, form.Button, '_user_excluded_entries_btn', _('User excluded hostname entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.hostsUserExcludeFN;
o.onclick = () => new tools.fileEditDialog(
tools.hostsUserExcludeFN,
_('User excluded entries'),
_('One hostname per line.<br />Examples:'),
'<code>domain.net<br />sub.domain.com<br />gosuslugi.ru</code>',
15
).show();
add_delim(s);
o = s.taboption(tabname, form.Button, '_ip_exclude_filter_btn', _('Excluded IP entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.iplstExcludeFN;
o.onclick = () => new tools.fileEditDialog(
tools.iplstExcludeFN,
_('Excluded IP filter'),
_('Patterns can be strings or regular expressions. Each pattern in a separate line<br />Examples:'),
'<code>128.199.0.0/16<br />34.217.90.52<br />162.13.190.77</code>',
15
).show();
o = s.taboption(tabname, form.Button, '_user_ip_filter_btn', _('User IP entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.iplstUserFN;
o.onclick = () => new tools.fileEditDialog(
tools.iplstUserFN,
_('User IP filter'),
_('Patterns can be strings or regular expressions. Each pattern in a separate line<br />Examples:'),
'<code>128.199.0.0/16<br />34.217.90.52<br />162.13.190.77</code>',
15
).show();
o = s.taboption(tabname, form.Button, '_user_excluded_ip_filter_btn', _('User excluded IP entries'));
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = tools.iplstUserExcludeFN;
o.onclick = () => new tools.fileEditDialog(
tools.iplstUserExcludeFN,
_('User excluded IP filter'),
_('Patterns can be strings or regular expressions. Each pattern in a separate line<br />Examples:'),
'<code>128.199.0.0/16<br />34.217.90.52<br />162.13.190.77</code>',
15
).show();
add_delim(s);
for (let num = 1; num <= tools.custFileMax; num++) {
let fn = tools.custFileTemplate.format(num.toString());
let name = _('Custom file #' + num);
o = s.taboption(tabname, form.Button, '_cust_file%d_btn'.format(num), name);
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = fn;
o.onclick = () => new tools.fileEditDialog(fn, name, '', '', 15).show();
}
/* custom.d files */
tabname = 'custom_d_tab';
s.tab(tabname, 'custom.d');
o = s.taboption(tabname, form.Flag, 'DISABLE_CUSTOM', _('Use custom.d scripts'));
o.rmempty = false;
o.default = '0';
o.validate = function(section_id, value) { return true; };
o.load = function(section_id) {
return uci.load(tools.appName).then(L.bind(function() {
var v = uci.get(tools.appName, section_id, 'DISABLE_CUSTOM');
return (v === '1') ? '0' : '1';
}, this));
};
o.write = function(section_id, value) {
return uci.set(tools.appName, section_id, 'DISABLE_CUSTOM', value === '1' ? '0' : '1');
};
add_delim(s);
for (let i = 0; i < tools.customdPrefixList.length; i++) {
let num = tools.customdPrefixList[i];
let fn = tools.customdFileFormat.format(num.toString());
let name = _('custom.d script #' + num);
o = s.taboption(tabname, form.Button, '_customd_file%d_btn'.format(num), name);
o.inputtitle = _('Edit');
o.inputstyle = 'edit btn';
o.description = fn;
let desc = '';
if (num == tools.discord_num) {
desc = _('Example') + ': ';
for (let k = 0; k < tools.discord_url.length; k++) {
let url = tools.discord_url[k];
if (k > 0) desc += ' <br> ';
const filename = url.substring(url.lastIndexOf("/") + 1).split("?")[0];
desc += '<a target=_blank href=' + url + '>' + filename + '</a>';
}
}
o.onclick = () => new tools.fileEditDialog(fn, name, desc, '', 15).show();
}
let map_promise = m.render();
map_promise.then(node => node.classList.add('fade-in'));
return map_promise;

419
luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js
View File

@@ -35,19 +35,58 @@ document.head.append(E('style', {'type': 'text/css'},
`));
return baseclass.extend({
packager : null,
appName : 'zapret',
execPath : '/opt/zapret/init.d/openwrt/zapret',
parsersDir : '/usr/libexec/ruantiblock',
userEntriesFile : '/opt/zapret/ipset/zapret-hosts-user.txt',
ipFilterFile : '/opt/zapret/ipset/zapret-ip-user.txt',
execPath : '/etc/init.d/zapret',
syncCfgPath : '/opt/zapret/sync_config.sh',
defCfgPath : '/opt/zapret/def-cfg.sh',
defaultCfgPath : '/opt/zapret/restore-def-cfg.sh',
hostsGoogleFN : '/opt/zapret/ipset/zapret-hosts-google.txt',
hostsUserFN : '/opt/zapret/ipset/zapret-hosts-user.txt',
hostsUserExcludeFN: '/opt/zapret/ipset/zapret-hosts-user-exclude.txt',
iplstExcludeFN : '/opt/zapret/ipset/zapret-ip-exclude.txt',
iplstUserFN : '/opt/zapret/ipset/zapret-ip-user.txt',
iplstUserExcludeFN: '/opt/zapret/ipset/zapret-ip-user-exclude.txt',
custFileMax : 4,
custFileTemplate : '/opt/zapret/ipset/cust%s.txt',
customdPrefixList : [ 10, 20, 50, 60, 90 ] ,
customdFileFormat : '/opt/zapret/init.d/openwrt/custom.d/%s-script.sh',
discord_num : 50,
discord_url : [ 'https://github.com/bol-van/zapret/blob/4e8e3a9ed9dbeb1156db68dfaa7b353051c13797/init.d/custom.d.examples.linux/50-discord',
'https://github.com/bol-van/zapret/blob/b251ea839cc8f04c45090314ef69fce69f2c00f2/init.d/custom.d.examples.linux/50-discord-media',
'https://github.com/bol-van/zapret/blob/b251ea839cc8f04c45090314ef69fce69f2c00f2/init.d/custom.d.examples.linux/50-stun4all',
'https://github.com/bol-van/zapret/tree/master/init.d/custom.d.examples.linux'
],
nfqws_opt_url : 'https://github.com/remittor/zapret-openwrt/discussions/168',
autoHostListFN : '/opt/zapret/ipset/zapret-hosts-auto.txt',
autoHostListDbgFN : '/opt/zapret/ipset/zapret-hosts-auto-debug.log',
infoLabelRunning : '<span class="label-status running">' + _('Running') + '</span>',
infoLabelStarting : '<span class="label-status starting">' + _('Starting') + '</span>',
infoLabelRunning : '<span class="label-status running">' + _('Enabled') + '</span>',
infoLabelUpdating : '<span class="label-status updating">' + _('Updating') + '</span>',
infoLabelStopped : '<span class="label-status stopped">' + _('Disabled') + '</span>',
infoLabelError : '<span class="label-status error">' + _('Error') + '</span>',
infoLabelStopped : '<span class="label-status stopped">' + _('Stopped') + '</span>',
infoLabelDisabled : '<span class="label-status stopped">' + _('Disabled') + '</span>',
infoLabelError : '<span class="label-status error">' + _('Error') + '</span>',
callInitStatus: rpc.declare({
infoLabelUpdating : '<span class="label-status updating">' + _('Updating') + '</span>',
statusDict: {
error : { code: 0, name: _('Error') , label: this.infoLabelError },
disabled : { code: 1, name: _('Disabled') , label: this.infoLabelDisabled },
stopped : { code: 2, name: _('Stopped') , label: this.infoLabelStopped },
starting : { code: 3, name: _('Starting') , label: this.infoLabelStarting },
running : { code: 4, name: _('Running') , label: this.infoLabelRunning },
},
callServiceList: rpc.declare({
object: 'service',
method: 'list',
params: [ 'name', 'verbose' ],
expect: { '': {} }
}),
callInitState: rpc.declare({
object: 'luci',
method: 'getInitList',
params: [ 'name' ],
@@ -61,10 +100,38 @@ return baseclass.extend({
expect: { result: false }
}),
getInitStatus: function(name) {
return this.callInitStatus(name).then(res => {
init_consts: function() {
if (!this.packager) {
this.packager = { };
if (L.hasSystemFeature('apk')) {
this.packager.name = 'apk';
this.packager.path = '/usr/bin/apk';
this.packager.args = [ 'list', '-I', '*zapret*' ];
} else {
this.packager.name = 'opkg';
this.packager.path = '/bin/opkg';
this.packager.args = [ 'list-installed', '*zapret*' ];
}
//console.log('PACKAGER: ' + this.packager.name);
}
},
getSvcInfo: function(svc_name = null) {
this.init_consts();
let name = (svc_name) ? svc_name : this.appName;
let verbose = 1;
return this.callServiceList(name, verbose).then(res => {
return res;
}).catch(e => {
ui.addNotification(null, E('p', _('Failed to get %s service info: %s').format(name, e)));
});
},
getInitState: function(name) {
this.init_consts();
return this.callInitState(name).then(res => {
if (res) {
return res[name].enabled;
return res[name].enabled ? true : false;
} else {
throw _('Command failed');
}
@@ -73,6 +140,20 @@ return baseclass.extend({
});
},
getStratList: function() {
this.init_consts();
let exec_cmd = '/bin/busybox';
let exec_arg = [ 'awk', '-F', '"', '/if \\[ "\\$strat" = "/ {print $4}', this.defCfgPath ];
return fs.exec(exec_cmd, exec_arg).then(res => {
if (res.code == 0) {
return this.getWordsArray(res.stdout);
}
return [ ];
}).catch(e => {
ui.addNotification(null, E('p', _('Failed to get strat list: %s').format(e)));
});
},
handleServiceAction: function(name, action) {
return this.callInitAction(name, action).then(success => {
if (!success) {
@@ -88,72 +169,194 @@ return baseclass.extend({
return (v && typeof(v) === 'string') ? v.trim().replace(/\r?\n/g, '') : v;
},
makeStatusString: function(app_status_code, fwtype, bllist_preset) {
let app_status_label;
let spinning = '';
/*
switch(app_status_code) {
case 0:
app_status_label = this.infoLabelRunning;
break;
case 2:
app_status_label = this.infoLabelStopped;
break;
case 3:
app_status_label = this.infoLabelStarting;
spinning = ' spinning';
break;
case 4:
app_status_label = this.infoLabelUpdating;
spinning = ' spinning';
break;
default:
app_status_label = this.infoLabelError;
return `<table class="table">
<tr class="tr">
<td class="td left" style="min-width:33%%">
${_('Status')}:
</td>
<td class="td left">
${app_status_label}
</td>
</tr>
</table>`;
getWordsArray: function (text, { trim = true, removeEmpty = true } = {}) {
const rawLines = text.split(/\n/);
const processed = trim ? rawLines.map(line => line.trim()) : rawLines.slice();
return removeEmpty ? processed.filter(line => line.length > 0) : processed;
},
getConfigPar: function(txt, key, defval = null) {
const re = new RegExp(`^${key}\\s*=\\s*(['"])(.*?)\\1`, 'm');
const m = txt.match(re);
return m ? m[2] : defval;
},
decode_pkg_list: function(pkg_list, with_suffix_r1 = true) {
let pkg_dict = { };
if (!pkg_list) {
return pkg_dict;
}
*/
return `<table class="table">
let lines = pkg_list.trim().split('\n');
for (let i = 0; i < lines.length; i++) {
let line = lines[i].trim();
let name;
let ver;
let rev = -1;
if (this.packager.name == 'apk') {
let fullname = line.split(' ')[0];
let match = fullname.match(/^(.*)-r(\d+)$/);
if (match) {
fullname = match[1];
rev = parseInt(match[2], 10);
}
let mpos = fullname.lastIndexOf('-');
if (mpos <= 0)
continue; // incorrect format
name = fullname.slice(0, mpos).trim();
ver = fullname.slice(mpos + 1).trim();
} else {
if (!line.includes(' - '))
continue; // incorrect format
name = line.split(' - ')[0].trim();
ver = line.split(' - ')[1].trim();
let spos = ver.indexOf(" ");
if (spos > 0) {
ver = ver.substring(0, spos);
}
let match = ver.match(/^(.*)-r(\d+)$/);
if (match) {
ver = match[1];
rev = parseInt(match[2], 10);
}
}
if (rev >= 0) {
if (rev == 1 && !with_suffix_r1) {
// nothing
} else {
ver += '-r' + rev;
}
}
pkg_dict[name] = ver;
}
return pkg_dict;
},
get_pid_list: function(proc_list) {
let plist = [ ];
let lines = proc_list.trim().split('\n');
for (let i = 0; i < lines.length; i++) {
let line = lines[i].trim();
if (line.length > 5) {
let word_list = line.split(/\s+/);
let pid = word_list[0];
let isnum = /^\d+$/.test(pid);
if (isnum) {
plist.push(parseInt(pid));
}
}
}
return plist;
},
decode_svc_info: function(svc_autorun, svc_info, proc_list, cfg) {
let result = {
"autorun": svc_autorun,
"dmn": {
inited: false,
total: 0,
running: 0,
working: 0,
},
"status": this.statusDict.error,
};
if (proc_list.code != 0) {
return -2;
}
let plist = this.get_pid_list(proc_list.stdout);
if (plist.length < 4) {
return -3;
}
if (typeof(svc_info) !== 'object') {
return -4;
}
let jdata = svc_info;
if (typeof(jdata.zapret) == 'object') {
result.dmn.inited = true;
let dmn_list = jdata.zapret.instances;
if (typeof(dmn_list) == 'object') {
for (const [dmn_name, daemon] of Object.entries(dmn_list)) {
result.dmn.total += 1;
if (daemon.running) {
result.dmn.running += 1;
}
if (daemon.pid !== undefined && daemon.pid != null) {
if (plist.includes(daemon.pid)) {
result.dmn.working += 1;
}
}
}
}
}
//console.log('SVC_DAEMONS: ' + result.dmn.working + ' / ' + result.dmn.total);
if (result.dmn.total == 0) {
result.status = (!svc_autorun) ? this.statusDict.disabled : this.statusDict.stopped;
} else {
result.status = (result.dmn.inited) ? this.statusDict.started : this.statusDict.running;
}
return result;
},
makeStatusString: function(svcinfo, pkg_arch, bllist_preset) {
let svc_autorun = _('Unknown');
let svc_daemons = _('Unknown');
if (typeof(svcinfo) == 'object') {
svc_autorun = (svcinfo.autorun) ? _('Enabled') : _('Disabled');
if (!svcinfo.dmn.inited) {
svc_daemons = _('Stopped');
} else {
svc_daemons = (!svcinfo.dmn.working) ? _('Starting') : _('Running');
svc_daemons += ' [' + svcinfo.dmn.working + '/' + svcinfo.dmn.total + ']';
}
}
let td_name_width = 40;
let td_name_style = `style="width: ${td_name_width}%; min-width:${td_name_width}%; max-width:${td_name_width}%;"`;
let out = `
<table class="table">
<tr class="tr">
<td class="td left" style="min-width:33%%">
${_('Status')}:
<td class="td left" ${td_name_style}>
${_('CPU architecture')}:
</td>
<td class="td left%s">
%s %s
<td class="td left">
${pkg_arch}
</td>
</tr>
<tr class="tr">
<td class="td left">
${_('FW type')}:
<td class="td left" ${td_name_style}>
${_('Service autorun status')}:
</td>
<td class="td left">
%s
${svc_autorun}
</td>
</tr>
<tr class="tr">
<td class="td left">
${_('Blacklist update mode')}:
<td class="td left" ${td_name_style}>
${_('Service daemons status')}:
</td>
<td class="td left">
%s
<td class="td left %s">
${svc_daemons}
</td>
</tr>
</table>
`.format(
spinning,
app_status_label,
'',
fwtype,
_('user entries only')
);
<tr class="tr">
<td class="td left" ${td_name_style}>
</td>
<td class="td left">
</td>
</tr>
</table>`;
return out;
},
getLineCount: function(mstr) {
let count = 0;
let c = '\n'.charAt(0);
for (let i = 0; i < mstr.length; ++i) {
if (c === mstr.charAt(i)) {
++count;
}
}
return count;
},
fileEditDialog: baseclass.extend({
@@ -257,16 +460,32 @@ return baseclass.extend({
}),
longstrEditDialog: baseclass.extend({
__init__: function(cfgsec, cfgparam, title, desc, rows = 10) {
__init__: function(cfgsec, cfgparam, title, desc, rows = 10, multiline = false) {
this.cfgsec = cfgsec;
this.cfgparam = cfgparam;
this.title = title;
this.desc = desc;
this.rows = rows;
this.multiline = multiline;
},
load: function() {
return uci.get('zapret', this.cfgsec, this.cfgparam);
let value = uci.get('zapret', this.cfgsec, this.cfgparam);
if (typeof(value) === 'string') {
value = value.trim();
if (this.multiline == 2) {
value = value.replace(/\n\t/g, "\n");
value = value.replace(/\n\t/g, "\n");
value = value.replace(/\n\t/g, "\n");
value = value.replace(/\n\t/g, "\n");
value = value.replace(/\n\t/g, "\n");
value = value.replace(/\n\t/g, "\n");
value = value.replace(/\n --/g, "\n--");
value = value.replace(/\n --/g, "\n--");
value = value.replace(/ --/g, "\n--");
}
}
return value;
},
render: function(content) {
@@ -304,27 +523,41 @@ return baseclass.extend({
handleSave: function(ev) {
let txt = document.getElementById('widget.modal_content');
let value = txt.value.trim().replace(/\r\n/g, ' ').replace(/\r/g, ' ').replace(/\n/g, ' ').trim();
uci.set('zapret', this.cfgsec, this.cfgparam, value);
uci.save();
let value = txt.value.trim();
if (this.multiline) {
value = value.replace(/\r/g, '');
if (value != "" && value != "\t") {
value = '\n' + value + '\n';
if (this.multiline == 2) {
value = value.replace(/"/g, '');
value = value.replace(/'/g, '');
}
}
} else {
value = value.replace(/\r\n/g, ' ');
value = value.replace(/\r/g, ' ');
value = value.replace(/\n/g, ' ');
value = value.trim();
}
if (value == "") {
value = "\t";
}
value = value.replace(/˂/g, '<');
value = value.replace(/˃/g, '>');
let elem = document.getElementById("cbi-zapret-" + this.cfgsec + "-_" + this.cfgparam);
if (elem) {
elem.querySelector('div').textContent = value;
let val = value.trim();
if (this.multiline) {
val = val.replace(/</g, '˂');
val = val.replace(/>/g, '˃');
val = val.replace(/\n/g, '<br/>');
elem.querySelector('div').innerHTML = val;
} else {
elem.querySelector('div').textContent = val;
}
}
ui.hideModal();
/*
return uci.save()
.then(L.bind(ui.changes.init, ui.changes))
.then(L.bind(ui.changes.displayChanges, ui.changes))
//.then(L.bind(ui.changes.apply, ui.changes))
.then(ui.addNotification(null, E('p', _('Contents have been saved.')), 'info'))
.catch(e => {
ui.addNotification(null, E('p', _('Unable to save the contents') + ': %s'.format(e.message)));
}).finally(() => {
ui.hideModal();
});
*/
uci.set('zapret2', this.cfgsec, this.cfgparam, value);
uci.save().then(ui.hideModal);
},
error: function(e) {
@@ -343,13 +576,17 @@ return baseclass.extend({
},
show: function() {
//ui.showModal(null, E('p', { 'class': 'spinning' }, _('Loading')) );
let content = this.load();
//ui.hideModal();
if (content === null) {
return this.error('Cannot load parameter');
}
return this.render(content);
ui.showModal(null,
E('p', { 'class': 'spinning' }, _('Loading'))
);
L.resolveDefault(this.load(), null)
.then(content => {
ui.hideModal();
return this.render(content);
}).catch(e => {
ui.hideModal();
return this.error(e);
})
},
}),

245
luci-app-zapret/htdocs/luci-static/resources/view/zapret/updater.js Normal file
View File

@@ -0,0 +1,245 @@
'use strict';
'require baseclass';
'require fs';
'require poll';
'require uci';
'require ui';
'require view';
'require view.zapret.tools as tools';
const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action';
const btn_style_positive = 'btn cbi-button-save important';
const btn_style_negative = 'btn cbi-button-reset important';
const btn_style_warning = 'btn cbi-button-negative';
const btn_style_success = 'btn cbi-button-success important';
const fn_update_pkg_sh = '/opt/zapret/update-pkg.sh';
return baseclass.extend({
releasesUrlPrefix : 'https://raw.githubusercontent.com/remittor/zapret-openwrt/gh-pages/releases/',
appendLog: function(msg, end = '\n') {
this.logArea.value += msg + end;
this.logArea.scrollTop = this.logArea.scrollHeight;
},
setBtnMode: function(enable) {
this.btn_cancel.disabled = enable ? false : true;
this.btn_action.disabled = (enable == 2) ? false : true;
},
setStage: function(stage, btn_flag = true) {
if (stage == 0) {
this.btn_action.textContent = _('Check for updates');
this.btn_action.classList.remove('hidden');
} else
if (stage == 1) {
this.btn_action.textContent = _('Update packages');
this.btn_action.classList.remove('hidden');
} else {
this.btn_action.classList.add('hidden');
}
if (stage > 1 && typeof(this.btn_action) == 'object') {
this.setBtnMode(1);
}
this.stage = stage;
},
checkUpdates: function() {
this.setStage(0);
this.setBtnMode(0);
this.pkg_url = null;
this.appendLog(_('Checking for updates...'));
let opt_list = [ '-c' ]; // check for updates
if (document.getElementById('cfg_exclude_prereleases').checked == false) {
opt_list.push('-p'); // include prereleases ZIP-files
}
let forced_reinstall = document.getElementById('cfg_forced_reinstall').checked;
let rpc_opt = { timeout: 20*1000 }
//rpc_opt.uid = 0; // run under root
let res = fs.exec(fn_update_pkg_sh, opt_list, null, rpc_opt).then(res => {
let log = res.stdout.trim();
this.appendLog(log);
let code = log.match(/^RESULT:\s*\(([^)]+)\)\s+.+$/m);
let pkg_url = log.match(/^ZAP_PKG_URL\s*=\s*(.+)$/m);
if (res.code == 0 && code && pkg_url) {
this.pkg_url = pkg_url[1];
code = code[1];
if (code == 'E' && !forced_reinstall) {
this.setStage(999);
return 0;
}
this.setStage(1);
this.setBtnMode(2); // enable all buttons
} else {
if (res.code != 0) {
this.appendLog('ERROR: Check for updates failed with error ' + res.code);
}
this.setStage(999);
}
return res.code;
}).catch(e => {
this.appendLog('ERROR: ' + _('Updates checking failed'));
this.appendLog('ERROR: ' + e);
this.setStage(999);
return 1;
}).finally(() => {
this.appendLog('=========================================================');
});
},
installUpdates: async function() {
this.setStage(1);
this.setBtnMode(0);
if (!this.pkg_url || this.pkg_url.length < 10) {
this.appendLog('ERROR: pkg_url = null');
this.setStage(999);
return 1;
}
this.appendLog(_('Install updates...'));
let opt_list = [ '-u', this.pkg_url ]; // update packages
if (document.getElementById('cfg_forced_reinstall').checked == true) {
opt_list.push('-f'); // forced reinstall if same version
}
let rpc_opt = { timeout: 5*1000 }
//rpc_opt.uid = 0; // run under root
const logFile = '/tmp/zapret_pkg_install.log';
const rcFile = logFile + '.rc';
try {
await fs.exec('/bin/busybox', [ 'rm', '-f', logFile + '*' ], null, rpc_opt);
this.appendLog('Install log cleared.');
} catch (e) {
this.appendLog('ERROR: Failed to clear log file');
this.setStage(999);
return 1;
}
try {
let opt = [ logFile, fn_update_pkg_sh ];
//opt.push('-t'); opt.push('0'); // only for testing
opt.push(...opt_list);
let res = await fs.exec('/opt/zapret/script-exec.sh', opt, null, rpc_opt);
if (res.code == 0) {
this.appendLog('Process started...');
} else {
this.appendLog('ERROR: cannot run ' + fn_update_pkg_sh + ' script! (error = ' + res.code + ')');
throw new Error('cannot run script');
}
} catch (e) {
this.appendLog('ERROR: Failed to start process: ' + e.message);
this.setStage(999);
return 1;
}
let lastLen = 0;
let retCode = -1;
let timerBusy = false;
let timer = setInterval(async () => {
if (timerBusy)
return; // skip iteration
timerBusy = true;
try {
let res = await fs.exec('/bin/cat', [ logFile ], null, rpc_opt);
if (res.stdout && res.stdout.length > lastLen) {
let log = res.stdout.slice(lastLen);
log = log.replace(/^ \* resolve_conffiles.*(?:\r?\n|$)/gm, '');
this.appendLog(log, '');
lastLen = res.stdout.length;
}
if (retCode < 0) {
let rc = await fs.exec('/bin/cat', [ rcFile ], null, rpc_opt);
if (rc.code != 0) {
throw new Error('cannot read file "' + rcFile + '"');
}
if (rc.stdout) {
retCode = parseInt(rc.stdout.trim(), 10);
}
}
if (retCode >= 0) {
clearInterval(timer);
this.appendLog('\n' + 'Process finished.');
if (res.stdout) {
let code = res.stdout.match(/^RESULT:\s*\(([^)]+)\)\s+.+$/m);
if (retCode == 0 && code && code[1] == '+') {
this.stage = 999;
this.btn_action.textContent = _('OK');
this.btn_action.disabled = false;
this.btn_cancel.disabled = true;
return 0;
}
}
this.appendLog('ERROR: Install updates failed with error ' + retCode);
this.setStage(999);
}
} catch (e) {
clearInterval(timer);
this.appendLog('ERROR: installUpdates: ' + e.message);
this.appendLog('ERROR: installUpdates: ' + e.stack?.trim().split('\n').pop());
this.setStage(999);
} finally {
timerBusy = false;
}
}, 500);
},
openUpdateDialog: function(pkg_arch) {
this.stage = 0;
this.pkg_arch = pkg_arch;
this.pkg_url = null;
let exclude_prereleases = E('label', [
E('input', { type: 'checkbox', id: 'cfg_exclude_prereleases', checked: true }),
' ', _('Exclude PreReleases')
]);
let forced_reinstall = E('label', [
E('input', { type: 'checkbox', id: 'cfg_forced_reinstall'}),
' ', _('Forced reinstall packages')
]);
this.logArea = E('textarea', {
'readonly': true,
'style': 'width:100%; height:400px; font-family: monospace;'
});
this.btn_cancel = E('button', {
'id': 'btn_cancel',
'name': 'btn_cancel',
'class': btn_style_warning,
}, _('Cancel'));
this.btn_cancel.onclick = ui.hideModal;
this.btn_action = E('button', {
'id': 'btn_action',
'name': 'btn_action',
'class': btn_style_action,
}, 'BUTTON_ACTION');
this.btn_action.onclick = ui.createHandlerFn(this, () => {
if (this.stage == 0) {
return this.checkUpdates();
}
if (this.stage == 1) {
return this.installUpdates();
}
return ui.hideModal();
});
this.setStage(0);
this.setBtnMode(2);
ui.showModal(_('Package update'), [
E('div', { 'class': 'cbi-section' }, [
exclude_prereleases,
E('br'), E('br'),
forced_reinstall,
E('br'), E('br'),
E('hr'),
this.logArea,
]),
E('div', { 'class': 'right' }, [
this.btn_cancel,
' ',
this.btn_action,
])
]);
}
});

10
luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json
View File

@@ -10,6 +10,7 @@
"acl": [ "luci-app-zapret" ],
"fs": {
"/opt/zapret/sync_config.sh": "executable",
"/opt/zapret/restore-def-cfg.sh": "executable",
"/etc/init.d/zapret": "executable"
},
"uci": { "zapret": true }
@@ -32,5 +33,14 @@
"type": "view",
"path": "zapret/settings"
}
},
"admin/services/zapret/dmnlog": {
"title": "Log Viewer",
"order": 30,
"action": {
"type": "view",
"path": "zapret/dmnlog"
}
}
}

17
luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json
View File

@@ -6,19 +6,32 @@
"file": {
"/opt/zapret/config": [ "read" ],
"/opt/zapret/ipset/*": [ "read" ],
"/opt/zapret/init.d/openwrt/custom.d/*": [ "read" ],
"/etc/crontabs/root": [ "read" ],
"/tmp/zapret*": [ "read" ],
"/etc/init.d/zapret*": [ "exec" ],
"/bin/ps*": [ "exec" ],
"/bin/cat*": [ "exec" ],
"/bin/busybox*": [ "exec" ],
"/bin/opkg*": [ "exec" ],
"/usr/bin/apk*": [ "exec" ],
"/usr/bin/find*": [ "exec" ],
"/opt/zapret/restore-def-cfg.sh*": [ "exec" ],
"/opt/zapret/script-exec.sh*": [ "exec" ],
"/opt/zapret/update-pkg.sh*": [ "exec" ],
"/opt/zapret/sync_config.sh*": [ "exec" ]
},
"uci": [ "zapret", "network" ],
"ubus": {
"luci": [ "getInitList", "setInitAction" ]
"luci": [ "getInitList", "setInitAction" ],
"service": [ "list" ]
}
},
"write": {
"file": {
"/opt/zapret/config": [ "write" ],
"/opt/zapret/ipset/*.txt": [ "write" ],
"/opt/zapret/ipset/*": [ "write" ],
"/opt/zapret/init.d/openwrt/custom.d/*": [ "write" ],
"/etc/crontabs/root": [ "write" ]
},
"uci": [ "zapret" ]

19
zapret-ip2net/Makefile
View File

@@ -1,21 +1,26 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret-ip2net
PKG_VERSION:=64
PKG_RELEASE:=20241012
PKG_VERSION:=72.20251225
PKG_RELEASE:=2
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
PKG_HASH:=skip
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=e95a06c7eeff87e166a5f9ca71547b169c9852e0
PKG_SOURCE_DATE:=2025-12-25
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_HASH:=skip
include $(INCLUDE_DIR)/package.mk
TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
MAKE_PATH:=ip2net

19
zapret-mdig/Makefile
View File

@@ -1,21 +1,26 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret-mdig
PKG_VERSION:=64
PKG_RELEASE:=20241012
PKG_VERSION:=72.20251225
PKG_RELEASE:=2
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
PKG_HASH:=skip
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=e95a06c7eeff87e166a5f9ca71547b169c9852e0
PKG_SOURCE_DATE:=2025-12-25
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_HASH:=skip
include $(INCLUDE_DIR)/package.mk
TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
MAKE_PATH:=mdig

21
zapret-tpws/Makefile
View File

@@ -1,21 +1,26 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret-tpws
PKG_VERSION:=64
PKG_RELEASE:=20241012
PKG_VERSION:=72.20251225
PKG_RELEASE:=2
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
PKG_HASH:=skip
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=e95a06c7eeff87e166a5f9ca71547b169c9852e0
PKG_SOURCE_DATE:=2025-12-25
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_HASH:=skip
include $(INCLUDE_DIR)/package.mk
TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
MAKE_PATH:=tpws
@@ -24,7 +29,7 @@ define Package/$(PKG_NAME)
CATEGORY:=Network
TITLE:=tpws
SUBMENU:=Zapret
DEPENDS:=+zlib +zapret
DEPENDS:=+zlib +libcap +zapret
endef
define Build/Prepare

187
zapret/Makefile
View File

@@ -5,21 +5,26 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret
PKG_VERSION:=64
PKG_RELEASE:=20241012
PKG_VERSION:=72.20251225
PKG_RELEASE:=2
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=opt/zapret/docs/LICENSE.txt
PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
PKG_HASH:=skip
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=e95a06c7eeff87e166a5f9ca71547b169c9852e0
PKG_SOURCE_DATE:=2025-12-25
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_HASH:=skip
include $(INCLUDE_DIR)/package.mk
TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
MAKE_PATH:=nfq
@@ -29,7 +34,8 @@ define Package/$(PKG_NAME)
TITLE:=$(PKG_NAME)
SUBMENU:=Zapret
URL:=https://github.com/bol-van/zapret
DEPENDS:= +nftables +curl +gzip +coreutils +coreutils-sort +coreutils-sleep
DEPENDS:= +nftables +curl +gzip
DEPENDS+= +coreutils +coreutils-sort +coreutils-sleep
DEPENDS+= +kmod-nft-nat +kmod-nft-offload +kmod-nft-queue
DEPENDS+= +libnetfilter-queue +libcap +zlib
endef
@@ -39,67 +45,141 @@ define Build/Prepare
rm -f $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws
endef
define Package/$(PKG_NAME)/conffiles
/etc/config/zapret
/opt/zapret/config
/opt/zapret/ipset/zapret-hosts-user.txt
/opt/zapret/ipset/zapret-hosts-user-exclude.txt
/opt/zapret/ipset/zapret-hosts-user-ipban.txt
/opt/zapret/ipset/zapret-ip-user.txt
/opt/zapret/ipset/zapret-ip-user-exclude.txt
/opt/zapret/ipset/zapret-ip-user-ipban.txt
endef
#define Build/Configure
#endef
#define Build/Compile
#endef
define Package/$(PKG_NAME)/conffiles
/etc/config/zapret
/opt/zapret/config
/opt/zapret/ipset/
/opt/zapret/init.d/openwrt/custom.d/
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/opt/zapret
$(INSTALL_DIR) $(1)/opt/zapret/$(MAKE_PATH)
$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws $(1)/opt/zapret/$(MAKE_PATH)/
$(INSTALL_DIR) $(1)/opt/zapret/common
$(CP) $(PKG_BUILD_DIR)/common/* $(1)/opt/zapret/common/
$(INSTALL_DIR) $(1)/opt/zapret/docs
$(CP) $(PKG_BUILD_DIR)/docs/* $(1)/opt/zapret/docs/
#$(INSTALL_DIR) $(1)/opt/zapret/docs
#$(CP) $(PKG_BUILD_DIR)/docs/* $(1)/opt/zapret/docs/
$(INSTALL_DIR) $(1)/opt/zapret/files
$(CP) $(PKG_BUILD_DIR)/files/* $(1)/opt/zapret/files/
$(CP) ./files/* $(1)/opt/zapret/files/
$(INSTALL_DIR) $(1)/opt/zapret/ipset
$(CP) $(PKG_BUILD_DIR)/ipset/* $(1)/opt/zapret/ipset/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/blockcheck.sh $(1)/opt/zapret/blockcheck.sh
$(INSTALL_CONF) $(PKG_BUILD_DIR)/config.default $(1)/opt/zapret/config.default
#$(INSTALL_DATA) $(PKG_BUILD_DIR)/config.default $(1)/opt/zapret/config.default
$(INSTALL_DIR) $(1)/opt/zapret/tmp
$(INSTALL_DIR) $(1)/opt/zapret/init.d/openwrt
$(CP) $(PKG_BUILD_DIR)/init.d/openwrt/* $(1)/opt/zapret/init.d/openwrt/
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/zapret $(1)/etc/init.d/zapret
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./zapret.config $(1)/etc/config/zapret
$(INSTALL_CONF) ./config $(1)/opt/zapret/config
#$(INSTALL_CONF) ./ipset/zapret-hosts-auto.txt $(1)/opt/zapret/ipset/zapret-hosts-auto.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-user.txt $(1)/opt/zapret/ipset/zapret-hosts-user.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt
$(INSTALL_CONF) ./ipset/zapret-hosts-user-ipban.txt $(1)/opt/zapret/ipset/zapret-hosts-user-ipban.txt
#$(INSTALL_CONF) ./ipset/zapret-ip.txt $(1)/opt/zapret/ipset/zapret-ip.txt
$(INSTALL_CONF) ./ipset/zapret-ip-exclude.txt $(1)/opt/zapret/ipset/zapret-ip-exclude.txt
$(INSTALL_CONF) ./ipset/zapret-ip-user.txt $(1)/opt/zapret/ipset/zapret-ip-user.txt
$(INSTALL_CONF) ./ipset/zapret-ip-user-exclude.txt $(1)/opt/zapret/ipset/zapret-ip-user-exclude.txt
$(INSTALL_CONF) ./ipset/zapret-ip-user-ipban.txt $(1)/opt/zapret/ipset/zapret-ip-user-ipban.txt
$(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh
$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret
$(INSTALL_DATA) ./config.default $(1)/opt/zapret/config.default
$(INSTALL_DATA) ./ipset/zapret-hosts-google.txt $(1)/opt/zapret/ipset/zapret-hosts-google.txt
$(INSTALL_DATA) ./ipset/zapret-hosts-user.txt $(1)/opt/zapret/ipset/zapret-hosts-user.txt
$(INSTALL_DATA) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset/zapret-hosts-user-exclude.txt
$(INSTALL_DATA) ./ipset/zapret-ip-exclude.txt $(1)/opt/zapret/ipset/zapret-ip-exclude.txt
$(INSTALL_DIR) $(1)/opt/zapret/ipset_def
$(INSTALL_DATA) ./ipset/zapret-hosts-google.txt $(1)/opt/zapret/ipset_def/zapret-hosts-google.txt
$(INSTALL_DATA) ./ipset/zapret-hosts-user.txt $(1)/opt/zapret/ipset_def/zapret-hosts-user.txt
$(INSTALL_DATA) ./ipset/zapret-hosts-user-exclude.txt $(1)/opt/zapret/ipset_def/zapret-hosts-user-exclude.txt
$(INSTALL_DATA) ./ipset/zapret-ip-exclude.txt $(1)/opt/zapret/ipset_def/zapret-ip-exclude.txt
$(INSTALL_DIR) $(1)/opt/zapret/init.d
$(INSTALL_DIR) $(1)/opt/zapret/init.d/openwrt
$(INSTALL_DIR) $(1)/opt/zapret/init.d/openwrt/custom.d
$(CP) ./custom.d/* $(1)/opt/zapret/init.d/openwrt/custom.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/opt/zapret/uci-def-cfg.sh
$(INSTALL_BIN) ./comfunc.sh $(1)/opt/zapret/comfunc.sh
$(INSTALL_BIN) ./def-cfg.sh $(1)/opt/zapret/def-cfg.sh
$(INSTALL_BIN) ./renew-cfg.sh $(1)/opt/zapret/renew-cfg.sh
$(INSTALL_BIN) ./restore-def-cfg.sh $(1)/opt/zapret/restore-def-cfg.sh
$(INSTALL_BIN) ./sync_config.sh $(1)/opt/zapret/sync_config.sh
$(INSTALL_BIN) ./script-exec.sh $(1)/opt/zapret/script-exec.sh
$(INSTALL_BIN) ./update-pkg.sh $(1)/opt/zapret/update-pkg.sh
# Fix permisions
chmod 644 $(1)/opt/zapret/ipset/*.txt
chmod 644 $(1)/opt/zapret/ipset_def/*.txt
chmod 644 $(1)/opt/zapret/init.d/openwrt/custom.d/*.sh
chmod 644 $(1)/opt/zapret/config.default
chmod 755 $(1)/opt/zapret/*.sh
endef
define Package/$(PKG_NAME)/preinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
if [ -f "/etc/init.d/zapret" ]; then
SCRIPT=$$( readlink /etc/init.d/zapret )
if [ -n "$${SCRIPT}" ]; then
echo "Please uninstall original zapret utility!"
exit 44
fi
fi
if [ "$${PKG_UPGRADE}" = "1" ]; then
# stop service if PKG_UPGRADE
if [ -x "/etc/init.d/zapret" ]; then
/etc/init.d/zapret running && /etc/init.d/zapret stop >/dev/null 2>&1
fi
fi
if [ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ]; then
if [ -f "/opt/zapret/ipset/zapret-hosts-user.txt" ]; then
CFGLISTHASH=$$( md5sum "/opt/zapret/ipset/zapret-hosts-user.txt" | awk '{print $$1;}' )
if [ "$${CFGLISTHASH}" = "79e35df62b0d1ae455d0a7e04c4cecac" ]; then
rm -f "/opt/zapret/ipset/zapret-hosts-user.txt"
fi
fi
fi
fi
exit 0
endef
define Package/$(PKG_NAME)/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
# creating main config if its not exists
if [ ! -f "$${ZAPRET_CONFIG}" ]; then
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# check obsolete format for main config
if grep -qE "^NFQWS_OPT_DESYNC=|^MODE_HTTP=|^MODE_HTTPS=|^MODE_QUIC=|^MODE=" "$${ZAPRET_CONFIG}" ; then
echo "Detect obsolute format for main config!"
ZAPRET_CONFIG_BACKUP="$${ZAPRET_CONFIG}.backup"
cp -f "$${ZAPRET_CONFIG}" "$${ZAPRET_CONFIG_BACKUP}"
echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# check existing uci-config
[ -f "/etc/config/zapret" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
# create or merge uci-config
/opt/zapret/uci-def-cfg.sh
[ "$${ZAPRET_CFG_EXISTS}" = "1" ] && echo "Config /etc/config/zapret merged with default uci-config"
# remove uci-default script from system dir (used into /etc/init.d/boot)
rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
# copy (sync) all params from uci-config to main config
/opt/zapret/sync_config.sh
# check main config
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58
# enable main service
/etc/init.d/zapret enable
# stop all
/etc/init.d/zapret stop_fw
/etc/init.d/zapret stop_daemons
ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
# start main service
/etc/init.d/zapret start
# restart firewall
[ -x /sbin/fw4 ] && fw4 -q restart || fw3 -q restart
fi
exit 0
@@ -108,17 +188,26 @@ endef
define Package/$(PKG_NAME)/prerm
#!/bin/sh
# check if we are on real system
if [ -n "$${IPKG_INSTROOT}" ]; then
if [ -z "$${IPKG_INSTROOT}" ]; then
EXEDIR=/opt/zapret
ZAPRET_BASE=/opt/zapret
ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
OPENWRT_FW_INCLUDE=/etc/firewall.zapret
. "$ZAPRET_CONFIG"
. "$ZAPRET_BASE/common/base.sh"
. "$ZAPRET_BASE/common/fwtype.sh"
. "$ZAPRET_BASE/common/installer.sh"
# check main config
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then
ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
exit 0
fi
. "$${ZAPRET_CONFIG}"
. "$${ZAPRET_BASE}/common/base.sh"
. "$${ZAPRET_BASE}/common/fwtype.sh"
. "$${ZAPRET_BASE}/common/nft.sh"
. "$${ZAPRET_BASE}/common/installer.sh"
/etc/init.d/zapret running && /etc/init.d/zapret stop
/etc/init.d/zapret disable
/etc/init.d/zapret stop
ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
remove_openwrt_firewall
nft_del_table
restart_openwrt_firewall
@@ -126,4 +215,16 @@ fi
exit 0
endef
define Package/$(PKG_NAME)/postrm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
[ -f "/etc/config/zapret-opkg" ] && rm -f "/etc/config/zapret-opkg"
[ -f "/opt/zapret/config" ] && cp -f /opt/zapret/config "/opt/zapret/config.backup"
#rm -rf /opt/zapret
#echo "Directory /opt/zapret removed!"
fi
exit 0
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

233
zapret/comfunc.sh Executable file
View File

@@ -0,0 +1,233 @@
#!/bin/sh
# Copyright (c) 2024 remittor
EXEDIR=/opt/zapret
ZAPRET_BASE=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret"
ZAPRET_CONFIG="$ZAPRET_BASE/config"
ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
ZAPRET_CFG=/etc/config/zapret
ZAPRET_CFG_NAME=zapret
ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_NAME.config )"
. $ZAPRET_BASE/def-cfg.sh
CRONTAB_FILE="/etc/crontabs/root"
function adapt_for_sed
{
echo -n "$1" | tr '\r' ' ' | tr '\n' ' ' | tr '\t' ' ' | sed -r 's/([\$\.\*\/\[\\^])/\\\1/g' | sed 's/[]]/\\]/g'
}
function is_valid_config
{
local fname=${1:-$ZAPRET_CONFIG}
sh -n "$fname" &>/dev/null
return $?
}
function get_ppid_by_pid
{
local pid=$1
local ppid="$( cat /proc/$pid/status 2>/dev/null | grep '^PPid:' | awk '{print $2}' )"
echo "$ppid"
}
function get_proc_path_by_pid
{
local pid=$1
local path=$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' | head -n1 )
echo "$path"
}
function get_proc_cmd_by_pid
{
local pid=$1
local delim="$2"
local cmdline
if [ "$delim" = "" ]; then
cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' '\n' )"
else
cmdline="$( cat /proc/$pid/cmdline 2>/dev/null | tr '\0' "$delim" )"
fi
echo "$cmdline"
}
function is_run_via_procd
{
local pname
[ "$$" = "1" ] && return 0
pname="$( get_proc_path_by_pid $$ )"
[ "$pname" = "/sbin/procd" ] && return 0
[ "$PPID" = "1" ] && return 0
pname="$( get_proc_path_by_pid $PPID )"
[ "$pname" = "/sbin/procd" ] && return 0
return 1
}
function is_run_on_boot
{
local cmdline="$( get_proc_cmd_by_pid $$ ' ' )"
if echo "$cmdline" | grep -q " /etc/rc.d/S" ; then
if echo "$cmdline" | grep -q " boot $" ; then
return 0
fi
fi
return 1
}
function get_run_on_boot_option
{
if [ "$( uci -q get $ZAPRET_CFG_NAME.config.run_on_boot )" = "1" ]; then
echo 1
else
echo 0
fi
}
function get_distrib_param
{
local parname=$1
local value="__unknown__"
if [ -f /etc/openwrt_release ]; then
while IFS='=' read -r key val; do
val="${val#\'}"
val="${val%\'}"
val="${val#\"}"
val="${val%\"}"
if [ "$key" = "$parname" ]; then
value="$val"
break
fi
done < /etc/openwrt_release
fi
printf '%s' "$value"
}
function get_cpu_arch
{
get_distrib_param DISTRIB_ARCH
}
function restore_ipset_txt
{
local cfgname=$1
if [ -f "$ZAPRET_BASE/ipset_def/$cfgname" ]; then
cp -f "$ZAPRET_BASE/ipset_def/$cfgname" "$ZAPRET_BASE/ipset/$cfgname"
fi
}
function restore_all_ipset_cfg
{
restore_ipset_txt zapret-hosts-google.txt
restore_ipset_txt zapret-hosts-user.txt
restore_ipset_txt zapret-hosts-user-exclude.txt
restore_ipset_txt zapret-ip-exclude.txt.txt
}
function create_default_cfg
{
local opt_flags=${1:--}
local opt_strat=$2
local cfgname=${3:-$ZAPRET_CFG_NAME}
local cfgfile=/etc/config/$cfgname
rm -f $cfgfile
touch $cfgfile
uci set $cfgname.config=main
set_cfg_default_values "$opt_flags" "$opt_strat" $cfgname
return 0
}
function merge_cfg_with_def_values
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local force=$2
local cfgfile=/etc/config/$cfgname
local NEWCFGNAME="zapret-default"
local NEWCFGFILE="/etc/config/$NEWCFGNAME"
local cfg_sec_name="$( uci -q get $ZAPRET_CFG_NAME.config )"
[ -z "$cfg_sec_name" ] && create_default_cfg
create_default_cfg "-" "" "$NEWCFGNAME"
[ ! -f "$NEWCFGFILE" ] && return 1
uci -m -f $cfgfile import "$NEWCFGNAME"
uci commit "$NEWCFGNAME"
uci -m -f "$NEWCFGFILE" import $cfgname
uci commit $cfgname
rm -f "$NEWCFGFILE"
return 0
}
function remove_cron_task_logs
{
if [ -f "$CRONTAB_FILE" ]; then
sed -i "/-name 'zapret+\*.log' -size +/d" "$CRONTAB_FILE"
fi
}
function insert_cron_task_logs
{
[ ! -f "$CRONTAB_FILE" ] && touch "$CRONTAB_FILE"
[ ! -f "$CRONTAB_FILE" ] && return 1
if ! grep -q -e "-name 'zapret\*\.log' -size \+" "$CRONTAB_FILE"; then
echo "*/2 * * * * /usr/bin/find /tmp -maxdepth 1 -type f -name 'zapret+*.log' -size +2600k -exec rm -f {} \;" >> "$CRONTAB_FILE"
/etc/init.d/cron restart 2> /dev/null
fi
return 0
}
function init_before_start
{
local DAEMON_LOG_ENABLE=$1
local HOSTLIST_FN="$ZAPRET_BASE/ipset/zapret-hosts-user.txt"
[ ! -f "$HOSTLIST_FN" ] && touch "$HOSTLIST_FN"
chmod 644 $ZAPRET_BASE/ipset/*.txt
chmod 666 $ZAPRET_BASE/ipset/*.log
rm -f /tmp/zapret+*.log
#*/
if [ "$DAEMON_LOG_ENABLE" = "1" ]; then
insert_cron_task_logs
else
remove_cron_task_logs
fi
return 0
}
function patch_luci_header_ut
{
# INFO: https://github.com/openwrt/luci/pull/7725
local header_ut=/usr/share/ucode/luci/template/header.ut
local runtime_uc=/usr/share/ucode/luci/runtime.uc
local newenv
[ ! -f $header_ut ] && return 0
[ ! -f $runtime_uc ] && return 0
if grep -q "pkgs_update_time" $runtime_uc; then
return 0
fi
if grep -q "pkgs_update_time" $header_ut; then
return 0
fi
sed -i "/^import { access/i import { stat } from 'fs';" $runtime_uc
if ! grep -q "{ stat }" $runtime_uc; then
return 1
fi
newenv="self.env.pkgs_update_time = stat('/lib/apk/db/installed')?.mtime ?? stat('/usr/lib/opkg/status')?.mtime ?? 0;"
newenv=`adapt_for_sed "$newenv"`
sed -i "/self.env.include =/i $newenv" $runtime_uc
if ! grep -q "pkgs_update_time" $runtime_uc; then
return 1
fi
sed -i 's/luci.js?v=\(.*\)"><\/script>/luci.js?v=\1-{{ pkgs_update_time }}"><\/script>/g' $header_ut
if ! grep -q "pkgs_update_time" $header_ut; then
return 1
fi
logger -p notice -t ZAPRET "patch_luci_header_ut: OK"
return 0
}

144
zapret/config
View File

@@ -1,144 +0,0 @@
# this file is included from init scripts
# change values here
# can help in case /tmp has not enough space
#TMPDIR=/opt/zapret/tmp
# override firewall type : iptables,nftables,ipfw
FWTYPE=nftables
# options for ipsets
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=522288
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
# too large hashsize will waste lots of RAM
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
# dynamically generate additional ip. $1 = ipset/nfset/table name
#IPSET_HOOK="/etc/zapret.ipset.hook"
# options for ip2net. "-4" or "-6" auto added by ipset create script
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0
# number of parallel threads for domain list resolves
MDIG_THREADS=30
# ipset/*.sh can compress large lists
GZIP_LISTS=0
# command to reload ip/host lists after update
# comment or leave empty for auto backend selection : ipset or ipfw if present
# on BSD systems with PF no auto reloading happens. you must provide your own command
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
# override ports
#HTTP_PORTS=80-81,85
#HTTPS_PORTS=443,500-501
#QUIC_PORTS=443,444
# CHOOSE OPERATION MODE
# MODE : nfqws,tpws,tpws-socks,filter,custom
# nfqws : nfqws for dpi desync
# tpws : tpws transparent mode
# tpws-socks : tpws socks mode
# filter : no daemon, just create ipset or download hostlist
# custom : custom mode. should modify custom init script and add your own code
MODE=nfqws
MODE_HTTP=1
MODE_HTTP_KEEPALIVE=0
MODE_HTTPS=1
MODE_QUIC=1
# none,ipset,hostlist,autohostlist
MODE_FILTER=hostlist
# CHOOSE NFQWS DAEMON OPTIONS for DPI desync mode. run "nfq/nfqws --help" for option list
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
NFQWS_OPT_DESYNC="--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin"
NFQWS_OPT_DESYNC_SUFFIX=""
NFQWS_OPT_DESYNC_HTTP=""
NFQWS_OPT_DESYNC_HTTP_SUFFIX=""
NFQWS_OPT_DESYNC_HTTPS=""
NFQWS_OPT_DESYNC_HTTPS_SUFFIX=""
NFQWS_OPT_DESYNC_HTTP6=""
NFQWS_OPT_DESYNC_HTTP6_SUFFIX=""
NFQWS_OPT_DESYNC_HTTPS6=""
NFQWS_OPT_DESYNC_HTTPS6_SUFFIX=""
NFQWS_OPT_DESYNC_QUIC="--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_google_com.bin"
NFQWS_OPT_DESYNC_QUIC_SUFFIX=""
NFQWS_OPT_DESYNC_QUIC6=""
NFQWS_OPT_DESYNC_QUIC6_SUFFIX=""
# CHOOSE TPWS DAEMON OPTIONS. run "tpws/tpws --help" for option list
# SUFFIX VARS define additional lower priority desync profile. it's required if MODE_FILTER=hostlist and strategy has hostlist-incompatible 0-phase desync methods (mss)
TPWS_OPT="--hostspell=HOST --split-http-req=method --split-pos=3 --oob"
#TPWS_OPT_SUFFIX="--mss 88"
# FlowOffload mode : donttouch,none,software,hardware
FLOWOFFLOAD=none
# openwrt: specify networks to be treated as LAN. default is "lan"
#OPENWRT_LAN="lan lan2 lan3"
# openwrt: specify networks to be treated as WAN. default wans are interfaces with default route
#OPENWRT_WAN4="wan vpn"
#OPENWRT_WAN6="wan6 vpn6"
# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
#IFACE_LAN=eth0
#IFACE_WAN=eth1
#IFACE_WAN6="ipsec0 wireguard0 he_net"
# should start/stop command of init scripts apply firewall rules ?
# not applicable to openwrt with firewall3+iptables
INIT_APPLY_FW=1
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
# do not work with ipv4
DISABLE_IPV4=0
# do not work with ipv6
DISABLE_IPV6=1
# select which init script will be used to get ip or host list
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
# comment if not required
#GETLIST=get_antizapret_domains.sh
#GETLIST=get_antifilter_ipsmart.sh

159
zapret/config.default Normal file
View File

@@ -0,0 +1,159 @@
# this file is included from init scripts
# change values here
# can help in case /tmp has not enough space
#TMPDIR=/opt/zapret/tmp
# redefine user for zapret daemons. required on Keenetic
WS_USER="daemon"
# override firewall type : iptables,nftables,ipfw
FWTYPE=nftables
# nftables only : set this to 0 to use pre-nat mode. default is post-nat.
# pre-nat mode disables some bypass techniques for forwarded traffic but allows to see client IP addresses in debug log
POSTNAT=1
# options for ipsets
# maximum number of elements in sets. also used for nft sets
SET_MAXELEM=522288
# too low hashsize can cause memory allocation errors on low RAM systems , even if RAM is enough
# too large hashsize will waste lots of RAM
IPSET_OPT="hashsize 262144 maxelem $SET_MAXELEM"
# dynamically generate additional ip. $1 = ipset/nfset/table name
#IPSET_HOOK="/etc/zapret.ipset.hook"
# options for ip2net. "-4" or "-6" auto added by ipset create script
IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0
# number of parallel threads for domain list resolves
MDIG_THREADS=30
# ipset/*.sh can compress large lists
GZIP_LISTS=0
# command to reload ip/host lists after update
# comment or leave empty for auto backend selection : ipset or ipfw if present
# on BSD systems with PF no auto reloading happens. you must provide your own command
# set to "-" to disable reload
#LISTS_RELOAD="pfctl -f /etc/pf.conf"
# none,ipset,hostlist,autohostlist
MODE_FILTER=hostlist
# mark bit used by nfqws to prevent loop
DESYNC_MARK=0x40000000
DESYNC_MARK_POSTNAT=0x20000000
# do not pass outgoing traffic to tpws/nfqws not marked with this bit
# this setting allows to write your own rules to limit traffic that should be fooled
# for example based on source IP or incoming interface name
# no filter if not defined
FILTER_MARK=""
TPWS_SOCKS_ENABLE=0
# tpws socks listens on this port on localhost and LAN interfaces
TPPORT_SOCKS=987
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
TPWS_ENABLE=0
TPWS_PORTS="80,443"
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
NFQWS_ENABLE=1
# redirect outgoing traffic with connbytes limiter applied in both directions.
NFQWS_PORTS_TCP="80,443"
NFQWS_PORTS_UDP="443"
# PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply
# this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU.
NFQWS_TCP_PKT_OUT="9"
NFQWS_TCP_PKT_IN="3"
NFQWS_UDP_PKT_OUT="9"
NFQWS_UDP_PKT_IN="0"
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives
# this mode can be very CPU consuming. enable with care !
NFQWS_PORTS_TCP_KEEPALIVE=""
NFQWS_PORTS_UDP_KEEPALIVE=""
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
NFQWS_OPT="--filter-tcp=80 <HOSTLIST> --dpi-desync=fake,fakedsplit --dpi-desync-autottl=2 --dpi-desync-fooling=badsum --new --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --filter-udp=443 <HOSTLIST_NOAUTO> --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=443 <HOSTLIST> --dpi-desync=multidisorder --dpi-desync-split-pos=1,sniext+1,host+1,midsld-2,midsld,midsld+2,endhost-1"
DISABLE_CUSTOM=1
# FlowOffload mode : donttouch,none,software,hardware
FLOWOFFLOAD=none
# openwrt: specify networks to be treated as LAN. default is "lan"
#OPENWRT_LAN="lan lan2 lan3"
# openwrt: specify networks to be treated as WAN. default wans are interfaces with default route
#OPENWRT_WAN4="wan vpn"
#OPENWRT_WAN6="wan6 vpn6"
# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
#IFACE_LAN=eth0
#IFACE_WAN=eth1
#IFACE_WAN6="ipsec0 wireguard0 he_net"
# should start/stop command of init scripts apply firewall rules ?
# not applicable to openwrt with firewall3+iptables
INIT_APPLY_FW=1
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
# do not work with ipv4
DISABLE_IPV4=0
# do not work with ipv6
DISABLE_IPV6=1
# drop icmp time exceeded messages for nfqws tampered connections
# in POSTNAT mode this can interfere with default mtr/traceroute in tcp or udp mode. use source port not redirected to nfqws
# set to 0 if you are not expecting connection breakage due to icmp in response to TCP SYN or UDP
FILTER_TTL_EXPIRED_ICMP=1
# select which init script will be used to get ip or host list
# possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
# comment if not required
#GETLIST=get_antizapret_domains.sh
DAEMON_LOG_ENABLE=0
DAEMON_LOG_FILE="/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log"

31
zapret/custom.d/50-script.sh Normal file
View File

@@ -0,0 +1,31 @@
# Stun4ALL (discord audio, discord video, telegram call, etc)
# this custom script runs desync to all stun packets
# NOTE: @ih requires nft 1.0.1+ and updated kernel version. it's confirmed to work on 5.15 (openwrt 23) and not work on 5.10 (openwrt 22)
# can override in config :
NFQWS_OPT_DESYNC_STUN="${NFQWS_OPT_DESYNC_STUN:---dpi-desync=fake --dpi-desync-repeats=2}"
alloc_dnum DNUM_STUN4ALL
alloc_qnum QNUM_STUN4ALL
zapret_custom_daemons()
{
# $1 - 1 - add, 0 - stop
local opt="--qnum=$QNUM_STUN4ALL $NFQWS_OPT_DESYNC_STUN"
do_nfqws $1 $DNUM_STUN4ALL "$opt"
}
zapret_custom_firewall()
{
# $1 - 1 - run, 0 - stop
local f='-p udp -m u32 --u32'
fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=28:65535&&0>>22&0x3C@12=0x2112A442&&0>>22&0x3C@8&0xC0000003=0" "$f 44>>16=28:65535&&52=0x2112A442&&48&0xC0000003=0" $QNUM_STUN4ALL
}
zapret_custom_firewall_nft()
{
# stop logic is not required
local f="udp length >= 28 @ih,32,32 0x2112A442 @ih,0,2 0 @ih,30,2 0"
nft_fw_nfqws_post "$f" "$f" $QNUM_STUN4ALL
}

350
zapret/def-cfg.sh Executable file
View File

@@ -0,0 +1,350 @@
#!/bin/sh
# Copyright (c) 2024 remittor
function set_cfg_reset_values
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( echo -n -e '\t' )"
uci batch <<-EOF
set $cfgname.config.run_on_boot='0'
# settings for zapret service
set $cfgname.config.FWTYPE='nftables'
set $cfgname.config.POSTNAT='1'
set $cfgname.config.FLOWOFFLOAD='none'
set $cfgname.config.INIT_APPLY_FW='1'
set $cfgname.config.DISABLE_IPV4='0'
set $cfgname.config.DISABLE_IPV6='1'
set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.DISABLE_CUSTOM='1'
set $cfgname.config.WS_USER='daemon'
set $cfgname.config.DAEMON_LOG_ENABLE='0'
set $cfgname.config.DAEMON_LOG_FILE='/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
# autohostlist options
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
# nfqws options
set $cfgname.config.NFQWS_ENABLE='1'
set $cfgname.config.DESYNC_MARK='0x40000000'
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
set $cfgname.config.FILTER_MARK='$TAB'
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
set $cfgname.config.NFQWS_TCP_PKT_IN='3'
set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
set $cfgname.config.NFQWS_UDP_PKT_IN='0'
set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
# save changes
commit $cfgname
EOF
return 0
}
function clear_nfqws_strat
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( echo -n -e '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT='$TAB'
commit $cfgname
EOF
}
function set_cfg_nfqws_strat
{
local strat=${1:--}
local cfgname=${2:-$ZAPRET_CFG_NAME}
local TAB="$( echo -n -e '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
commit $cfgname
EOF
if [ "$strat" = "empty" ]; then
clear_nfqws_strat $cfgname
fi
if [ "$strat" = "v1_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake,multidisorder
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=badseq
--dpi-desync-badseq-increment=10000000
--dpi-desync-repeats=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v2_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v3_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/t2.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=m.ok.ru
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v4_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,multisplit
--dpi-desync-split-pos=2,sld
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=google.com
--dpi-desync-split-seqovl=2108
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fooling=badseq
--new
--filter-tcp=443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync-any-protocol=1
--dpi-desync-cutoff=n5
--dpi-desync=multisplit
--dpi-desync-split-seqovl=582
--dpi-desync-split-pos=1
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/4pda.bin
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v5_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-tcp=443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
--dpi-desync-fake-tls-mod=rnd,dupsid
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "ALT7_by_Flowseal" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=multisplit
--dpi-desync-split-pos=2,sniext+1
--dpi-desync-split-seqovl=679
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-tcp=80,443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=multisplit
--dpi-desync-split-pos=2,sniext+1
--dpi-desync-split-seqovl=679
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "TLS_AUTO_ALT3_by_Flowseal" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
# Strategy $strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com
--new
--filter-tcp=80,443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=11
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
return 0
}
function set_cfg_default_values
{
local opt_flags=${1:--}
local opt_strat=${2:-v2_by_StressOzz}
local cfgname=${3:-$ZAPRET_CFG_NAME}
if ! echo "$opt_flags" | grep -q "(skip_base)"; then
set_cfg_reset_values $cfgname
fi
if [ "$opt_strat" != "-" ]; then
set_cfg_nfqws_strat "$opt_strat" $cfgname
fi
if echo "$opt_flags" | grep -q "(set_mode_autohostlist)"; then
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='autohostlist'
commit $cfgname
EOF
fi
return 0
}

BIN
zapret/files/fake/4pda.bin Normal file
View File

Binary file not shown.

BIN
zapret/files/fake/max.bin Normal file
View File

Binary file not shown.

BIN
zapret/files/fake/t2.bin Normal file
View File

Binary file not shown.

BIN
zapret/files/fake/tls_clienthello_max_ru.bin Normal file
View File

Binary file not shown.

87
zapret/init.d.sh Executable file
View File

@@ -0,0 +1,87 @@
#!/bin/sh /etc/rc.common
# Copyright (c) 2024 remittor
USE_PROCD=1
# after network
START=21
SCRIPT_FILENAME=$1
. /opt/zapret/comfunc.sh
if ! is_valid_config ; then
logger -p err -t ZAPRET "Wrong main config: $ZAPRET_CONFIG"
exit 91
fi
. $ZAPRET_ORIG_INITD
EXEDIR=/opt/zapret
ZAPRET_BASE=/opt/zapret
is_run_on_boot && IS_RUN_ON_BOOT=1 || IS_RUN_ON_BOOT=0
function enable
{
local run_on_boot=""
patch_luci_header_ut
if [ "$IS_RUN_ON_BOOT" = "1" ]; then
if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
run_on_boot=$( get_run_on_boot_option )
if [ $run_on_boot != 1 ]; then
logger -p notice -t ZAPRET "Attempt to enable service, but service blocked!"
return 61
fi
fi
fi
if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
uci set $ZAPRET_CFG_NAME.config.run_on_boot=1
uci commit
fi
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enable
}
function enabled
{
local run_on_boot=""
if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
run_on_boot=$( get_run_on_boot_option )
if [ $run_on_boot != 1 ]; then
if [ "$IS_RUN_ON_BOOT" = "1" ]; then
logger -p notice -t ZAPRET "Service is blocked!"
fi
return 61
fi
fi
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD enabled
}
function boot
{
local run_on_boot=""
patch_luci_header_ut
if [ "$IS_RUN_ON_BOOT" = "1" ]; then
if [ -n "$ZAPRET_CFG_SEC_NAME" ]; then
run_on_boot=$( get_run_on_boot_option )
if [ $run_on_boot != 1 ]; then
logger -p notice -t ZAPRET "Attempt to run service on boot! Service is blocked!"
return 61
fi
fi
fi
init_before_start "$DAEMON_LOG_ENABLE"
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
}
function start
{
init_before_start "$DAEMON_LOG_ENABLE"
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD start "$@"
}
function restart
{
init_before_start "$DAEMON_LOG_ENABLE"
/bin/sh /etc/rc.common $ZAPRET_ORIG_INITD restart "$@"
}

198
zapret/ipset/zapret-hosts-google.txt Normal file
View File

@@ -0,0 +1,198 @@
cdn.youtube.com
fonts.googleapis.com
fonts.gstatic.com
ggpht.com
googleapis.com
googleusercontent.com
googlevideo.com
i.ytimg.com
i9.ytimg.com
jnn-pa.googleapis.com
kids.youtube.com
m.youtube.com
manifest.googlevideo.com
music.youtube.com
nhacmp3youtube.com
returnyoutubedislikeapi.com
s.ytimg.com
signaler-pa.youtube.com
studio.youtube.com
tv.youtube.com
wide-youtube.l.google.com
withyoutube.com
youtu.be
youtube.com
youtube.googleapis.com
youtubeeducation.com
youtubeembeddedplayer.googleapis.com
youtubefanfest.com
youtubegaming.com
youtubei.googleapis.com
youtubekids.com
youtubemobilesupport.com
youtube-nocookie.com
youtube-ui.l.google.com
yt.be
yt3.ggpht.com
yt3.googleusercontent.com
yt4.ggpht.com
ytimg.com
ytimg.l.google.com
yting.com
yt-video-upload.l.google.com
youtube.ae
youtube.al
youtube.am
youtube.at
youtube.az
youtube.ba
youtube.be
youtube.bg
youtube.bh
youtube.bo
youtube.by
youtube.ca
youtube.cat
youtube.ch
youtube.cl
youtube.co
youtube.co.ae
youtube.co.at
youtube.co.cr
youtube.co.hu
youtube.co.id
youtube.co.il
youtube.co.in
youtube.co.jp
youtube.co.ke
youtube.co.kr
youtube.co.ma
youtube.co.nz
youtube.co.th
youtube.co.tz
youtube.co.ug
youtube.co.uk
youtube.co.ve
youtube.co.za
youtube.co.zw
youtube.com.ar
youtube.com.au
youtube.com.az
youtube.com.bd
youtube.com.bh
youtube.com.bo
youtube.com.br
youtube.com.by
youtube.com.co
youtube.com.do
youtube.com.ec
youtube.com.ee
youtube.com.eg
youtube.com.es
youtube.com.gh
youtube.com.gr
youtube.com.gt
youtube.com.hk
youtube.com.hn
youtube.com.hr
youtube.com.jm
youtube.com.jo
youtube.com.kw
youtube.com.lb
youtube.com.lv
youtube.com.ly
youtube.com.mk
youtube.com.mt
youtube.com.mx
youtube.com.my
youtube.com.ng
youtube.com.ni
youtube.com.om
youtube.com.pa
youtube.com.pe
youtube.com.ph
youtube.com.pk
youtube.com.pt
youtube.com.py
youtube.com.qa
youtube.com.ro
youtube.com.sa
youtube.com.sg
youtube.com.sv
youtube.com.tn
youtube.com.tr
youtube.com.tw
youtube.com.ua
youtube.com.uy
youtube.com.ve
youtube.cr
youtube.cz
youtube.de
youtube.dk
youtube.ee
youtube.es
youtube.fi
youtube.fr
youtube.ge
youtube.gr
youtube.gt
youtube.hk
youtube.hr
youtube.hu
youtube.ie
youtube.in
youtube.iq
youtube.is
youtube.it
youtube.jo
youtube.jp
youtube.kr
youtube.kz
youtube.la
youtube.lk
youtube.lt
youtube.lu
youtube.lv
youtube.ly
youtube.ma
youtube.md
youtube.me
youtube.mk
youtube.mn
youtube.mx
youtube.my
youtube.ng
youtube.ni
youtube.nl
youtube.no
youtube.pa
youtube.pe
youtube.ph
youtube.pk
youtube.pl
youtube.pr
youtube.pt
youtube.qa
youtube.ro
youtube.rs
youtube.ru
youtube.sa
youtube.se
youtube.sg
youtube.si
youtube.sk
youtube.sn
youtube.soy
youtube.sv
youtube.tn
youtube.tv
youtube.ua
youtube.ug
youtube.uy
youtube.vn
youtubego.co.id
youtubego.co.in
youtubego.com
youtubego.com.br
youtubego.id
youtubego.in

250
zapret/ipset/zapret-hosts-user-exclude.txt
View File

@@ -1,6 +1,256 @@
127.0.0.0/8
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
169.254.0.0/16
100.64.0.0/10
::1
fc00::/7
fe80::/10
####################################
nalog.ru
gstatic.com
gosuslugi.ru
mos-gorsud.ru
gov.ru
sudrf.ru
ipstream.one
#################################### Epicgames
easy.ac
fab.com
quixel.se
quixel.com
eac-cdn.com
paragon.com
spyjinx.com
3lateral.com
fortnite.com
epicgames.com
epicgames.dev
hyprsense.com
sketchfab.com
artstation.com
roborecall.com
twinmotion.com
cubicmotion.com
playparagon.com
realityscan.com
epicgamescdn.com
et.epicgames.com
ol.epicgames.com
radgametools.com
unrealengine.com
api.epicgames.dev
easyanticheat.net
shadowcomplex.com
battlebreakers.com
store.epicgames.com
capturingreality.com
unrealtournament.com
cdn1.unrealengine.com
cdn2.unrealengine.com
accounts.epicgames.com
download.epicgames.com
tracking.epicgames.com
download2.epicgames.com
download3.epicgames.com
download4.epicgames.com
metrics.ol.epicgames.com
datarouter.ol.epicgames.com
fastly-download.epicgames.com
store-content.ak.epicgames.com
static-assets-prod.epicgames.com
epicgames-download1.akamaized.net
launcher-website-prod07.ol.epicgames.com
ut-public-service-prod10.ol.epicgames.com
store-site-backend-static.ak.epicgames.com
library-service.live.use1a.on.epicgames.com
accountportal-website-prod07.ol.epicgames.com
account-public-service-prod03.ol.epicgames.com
catalog-public-service-prod06.ol.epicgames.com
friends-public-service-prod06.ol.epicgames.com
launcher-public-service-prod06.ol.epicgames.com
entitlement-public-service-prod08.ol.epicgames.com
lightswitch-public-service-prod06.ol.epicgames.com
orderprocessor-public-service-ecomprod01.ol.epicgames.com
launcherwaitingroom-public-service-prod06.ol.epicgames.com
datastorage-public-service-liveegs.live.use1a.on.epicgames.com
#################################### Steam
s.team
steam.tv
valve.net
steamcdn.com
steamcdn.net
steamstat.us
valvecdn.com
steam-api.com
steamchat.com
steamdeck.com
steam-chat.com
steamgames.com
steamgames.net
underlords.com
steamserver.net
steamstatic.com
playartifact.com
steam.cdn.on.net
steamcontent.com
steampowered.com
valvecontent.com
valvesoftware.com
valvesoftware.net
steam.cdn.webra.ru
steambroadcast.com
steamcommunity.com
cdn.steamstatic.com
cs.steampowered.com
dl.steam.clngaa.com
steam.ru.qtlglb.com
api.steampowered.com
steam.eca.qtlglb.com
steamusercontent.com
help.steampowered.com
steam.apac.qtlglb.com
steam.naeu.qtlglb.com
cdn.steamcommunity.com
gstore.val.manlaxy.com
login.steampowered.com
media.steampowered.com
partner.steamgames.com
shared.steamstatic.com
steam.cdn.orcon.net.nz
store.steampowered.com
steamcdn-a.akamaihd.net
steampipe.akamaized.net
partner.steampowered.com
steamcdn-a.akamaized.net
steamdeckusercontent.com
support.steampowered.com
checkout.steampowered.com
community.steamstatic.com
steam.cdn.slingshot.co.nz
steammobile.akamaized.net
steamstatic.akamaized.net
steamstore-a.akamaihd.net
steamvideo-a.akamaihd.net
workshop.steampowered.com
cdn.akamai.steamstatic.com
cdn.fastly.steamstatic.com
client-update.queniuqe.com
community.steampowered.com
steamdeckcdn.akamaized.net
steampipe-kr.akamaized.net
clan.fastly.steamstatic.com
steamcontent-a.akamaihd.net
steambroadcast.akamaized.net
steamcommunity.akamaized.net
store.akamai.steamstatic.com
store.fastly.steamstatic.com
scontent.steamusercontent.com
shared.fastly.steamstatic.com
steamcommunity-a.akamaihd.net
avatars.fastly.steamstatic.com
cdn.cloudflare.steamstatic.com
edge.steam-dns.top.comcast.net
steamcommunity-a.akamaized.net
steamuserimages-a.akamaihd.net
steampipe-partner.akamaized.net
steamusercontent-a.akamaihd.net
client-download.steampowered.com
community.fastly.steamstatic.com
store.cloudflare.steamstatic.com
community.cloudflare.steamstatic.com
steamcdn-a.akamaihd.net.edgesuite.net
steamcloudsweden.blob.core.windows.net
steamcommunity.cloudflare.steamstatic.com
steamcommunity-a.akamaihd.net.edgesuite.net
#################################### OpenWRT
github.com
openwrt.org
gh.openwrt.org
cdn.openwrt.org
dev.openwrt.org
git.openwrt.org
lede-project.org
wiki.openwrt.org
forum.openwrt.org
lists.openwrt.org
openwrt.gitlab.io
archive.openwrt.org
downloads.openwrt.org
fwdownloads.openwrt.org
mirror-01.infra.openwrt.org
mirror-02.infra.openwrt.org
mirror-03.infra.openwrt.org
mirror-04.infra.openwrt.org
#################################### UbisoftConnect
ubi.com
ubisoft.com
store.ubi.com
ubisoftconnect.com
connect.ubisoft.com
drops-register.ubi.com
public-ubiservices.ubi.com
ubisoftconnect.cdn.ubi.com
uplaypc-s-ubisoft.cdn.ubi.com
uplaypc-s-ubisoft-ww.cdn.ubi.com
ubisoft-orbit-savegames.s3.amazonaws.com
ubisoft-uplay-savegames.s3.amazonaws.com
#################################### Aliexpress
ae.com
ae-rus.net
alicdn.com
aestatic.net
aliexpress.ru
aliexpress.us
aliexpress.com
aliexpress-media.com
#################################### PSN
scea.com
np.scea.com
ps5update.com
psdownload.com
playstation.net
playstation.com
account.sony.com
psremoteplay.com
ps4.playstation.com
ps5.playstation.com
playstationcloud.com
psapi.playstation.net
store.playstation.com
media.playstation.com
auth.np.ac.playstation.net
sonyentertainmentnetwork.com
np.community.playstation.net
id.sonyentertainmentnetwork.com
#################################### Twitch
twitch.tv
ttvnw.net
jtvnw.net
twimg.com
m.twitch.tv
id.twitch.tv
www.twitch.tv
twitchcdn.net
ext-twitch.tv
twitchsvc.net
api.twitch.tv
gql.twitch.tv
dev.twitch.tv
live-video.net
twitch.a2z.com
chat.twitch.tv
help.twitch.tv
assets.twitch.tv
twitch-shadow.net
passport.twitch.tv
irc.chat.twitch.tv
vod-metro.twitch.tv
twitchcdn-shadow.net
static.twitchcdn.net
vod-secure.twitch.tv
irc-ws.chat.twitch.tv
pubsub-edge.twitch.tv
vod-pop-secure.twitch.tv
####################################

0
zapret/ipset/zapret-hosts-user-ipban.txt
View File

47
zapret/ipset/zapret-hosts-user.txt
View File

@@ -1,24 +1,23 @@
googlevideo.com
youtube.com
m.youtube.com
ytimg.com
s.ytimg.com
ytimg.l.google.com
youtube.l.google.com
i.google.com
youtu.be
yt.be
accounts.youtube.com
consent.youtube.com
realtimesupport.youtube.com
studio.youtube.com
i9.ytimg.com
i.ytimg.com
yt3.ggpht.com
youtubekids.com
googleusercontent.com
googleapis.com
youtubei.googleapis.com
notifications-pa.googleapis.com
gstatic.com
suggestqueries.google.com
dis.gd
discord-attachments-uploads-prd.storage.googleapis.com
discord.app
discord.co
discord.com
discord.design
discord.dev
discord.gift
discord.gifts
discord.gg
discord.media
discord.new
discord.store
discord.status
discord-activities.com
discordactivities.com
discordapp.com
discordapp.net
discordcdn.com
discordmerch.com
discordpartygames.com
discordsays.com
discordsez.com

0
zapret/ipset/zapret-ip-user-exclude.txt
View File

0
zapret/ipset/zapret-ip-user-ipban.txt
View File

0
zapret/ipset/zapret-ip-user.txt
View File

65
zapret/patches/0001-Add-support-log-file-for-each-daemons.patch Normal file
View File

@@ -0,0 +1,65 @@
From 069fb25032d1b85ea57615ca234752e3969b777b Mon Sep 17 00:00:00 2001
From: remittor <remittor@gmail.com>
Date: Sat, 8 Feb 2025 22:04:51 +0300
Subject: [PATCH] Add support log file for each daemons
---
diff --git a/common/custom.sh b/common/custom.sh
index 0af19c0..41c0967 100644
--- a/common/custom.sh
+++ b/common/custom.sh
@@ -13,9 +13,16 @@ custom_runner()
dir_is_not_empty "$CUSTOM_DIR/custom.d" && {
for script in "$CUSTOM_DIR/custom.d/"*; do
[ -f "$script" ] || continue
+ DAEMON_CFGNAME_SAVED="$DAEMON_CFGNAME"
+ unset DAEMON_CFGNAME
unset -f $FUNC
. "$script"
+ if [ -z "$DAEMON_CFGNAME" ]; then
+ DAEMON_CFGNAME="$(basename "$script")"
+ DAEMON_CFGNAME="${DAEMON_CFGNAME%%.*}"
+ fi
existf $FUNC && $FUNC "$@"
+ DAEMON_CFGNAME="$DAEMON_CFGNAME_SAVED"
done
}
}
diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret
index 8d6d3a9..fcb1e91 100755
--- a/init.d/openwrt/zapret
+++ b/init.d/openwrt/zapret
@@ -58,12 +58,29 @@ run_daemon()
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local DAEMONBASE="$(basename "$2")"
echo "Starting daemon $1: $2 $3"
+ local DAEMON_NAME="$DAEMONBASE"
+ local DAEMON_IDNUM=$1
+ local DAEMON_PATH="$2"
+ local DAEMON_ARGS="$3"
+ local DAEMON_LOG=
+ if [ -n "$DAEMON_LOG_FILE" ]; then
+ DAEMON_LOG="$DAEMON_LOG_FILE"
+ DAEMON_LOG=${DAEMON_LOG/<DAEMON_NAME>/$DAEMON_NAME}
+ DAEMON_LOG=${DAEMON_LOG/<DAEMON_IDNUM>/$DAEMON_IDNUM}
+ DAEMON_LOG=${DAEMON_LOG/<DAEMON_CFGNAME>/$DAEMON_CFGNAME}
+ [ -f "$DAEMON_LOG" ] && rm -f "$DAEMON_LOG"
+ if [ "$DAEMON_LOG_ENABLE" = "1" ]; then
+ DAEMON_ARGS="--debug=@$DAEMON_LOG $DAEMON_ARGS"
+ fi
+ fi
procd_open_instance
- procd_set_param command $2 $3
+ procd_set_param command $DAEMON_PATH $DAEMON_ARGS
procd_set_param pidfile $PIDDIR/$DAEMONBASE$1.pid
procd_close_instance
}
+DAEMON_CFGNAME="main"
+
run_tpws()
{
[ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && return 0
--
2.41.0.windows.3

16
zapret/renew-cfg.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/sh
# Copyright (c) 2024 remittor
. /opt/zapret/comfunc.sh
merge_cfg_with_def_values
CONFIGS_SYNC=0
[ ! -f "$ZAPRET_CONFIG" ] && CONFIGS_SYNC=1
[ "$1" = "sync" ] && CONFIGS_SYNC=1
if [ "$CONFIGS_SYNC" = "1" ]; then
# renew main config
/opt/zapret/sync_config.sh
fi

33
zapret/restore-def-cfg.sh Executable file
View File

@@ -0,0 +1,33 @@
#!/bin/sh
# Copyright (c) 2024 remittor
. /opt/zapret/comfunc.sh
cfg_run_on_boot="$( uci -q get zapret.config.run_on_boot )"
opt_flags=${1:--}
opt_strat=$2
if echo "$opt_flags" | grep -q "(reset_ipset)"; then
restore_all_ipset_cfg
fi
create_default_cfg "$opt_flags" "$opt_strat"
if [ "$cfg_run_on_boot" = "1" ]; then
uci set zapret.config.run_on_boot=1
uci commit
fi
ZAPRET_SYNC_CONFIG=0
if [ "$opt_flags" = "sync" ]; then
ZAPRET_SYNC_CONFIG=1
fi
if echo "$opt_flags" | grep -q "(sync)"; then
ZAPRET_SYNC_CONFIG=1
fi
if [ "$ZAPRET_SYNC_CONFIG" = "1" ]; then
# renew main config
/opt/zapret/sync_config.sh
fi

15
zapret/script-exec.sh Executable file
View File

@@ -0,0 +1,15 @@
#!/bin/sh
# Copyright (c) 2024 remittor
LOG_FILE=$1
RC_FILE=$1.rc
shift 1
: > $LOG_FILE
: > $RC_FILE
(
exec </dev/null >/dev/null 2>&1
"$@" >> $LOG_FILE 2>&1
RETCODE=$?
sleep 1
echo $RETCODE > $RC_FILE
) &
exit 0

110
zapret/sync_config.sh
View File

@@ -1,21 +1,30 @@
#!/bin/sh
# Copyright (c) 2024 remittor
EXEDIR=/opt/zapret
ZAPRET_BASE=/opt/zapret
ZAPRET_CONFIG="$ZAPRET_BASE/config"
ZAPRET_CFG=/etc/config/zapret
. /opt/zapret/comfunc.sh
function get_sed_compat
function uncomment_param
{
local str=$( ( echo $1|sed -r 's/([\$\.\*\/\[\\^])/\\\1/g'|sed 's/[]]/\\]/g' )>&1 )
echo "$str"
local param=$1
local fname=${2:-$ZAPRET_CONFIG}
sed -i "/^#$param=/s/^#//" $fname
}
function append_param
{
local param=$1
local fname=${2:-$ZAPRET_CONFIG}
grep -q "^$param=" $fname
if [ "$?" != "0" ]; then
echo "" >> $fname
echo "$param=" >> $fname
fi
}
function set_param_value
{
local param=$1
local value=$( get_sed_compat "$2" )
local value=$( adapt_for_sed "$2" )
local fname=${3:-$ZAPRET_CONFIG}
sed -i "s/^$param=.*/$param=$value/g" $fname
}
@@ -23,7 +32,7 @@ function set_param_value
function set_param_value_str
{
local param=$1
local value=$( get_sed_compat "$2" )
local value=$( adapt_for_sed "$2" )
local fname=${3:-$ZAPRET_CONFIG}
sed -i "s/^$param=.*/$param=\"$value\"/g" $fname
}
@@ -32,36 +41,77 @@ function sync_param
{
local param=$1
local vtype=$2
local value=$( uci -q get zapret.@main[0].$param )
local value="$( uci -q get zapret.config.$param )"
uncomment_param $param
append_param $param
local TAB="$( echo -n -e '\t' )"
if [ "$value" = "$TAB" ]; then
value=""
fi
if [ "$param" = "NFQWS_PORTS_TCP_KEEPALIVE" -o "$param" = "NFQWS_PORTS_UDP_KEEPALIVE" ]; then
[ "$value" = "0" ] && value=""
fi
if [ "$param" = "NFQWS_OPT" -a "$value" != "" ]; then
value=$( echo -n "$value" | sed '/^#/d' )
fi
if [ "$vtype" = "str" ]; then
set_param_value_str $param "$value"
else
set_param_value $param $value
fi
}
sync_param MODE
if [ ! -f "$ZAPRET_CONFIG" ]; then
if [ ! -f "$ZAPRET_CONFIG_DEF" ]; then
touch "$ZAPRET_CONFIG"
else
cp -f "$ZAPRET_CONFIG_DEF" "$ZAPRET_CONFIG"
fi
fi
cp -f "$ZAPRET_CONFIG" "$ZAPRET_CONFIG_NEW"
ZAPRET_CONFIG__SAVED="$ZAPRET_CONFIG"
ZAPRET_CONFIG="$ZAPRET_CONFIG_NEW"
sync_param FWTYPE
sync_param POSTNAT
sync_param FLOWOFFLOAD
sync_param INIT_APPLY_FW
sync_param DISABLE_IPV4
sync_param DISABLE_IPV6
sync_param FILTER_TTL_EXPIRED_ICMP
sync_param MODE_FILTER
sync_param NFQWS_OPT_DESYNC str
sync_param NFQWS_OPT_DESYNC_SUFFIX str
sync_param MODE_HTTP
sync_param MODE_HTTP_KEEPALIVE
sync_param NFQWS_OPT_DESYNC_HTTP str
sync_param NFQWS_OPT_DESYNC_HTTP_SUFFIX str
sync_param NFQWS_OPT_DESYNC_HTTP6 str
sync_param NFQWS_OPT_DESYNC_HTTP6_SUFFIX str
sync_param MODE_HTTPS
sync_param NFQWS_OPT_DESYNC_HTTPS str
sync_param NFQWS_OPT_DESYNC_HTTPS_SUFFIX str
sync_param NFQWS_OPT_DESYNC_HTTPS6 str
sync_param NFQWS_OPT_DESYNC_HTTPS6_SUFFIX str
sync_param MODE_QUIC
sync_param NFQWS_OPT_DESYNC_QUIC str
sync_param NFQWS_OPT_DESYNC_QUIC_SUFFIX str
sync_param NFQWS_OPT_DESYNC_QUIC6 str
sync_param NFQWS_OPT_DESYNC_QUIC6_SUFFIX str
sync_param DISABLE_CUSTOM
sync_param WS_USER str
sync_param DAEMON_LOG_ENABLE
sync_param DAEMON_LOG_FILE str
sync_param AUTOHOSTLIST_RETRANS_THRESHOLD
sync_param AUTOHOSTLIST_FAIL_THRESHOLD
sync_param AUTOHOSTLIST_FAIL_TIME
sync_param AUTOHOSTLIST_DEBUGLOG
sync_param NFQWS_ENABLE
sync_param DESYNC_MARK
sync_param DESYNC_MARK_POSTNAT
sync_param FILTER_MARK str
sync_param NFQWS_PORTS_TCP str
sync_param NFQWS_PORTS_UDP str
sync_param NFQWS_TCP_PKT_OUT str
sync_param NFQWS_TCP_PKT_IN str
sync_param NFQWS_UDP_PKT_OUT str
sync_param NFQWS_UDP_PKT_IN str
sync_param NFQWS_PORTS_TCP_KEEPALIVE str
sync_param NFQWS_PORTS_UDP_KEEPALIVE str
sync_param NFQWS_OPT str
ZAPRET_CONFIG="$ZAPRET_CONFIG__SAVED"
if is_valid_config "$ZAPRET_CONFIG_NEW" ; then
cp -f "$ZAPRET_CONFIG_NEW" "$ZAPRET_CONFIG"
rm -f "$ZAPRET_CONFIG_NEW"
else
rm -f "$ZAPRET_CONFIG_NEW"
return 97
fi

18
zapret/uci-def-cfg.sh Executable file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
# Copyright (c) 2024 remittor
. /opt/zapret/comfunc.sh
# create empty txt files into ipset directory
[ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-google.txt"
#[ ! -f "/opt/zapret/ipset/zapret-hosts-auto.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-auto.txt"
[ ! -f "/opt/zapret/ipset/zapret-hosts-user.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user.txt"
[ ! -f "/opt/zapret/ipset/zapret-hosts-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-hosts-user-ipban.txt"
#[ ! -f "/opt/zapret/ipset/zapret-ip.txt" ] && touch "/opt/zapret/ipset/zapret-ip.txt"
[ ! -f "/opt/zapret/ipset/zapret-ip-user.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user.txt"
[ ! -f "/opt/zapret/ipset/zapret-ip-user-exclude.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-exclude.txt"
[ ! -f "/opt/zapret/ipset/zapret-ip-user-ipban.txt" ] && touch "/opt/zapret/ipset/zapret-ip-user-ipban.txt"
# create or merge uci-config
$ZAPRET_BASE/renew-cfg.sh

415
zapret/update-pkg.sh Executable file
View File

@@ -0,0 +1,415 @@
#!/bin/sh
# Copyright (c) 2025 remittor
. /opt/zapret/comfunc.sh
. /usr/share/libubox/jshn.sh
. /etc/openwrt_release
opt_check=
opt_prerelease=
opt_update=
opt_forced=
opt_test=
while getopts "cu:pft:" opt; do
case $opt in
c) opt_check=true;;
p) opt_prerelease=true;;
u) opt_update="$OPTARG";;
f) opt_forced=true;;
t) opt_test="$OPTARG";;
esac
done
ZAP_PKG_DIR=/tmp/zapret_pkg
if [ "$opt_test" != "" ]; then
echo 1; sleep 2;
echo 2; sleep 2;
echo 3; sleep 2;
echo ' * resolve_conffiles 123456'; sleep 1;
echo 4; sleep 2;
echo END
return "$opt_test"
fi
ZAP_CPU_ARCH=$(get_cpu_arch)
ZAP_REL_URL="https://raw.githubusercontent.com/remittor/zapret-openwrt/gh-pages/releases/releases_zap1_$ZAP_CPU_ARCH.json"
CURL_TIMEOUT=5
CURL_HEADER1="Accept: application/json"
CURL_HEADER2="Cache-Control: no-cache"
REL_JSON=
REL_ACTUAL_TAG=
REL_ACTUAL_PRE=
REL_ACTUAL_URL=
ZAP_OUT=
ZAP_ERR=
ZAP_PKG_URL=
if command -v apk >/dev/null; then
PKG_MGR=apk
ZAP_PKG_EXT=apk
elif command -v opkg >/dev/null; then
PKG_MGR=opkg
ZAP_PKG_EXT=ipk
else
echo "ERROR: No package manager found"
return 1
fi
# -------------------------------------------------------------------------------------------------------
function download_json
{
local url="$1"
curl -s -L --max-time $CURL_TIMEOUT -H "$CURL_HEADER1" -H "$CURL_HEADER2" "$url" 2>/dev/null
return $?
}
function get_pkg_version
{
local pkg_name="$1"
local ver line base
if [ "$PKG_MGR" = opkg ]; then
ver=$( opkg list-installed "$pkg_name" 2>/dev/null | awk -F' - ' '{print $2}' | tr -d '\r' )
if [ -n "$ver" ]; then
echo -n "$ver"
return 0
fi
fi
if [ "$PKG_MGR" = apk ]; then
line=$( apk info -e "$pkg_name" 2>/dev/null || true )
if [ -n "$line" ]; then
base=${line%-r[0-9]*}
ver=${base##*-}
case "$line" in
*-r[0-9]*)
echo -n "$ver${line#$base}"
;;
*)
echo -n "$ver"
;;
esac
return 0
fi
fi
echo ""
return 1
}
function normalize_version
{
local ver="$1"
local base
local major minor rel
case "$ver" in
*-r[0-9]*)
rel="${ver##*-r}"
base="${ver%-r*}"
;;
*)
rel=1
base="$ver"
;;
esac
major="${base%%.*}"
minor="${base#*.}"
[ -z "$minor" ] && minor=0
[ -z "$rel" ] && rel=1
echo "$major.$minor.$rel"
}
function pkg_version_cmp
{
local ver1=$( normalize_version "$1" )
local ver2=$( normalize_version "$2" )
local x1 x2
# major
x1=$( echo "$ver1" | cut -d. -f1 )
x2=$( echo "$ver2" | cut -d. -f1 )
[ "$x1" -gt "$x2" ] && { echo -n "G"; return 0; }
[ "$x1" -lt "$x2" ] && { echo -n "L"; return 0; }
# minor
x1=$( echo "$ver1" | cut -d. -f2 )
x2=$( echo "$ver2" | cut -d. -f2 )
[ "$x1" -gt "$x2" ] && { echo -n "G"; return 0; }
[ "$x1" -lt "$x2" ] && { echo -n "L"; return 0; }
# release
x1=$( echo "$ver1" | cut -d. -f3 )
x2=$( echo "$ver2" | cut -d. -f3 )
[ "$x1" -gt "$x2" ] && { echo -n "G"; return 0; }
[ "$x1" -lt "$x2" ] && { echo -n "L"; return 0; }
echo -n "E"
}
function download_releases_info
{
local txt txtlen txtlines generated_at
REL_JSON=
echo "Download releases info..."
txt=$(download_json $ZAP_REL_URL)
txtlen=${#txt}
txtlines=$(printf '%s\n' "$txt" | wc -l)
if [[ $txtlen -lt 64 ]]; then
echo "ERROR: Cannot download releases info!"
return 104
fi
echo "Releases info downloaded! Size = $txtlen, Lines = $txtlines"
generated_at=$(printf '%s\n' "$txt" | grep -m1 -o '"generated_at"[[:space:]]*:[[:space:]]*".*"' | cut -d'"' -f4)
if [[ "$generated_at" = "" ]]; then
echo "ERROR: Cannot download releases info! (incorrect generated_at)"
return 105
fi
echo "Releases info generated_at = $generated_at"
REL_JSON="$txt"
return 0
}
function get_actual_release
{
local tag url pre idx_list
REL_ACTUAL_TAG=
REL_ACTUAL_PRE=
REL_ACTUAL_URL=
json_load "$(printf '%s' "$REL_JSON")"
if [ $? -ne 0 ]; then
echo "ERROR: incorrect format of ${ZAP_REL_URL##*/}"
json_cleanup
return 151
fi
json_select releases
if [ $? -ne 0 ]; then
echo "ERROR: incorrect format of ${ZAP_REL_URL##*/}"
json_cleanup
return 157
fi
json_get_keys idx_list
# array already sorted by created_at => take first elem
for rel_id in $idx_list; do
json_select "$rel_id" # enter into releases[rel_id]
json_get_var tag tag
json_get_var pre prerelease
#echo "rel_id = $rel_id opt_prerelease = $opt_prerelease pre = $pre"
if [ "$opt_prerelease" != "true" ] && [ "$pre" = "1" ]; then
json_select .. # exit from releases[rel_id]
continue
fi
json_select assets
if [ $? -ne 0 ]; then
echo "ERROR: release[$rel_id] has not include 'assets'"
json_cleanup
return 160
fi
json_select 0 > /dev/null
if [ $? -ne 0 ]; then
json_select 1 > /dev/null
if [ $? -ne 0 ]; then
echo "ERROR: release[$rel_id] include incorrect 'assets'"
json_cleanup
return 162
fi
fi
json_get_var url browser_download_url
json_select .. .. .. # assets-elem -> assets -> releases[rel_id] -> releases
json_cleanup
REL_ACTUAL_TAG="$tag"
REL_ACTUAL_PRE="$pre"
REL_ACTUAL_URL="$url"
return 0
done
json_cleanup
echo "ERROR: latest release for arch \"$ZAP_CPU_ARCH\" not founded!"
return 1 # release not founded
}
# -------------------------------------------------------------------------------------------------------
if [ "$opt_check" != "true" -a "$opt_update" = "" ]; then
echo 'ERROR: Incorrect arguments'
return 4
fi
if [ "$opt_update" = "@" ]; then
opt_check="true"
fi
#echo "DISTRIB_ID: $DISTRIB_ID"
echo "DISTRIB_RELEASE: $DISTRIB_RELEASE"
echo "DISTRIB_DESCRIPTION:" $(get_distrib_param DISTRIB_DESCRIPTION)
echo "DISTRIB_ARCH:" $(get_distrib_param DISTRIB_ARCH)
if ! command -v curl >/dev/null 2>&1; then
echo "ERROR: package \"curl\" not installed!"
return 10
fi
CURL_INFO=$( curl -V )
if ! echo "$CURL_INFO" | grep -q 'https'; then
echo "------- package curl"
echo "$CURL_INFO"
echo "-------"
echo "ERROR: package \"curl\" not supported HTTPS protocol!"
echo "NOTE: Please install package \"curl-ssl\""
return 11
fi
if [ "$opt_check" = "true" ]; then
download_releases_info
ZAP_ERR=$?
if [ $ZAP_ERR -ne 0 ]; then
echo "ERROR: Func download_releases_info return error code: $ZAP_ERR"
return $ZAP_ERR
fi
get_actual_release
ZAP_ERR=$?
if [ $ZAP_ERR -ne 0 ]; then
echo "ERROR: Func get_actual_release return error code: $ZAP_ERR"
return $ZAP_ERR
fi
echo "Latest package version: $REL_ACTUAL_TAG"
echo "Latest package url: $REL_ACTUAL_URL"
fi
ZAP_PKG_SIZE=
ZAP_PKG_SZ=
ZAP_PKG_ZIP_NAME=
ZAP_PKG_FN=
ZAP_PKG_BASE_FN=
ZAP_PKG_LUCI_FN=
ZAP_CUR_PKG_VER=$( get_pkg_version zapret )
echo "Current installed version: $ZAP_CUR_PKG_VER"
if [ "$opt_update" = "" ]; then
ZAP_PKG_URL="$REL_ACTUAL_URL"
if [ "$ZAP_PKG_URL" = "" ]; then
echo "ERROR: actual release not founded!"
return 199
fi
else
ZAP_PKG_URL="$opt_update"
if [ "$opt_update" = "@" ]; then
ZAP_PKG_URL="$REL_ACTUAL_URL"
fi
if [ "$opt_update" = "@" -a "$ZAP_PKG_URL" = "" ]; then
echo "ERROR: actual release not founded!"
return 199
fi
fi
ZAP_PKG_ZIP_NAME=${ZAP_PKG_URL##*/}
ZAP_PKG_ZIP_VER=${ZAP_PKG_ZIP_NAME#*_v}
ZAP_PKG_ZIP_VER=${ZAP_PKG_ZIP_VER%%_*}
if [ "$opt_update" != "" ]; then
if [ "$opt_update" = "@" ]; then
echo "Latest available version: $ZAP_PKG_ZIP_VER"
else
echo "Target requested version: $ZAP_PKG_ZIP_VER"
fi
fi
echo "ZAP_PKG_URL = $ZAP_PKG_URL"
ZAP_VER_CMP=$( pkg_version_cmp "$ZAP_CUR_PKG_VER" "$ZAP_PKG_ZIP_VER" )
if [ "$opt_update" = "" ]; then
if [ "$ZAP_VER_CMP" = "E" ]; then
echo "RESULT: (E) No update required for this package!"
elif [ "$ZAP_VER_CMP" = "G" ]; then
echo "RESULT: (G) You have a newer version installed than the one on GitHub!"
elif [ "$ZAP_VER_CMP" = "L" ]; then
echo "RESULT: (L) You have an older version installed than the one on GitHub!"
else
echo "ERROR: ZAP_PKG_ZIP_VER='$ZAP_PKG_ZIP_VER' ZAP_VER_CMP='$ZAP_VER_CMP'"
return 199
fi
return 0
fi
if [ "$opt_update" != "" ]; then
if [ "$opt_forced" != "true" ]; then
if [ "$ZAP_VER_CMP" = "E" ]; then
echo "RESULT: (E) No update required for this package!"
return 0
fi
fi
ZAP_PKG_DIR=/tmp/zapret_pkg
rm -rf $ZAP_PKG_DIR
ZAP_PKG_HDRS=$( curl -s -I -L --max-time $CURL_TIMEOUT -H "$CURL_HEADER2" "$ZAP_PKG_URL" )
ZAP_PKG_SIZE=$( echo "$ZAP_PKG_HDRS" | grep -i 'content-length: ' | tail -n1 | awk '{print $2}' | tr -d '\r' )
echo "Downloded ZIP-file size = $ZAP_PKG_SIZE bytes"
[ "$ZAP_PKG_SIZE" = "" ] || [[ $ZAP_PKG_SIZE -lt 256 ]] && {
echo "ERROR: incorrect package size!"
return 210
}
mkdir $ZAP_PKG_DIR
ZAP_PKG_FN="$ZAP_PKG_DIR/${ZAP_PKG_URL##*/}"
echo "Download ZIP-file..."
curl -s -L --max-time 15 -H "$CURL_HEADER2" "$ZAP_PKG_URL" -o "$ZAP_PKG_FN"
if [ $? -ne 0 ]; then
echo "ERROR: cannot download package!"
return 215
fi
ZAP_PKG_SZ=$( wc -c < "$ZAP_PKG_FN" )
if [ "$ZAP_PKG_SZ" != "$ZAP_PKG_SIZE" ]; then
echo "ERROR: downloaded package is incorrect! (size = $ZAP_PKG_SZ)"
return 216
fi
if ! command -v unzip >/dev/null 2>&1; then
echo "ERROR: package \"upzip\" not installed!"
return 218
fi
unzip -q "$ZAP_PKG_FN" -d $ZAP_PKG_DIR
rm -f "$ZAP_PKG_FN"
if [ "$PKG_MGR" = "apk" ]; then
if [ ! -d "$ZAP_PKG_DIR/apk" ]; then
echo "ERROR: APK-files not founded"
return 221
fi
rm -f "$ZAP_PKG_DIR/*.ipk"
mv "$ZAP_PKG_DIR/apk/*" "$ZAP_PKG_DIR/"
else
rm -rf "$ZAP_PKG_DIR/apk"
fi
ZAP_PKG_LIST=$( ls -1 "$ZAP_PKG_DIR" )
echo "------ Downloaded packages:"
echo "$ZAP_PKG_LIST"
echo "------"
if [ "$PKG_MGR" != "apk" ]; then
ZAP_PKG_BASE_FN=$( find "$ZAP_PKG_DIR" -maxdepth 1 -type f -name "zapret_*.${ZAP_PKG_EXT}" | head -n 1 )
else
ZAP_PKG_BASE_FN=$( find "$ZAP_PKG_DIR" -maxdepth 1 -type f -name "zapret-[0-9]*.?*.${ZAP_PKG_EXT}" | head -n 1 )
fi
ZAP_PKG_LUCI_FN=$( find "$ZAP_PKG_DIR" -maxdepth 1 -type f -name "luci-app-zapret2*.${ZAP_PKG_EXT}" | head -n 1 )
if [ ! -f "$ZAP_PKG_BASE_FN" ]; then
echo "ERROR: File \"zapret*.${ZAP_PKG_EXT}\" not found!"
return 231
fi
echo "ZAP_PKG_BASE_FN = $ZAP_PKG_BASE_FN"
if [ ! -f "$ZAP_PKG_LUCI_FN" ]; then
echo "ERROR: File \"luci-app-zapret*.${ZAP_PKG_EXT}\" not found!"
return 232
fi
echo "ZAP_PKG_LUCI_FN = $ZAP_PKG_LUCI_FN"
echo "Install downloaded packages..."
if [ "$PKG_MGR" != "apk" ]; then
opkg install --force-reinstall "$ZAP_PKG_BASE_FN"
else
apk add --allow-untrusted --upgrade "$ZAP_PKG_BASE_FN"
fi
if [ $? -ne 0 ]; then
echo "ERROR: Failed to install package $ZAP_PKG_BASE_FN"
return 245
fi
if [ "$PKG_MGR" != "apk" ]; then
opkg install --force-reinstall "$ZAP_PKG_LUCI_FN"
else
apk add --allow-untrusted --upgrade "$ZAP_PKG_LUCI_FN"
fi
if [ $? -ne 0 ]; then
echo "ERROR: Failed to install package $ZAP_PKG_LUCI_FN"
return 247
fi
echo "RESULT: (+) Packages from $ZAP_PKG_ZIP_NAME successfully installed!"
fi

27
zapret/zapret.config
View File

@@ -1,27 +0,0 @@
config main 'config'
option autostart '0'
option FWTYPE 'nftables'
option MODE 'nfqws'
option FLOWOFFLOAD 'none'
option INIT_APPLY_FW '1'
option DISABLE_IPV4 '0'
option DISABLE_IPV6 '1'
option MODE_FILTER 'hostlist'
option NFQWS_OPT_DESYNC '--dpi-desync=fake,disorder2 --dpi-desync-split-pos=1 --dpi-desync-ttl=0 --dpi-desync-fooling=md5sig,badsum --dpi-desync-repeats=6 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin'
option NFQWS_OPT_DESYNC_SUFFIX ''
option MODE_HTTP '1'
option MODE_HTTP_KEEPALIVE '0'
option NFQWS_OPT_DESYNC_HTTP ''
option NFQWS_OPT_DESYNC_HTTP_SUFFIX ''
option NFQWS_OPT_DESYNC_HTTP6 ''
option NFQWS_OPT_DESYNC_HTTP6_SUFFIX ''
option MODE_HTTPS '1'
option NFQWS_OPT_DESYNC_HTTPS ''
option NFQWS_OPT_DESYNC_HTTPS_SUFFIX ''
option NFQWS_OPT_DESYNC_HTTPS6 ''
option NFQWS_OPT_DESYNC_HTTPS6_SUFFIX ''
option MODE_QUIC '1'
option NFQWS_OPT_DESYNC_QUIC '--dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=0 --dpi-desync-any-protocol --dpi-desync-cutoff=d4 --dpi-desync-fooling=md5sig,badsum --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_google_com.bin'
option NFQWS_OPT_DESYNC_QUIC_SUFFIX ''
option NFQWS_OPT_DESYNC_QUIC6 ''
option NFQWS_OPT_DESYNC_QUIC6_SUFFIX ''