Mirror/zapret-openwrt
1
0
Fork 0
mirror of https://github.com/remittor/zapret-openwrt.git synced 2026-01-27 12:50:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: Mirror:v72.20260125
Branches Tags
Mirror:master Mirror:gh-pages Mirror:zap1
Mirror:v72.20260126 Mirror:v0.8.20260125 Mirror:v72.20260125 Mirror:v72.20260119 Mirror:v0.8.20260118 Mirror:v72.20260117 Mirror:v0.8.20260117 Mirror:v72.20260116 Mirror:v72.20260115 Mirror:v72.20260114 Mirror:v0.8.20260113 Mirror:v72.20260113 Mirror:v0.8.20260111 Mirror:v72.20260111 Mirror:v0.8.20260109 Mirror:v72.20260108 Mirror:v0.8.20260107 Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012
..
compare: Mirror:master
Branches Tags
Mirror:gh-pages Mirror:zap1 Mirror:master
Mirror:v72.20260126 Mirror:v0.8.20260125 Mirror:v72.20260125 Mirror:v72.20260119 Mirror:v0.8.20260118 Mirror:v72.20260117 Mirror:v0.8.20260117 Mirror:v72.20260116 Mirror:v72.20260115 Mirror:v72.20260114 Mirror:v0.8.20260113 Mirror:v72.20260113 Mirror:v0.8.20260111 Mirror:v72.20260111 Mirror:v0.8.20260109 Mirror:v72.20260108 Mirror:v0.8.20260107 Mirror:v0.8.20251230 Mirror:v0.8.20251229 Mirror:v0.7.20251227 Mirror:v72.20251227 Mirror:v0.7.20251226 Mirror:v0.7.20251225-r2 Mirror:v72.20251225-r2 Mirror:v0.7.20251225 Mirror:v72.20251225 Mirror:v0.7.20251224 Mirror:v0.7.20251220 Mirror:v0.7.20251219 Mirror:v72.20251219 Mirror:v72.20251218 Mirror:v72.20251217 Mirror:v72.20251216 Mirror:v72.20251213 Mirror:v72.20251212 Mirror:v72.20251122 Mirror:v72.20251022 Mirror:v72.20250924 Mirror:v71.20250918 Mirror:v71.20250708 Mirror:v71.20250607 Mirror:v70.20250505 Mirror:v70.20250419 Mirror:v70.20250405 Mirror:v70.20250323 Mirror:v70.20250213 Mirror:v70.20250210 Mirror:v70.20250116 Mirror:v70-20250109 Mirror:v70-20250109-23.05 Mirror:v69-20241206 Mirror:v69-20241206-23.05 Mirror:v69-20241123 Mirror:v69-20241123-23.05 Mirror:v69-20241121-23.05 Mirror:v69-20241121 Mirror:v69-20241118 Mirror:v69-20241118-23.05 Mirror:v68-20241115 Mirror:v68-20241115-23.05 Mirror:v68-20241110 Mirror:v68-20241110-23.05 Mirror:v67-20241030 Mirror:v67-20241030-23.05 Mirror:v66-20241026-23.05 Mirror:v66-20241026 Mirror:v65-20241025 Mirror:v65-20241025-23.05 Mirror:v65-20241023 Mirror:v65-20241023-23.05 Mirror:v65-20241018 Mirror:v65-20241018-23.05 Mirror:v65-20241016 Mirror:v65-20241016-23.05 Mirror:v64-20241014 Mirror:v64-20241014-23.05 Mirror:v64-20241012

98 Commits
v72.202601 ... master

Author SHA1 Message Date
remittor
83bf86b2f8 luci: service: Rewrite func serviceActionEx 2026-01-26 16:08:37 +03:00
remittor
e2c6c0552e luci: service: Add method getPackageDict 2026-01-26 13:00:54 +03:00
remittor
1f89151fe5 Bump version to v0.8.20260125 2026-01-25 10:07:30 +03:00
remittor
3ff8c4d746 makefile: Update LUA_VER to 5.5 2026-01-25 10:05:55 +03:00
remittor
db1833e93c makefile: Cleanup custom.d directory 2026-01-25 09:59:59 +03:00
remittor
6a50fb9708 luci: Fix typo 2026-01-25 09:49:35 +03:00
remittor
8eb054f2f9 config: Use --comment option for strategy naming 2026-01-25 09:49:15 +03:00
remittor
26d88c1efc ipset: Update zapret-hosts-user-exclude.txt 2026-01-25 09:48:45 +03:00
remittor
1cef4d7db9 diag: Add sites check 2026-01-19 17:36:15 +03:00
remittor
0aaee0ad36 luci: updater: Fix check result after checkUpdates 2026-01-18 14:22:47 +03:00
remittor
2500109837 Bump version to v0.8.20260118 2026-01-18 13:35:06 +03:00
remittor
05b84183d9 luci: updater: Using 3 buttons and fix execAndRead 2026-01-18 13:34:55 +03:00
remittor
2d32f04071 luci: Fix error "XHR request timed out" into execAndRead 2026-01-18 10:01:27 +03:00
remittor
bf418db17e luci: Fix file permissions for saved configs 2026-01-17 17:36:54 +03:00
remittor
c574e04a2b luci: NFQWS2_OPT: Block enter text with quotes 2026-01-17 15:52:46 +03:00
remittor
1f0d674185 luci: Using dict for arguments of function 2026-01-17 15:52:10 +03:00
remittor
27dab23ed2 Bump version to v0.8.20260117 2026-01-17 11:02:28 +03:00
remittor
5a6c607fee makefile: Cleanup conffiles and install sections 2026-01-16 20:24:27 +03:00
remittor
0309b4b94c updater: Add uninstall oldest mdig and ip2net packages 2026-01-16 20:08:21 +03:00
remittor
13b6e4611a ipset: Update zapret-hosts-user-exclude.txt 2026-01-16 20:01:28 +03:00
remittor
15a6f9e5ae settings: Add new options on "Reset settings" dialog 2026-01-16 19:59:40 +03:00
remittor
4aca2043c1 diag: dwc: Add support resolve ip via specific dns and add recommendations 2026-01-16 19:53:07 +03:00
remittor
84f297492a luci: Fix save very long textareas to file 2026-01-16 11:33:09 +03:00
remittor
685afc1a69 comfunc: Fix recreating crontab log cleaning task on restart 
PR: ad6b23f4aa
 2026-01-13 21:42:04 +03:00
remittor
a84174e51d luci: Fix show NFQWS2_OPT 2026-01-13 21:36:30 +03:00
remittor
ee8089e1bb Bump version to v0.8.20260113 2026-01-13 14:37:26 +03:00
remittor
4dd7030c60 makefile: Fix conffiles section and other fixes 2026-01-13 14:31:21 +03:00
remittor
00490e3b5d shell: Fix sh-scripts (copilot) 2026-01-13 14:17:07 +03:00
remittor
126e7dea89 Fix uci-def-cfg.sh 2026-01-13 14:15:25 +03:00
remittor
fc85552e4e updater: Fix pkg_mgr_update for opkg 2026-01-13 14:14:57 +03:00
remittor
e15eaafa33 luci: Add description for "Diagnostics" button 2026-01-13 14:11:00 +03:00
remittor
5b331132a1 github: releases: Add step "Wait for GitHub API consistency" 2026-01-12 22:51:52 +03:00
remittor
5711c1f2d4 config: Fix sync for AUTOHOSTLIST_RETRANS_RESET 2026-01-12 21:56:01 +03:00
remittor
0ee7ae325e diag: Fix bugs in dwc.sh 2026-01-11 19:09:07 +03:00
remittor
c4ce5c1aeb diag: Fix load comfunc.sh 2026-01-11 17:30:42 +03:00
remittor
d50aa75e94 makefile: skip init.d.sh 2026-01-11 16:09:35 +03:00
remittor
77f8f94d38 Bump version to v0.8.20260111 2026-01-11 15:31:38 +03:00
remittor
f7e01283e7 diag: Fix DPI checker 2026-01-11 15:30:48 +03:00
remittor
5b997a5eb5 config: Add new option AUTOHOSTLIST_RETRANS_RESET 2026-01-11 14:49:19 +03:00
remittor
0e2940c338 ipset: Update zapret-hosts-user-exclude.txt 2026-01-11 14:21:48 +03:00
remittor
0e31e5d804 Add diagnostic button (DPI checker) 2026-01-11 11:54:19 +03:00
remittor
ab50c2099b luci: updater: Add new func tools.execAndRead 2026-01-10 20:51:11 +03:00
remittor
17afabe150 luci: Fix update text after edit for NFQWS2_OPT 2026-01-10 10:56:58 +03:00
remittor
2ecf3cf5d0 luci: Fix js-files for unification 2026-01-09 22:31:11 +03:00
remittor
9e8046d734 luci: Splitting file tools.js into two parts (add file env.js) 2026-01-09 21:58:12 +03:00
remittor
c68236c8fd Replace "founded" to "found" 2026-01-09 17:36:26 +03:00
remittor
706f92fea7 config: Update default values 
src: https://github.com/bol-van/zapret2/commits/master/config.default
 2026-01-09 17:10:18 +03:00
remittor
d747201f9b Bump version to v0.8.20260109 2026-01-09 16:55:37 +03:00
remittor
9ead0e1d30 build: Rewrite build script (using OpenWrt SDK from github) 2026-01-09 16:55:24 +03:00
remittor
b37b35db80 updater: Add support install packages on clean OpenWrt 
Example: ./update-pkg.sh -u 1
Example: ./update-pkg.sh -u 2
 2026-01-08 18:33:51 +03:00
remittor
9737a10e1f Bump version to v0.8.20260107 2026-01-07 23:08:59 +03:00
remittor
bc1af90349 Integrate mdig and ip2net to main package 2026-01-01 20:59:37 +03:00
remittor
11f632259e Remove mdig and ip2net packages 2026-01-01 12:30:10 +03:00
remittor
a215600415 Bump version to v0.8.20251230 2025-12-30 13:38:10 +03:00
remittor
28e6c466cb updater: Change get_actual_release error 1 to 150 2025-12-30 13:36:13 +03:00
remittor
c72921f2fa zapret: Global use of dynamic variables 2025-12-29 21:10:58 +03:00
remittor
55041b3b16 luci: updater: Skip error -32000 2025-12-29 19:36:59 +03:00
remittor
bf012b36bf updater: Fix get_pkg_version for OpenWrt 25 2025-12-29 18:33:58 +03:00
remittor
9717bc8ff7 Bump version to v0.8.20251229 2025-12-29 18:16:24 +03:00
remittor
61e234ab12 build: Rename base directories 2025-12-28 20:17:33 +03:00
remittor
c11ca1ca2e Rename all directories 2025-12-28 20:15:29 +03:00
remittor
dd35b5d50a Bump version to v0.7.20251227 2025-12-27 13:18:59 +03:00
remittor
072b742a13 luci: tools: Fix modal dialog for NFQWS2_OPT 2025-12-27 10:47:53 +03:00
remittor
487d92bda2 updater: Fix files renaming 2025-12-26 15:44:11 +03:00
remittor
71eccc6057 Bump version to v0.7.20251226 2025-12-26 09:00:21 +03:00
remittor
5f92425261 luci: Rename handleSave to handleSaveAdv 2025-12-26 08:58:30 +03:00
remittor
950672426c updater: Update func download_releases_info 2025-12-26 08:56:45 +03:00
remittor
d0c49a8e6f def-cfg: Add new strategy v2_by_Schiz23 2025-12-26 08:03:58 +03:00
remittor
2da0526472 Bump version to v0.7.20251225-r2 2025-12-25 18:06:29 +03:00
remittor
c9823adaae luci: tools: Fix show and close modal dialog for NFQWS_OPT 2025-12-25 18:01:29 +03:00
remittor
d14f26a8cb updater: Fix find base package after ZIP unpack 2025-12-25 14:54:49 +03:00
remittor
ecf49f1be8 Bump version to v0.7.20251225 2025-12-25 09:01:37 +03:00
remittor
3ef469b416 fake: Add TLS 1.3 hello from max.ru 2025-12-25 08:25:52 +03:00
remittor
88665d417a luci: tools: Fix close modal dialog for NFQWS2_OPT 2025-12-24 18:49:41 +03:00
remittor
35fb6e9a43 luci: updater: Fix timer using 2025-12-24 14:38:07 +03:00
remittor
9c7f906b72 Bump version to v0.7.20251224 2025-12-24 10:30:59 +03:00
remittor
bd3d224178 def-cfg: Add new strategy v1_by_Schiz23 2025-12-24 10:27:40 +03:00
remittor
fcf7889a93 luci: tools: Fix close modal dialog for NFQWS_OPT 2025-12-23 14:15:22 +03:00
remittor
76dcf0638d luci: dmnlog: Fix load tools.js 2025-12-20 14:16:47 +03:00
remittor
d20c81b1c1 Bump version to v0.7.20251220 2025-12-20 10:43:48 +03:00
remittor
ea2a39877d Makefile: Fix build with LUA 
Source: https://github.com/spvkgn/zapret2-openwrt/blob/main/package/nfqws2/Makefile
 2025-12-20 10:24:43 +03:00
remittor
85b7f91767 comfunc: Fix remove debug log 2025-12-20 10:12:25 +03:00
remittor
7cd7293424 luci: settings: Fix NFQWS2_PORTS_UDP_KEEPALIVE 2025-12-20 10:12:14 +03:00
remittor
116ce93c63 Bump version to v0.7.20251219 2025-12-19 17:23:10 +03:00
remittor
4f586e66b0 build: Delete riscv64 arch 2025-12-19 17:22:53 +03:00
remittor
3e19c9c9e2 luci: Fix for show menu Zapret2 2025-12-19 14:23:11 +03:00
remittor
980dd77ba1 def-cfg: Fix DAEMON_LOG_FILE value 2025-12-19 13:58:38 +03:00
remittor
aaef886826 updater: Add check for unzip installed 2025-12-19 11:12:27 +03:00
remittor
c8558cf6c1 updater: Adapt code for new version format 2025-12-19 10:44:49 +03:00
remittor
c6e2e79683 updater: Fix parsing package version (APK) 2025-12-19 10:23:52 +03:00
remittor
08e6776a81 zapret: Add depends from luajit 2025-12-18 18:11:45 +03:00
remittor
509b834729 zapret: Makefile: Fix Package-install section 2025-12-18 17:43:49 +03:00
remittor
003160cb05 build: Fix compile packages 2025-12-18 17:22:18 +03:00
remittor
682d153742 zapret: Add depends from liblua 2025-12-18 17:02:33 +03:00
remittor
e2810bbe98 build: Fix detection tag-version 2025-12-18 16:49:04 +03:00
remittor
7aecaa4ab7 config: Add new options for AutoHostList 2025-12-18 16:42:41 +03:00
remittor
03e8513703 luci: Rename files: zapret -> zapret2 2025-12-18 16:38:57 +03:00
remittor
7a4825a708 Add support Zapret2 
Sources: https://github.com/bol-van/zapret2
 2025-12-18 16:35:13 +03:00
46 changed files with 572 additions and 1313 deletions
Expand all files Collapse all files

80
.github/ISSUE_TEMPLATE/bug_report_en.yml vendored
View File

@@ -1,80 +0,0 @@
---
name: 🐛 Bug Report
description: Report a reproducible bug
title: "[BUG] "
labels: ["bug"]
assignees: []
body:
- type: markdown
attributes:
value: |
Thanks for reporting a bug! Please fill out the form below.
Before sending, please:
- Check [existing issues](https://github.com/remittor/zapret-openwrt/issues)
- Read [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Bug description
description: A clear and concise description of what is not working
placeholder: A clear and concise description of the bug
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Steps to reproduce
description: Steps to reproduce the problem. If you're following a manual, please include a link to it.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Expected behavior
description: A clear and concise description of what was to happen
placeholder: Describe the expected behavior
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ System Information
description: |
Information about your system (fill in all that used)
value: |
- **OpenWrt version**:
- **Zapret version**:
- **Router model**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ The NFQWS strategy used
description: All parameters of the NFQWS strategy, or its name
placeholder: If the problem is caused by the NFQWS strategy
- type: textarea
id: config
attributes:
label: ⚙️ System Configurations
description: |
Relevant parts of the configuration (remove sensitive information!)
placeholder: |
For example:
- Contents of /etc/config/zapret
- Firewall configuration (Flow offloading, etc.)
- Additional configurations required for wireless/network/dhcp, etc.
render: shell

80
.github/ISSUE_TEMPLATE/bug_report_ru.yml vendored
View File

@@ -1,80 +0,0 @@
---
name: 🐛 Сообщение об ошибке
description: Сообщить об ошибке
title: "[BUG] "
labels: ["bug"]
assignees: []
body:
- type: markdown
attributes:
value: |
Спасибо за создание отчета об ошибке!
Перед отправкой, пожалуйста:
- Проверьте [существующие issues](https://github.com/remittor/zapret-openwrt/issues)
- Просмотрите [документацию](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Описание проблемы
description: Четкое и краткое описание того, что не работает
placeholder: Опишите проблему
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Шаги для воспроизведения
description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по какому либо мануалу, приложите ссылку на него.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Ожидаемое поведение
description: Четкое и краткое описание того, что должно было произойти
placeholder: Опишите ожидаемое поведение
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ Информация о системе
description: |
Информация о вашей системе (заполните всё применяемое)
value: |
- **OpenWrt версия**:
- **Zapret версия**:
- **Роутер модель**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ Используемая стратегия NFQWS
description: Все параметры стратегии NFQWS, либо её название
placeholder: Если проблема вызвана стратегией NFQWS
- type: textarea
id: config
attributes:
label: ⚙️ Конфигурация
description: |
Релевантные части конфигурации (удалите чувствительную информацию!)
placeholder: |
Например:
- Содержимое /etc/config/zapret
- Конфигурация файервола (опция Flow offloading и т.п.)
- Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
render: shell

9
.github/ISSUE_TEMPLATE/config.yml vendored
View File

@@ -1,9 +0,0 @@
blank_issues_enabled: false
contact_links:
- name: 💬 Installation instructions / Инструкция по установке
url: https://github.com/remittor/zapret-openwrt/wiki/Installing-zapret%E2%80%90openwrt-package
about: Installation instructions / Инструкция по установке
- name: 📚 Original documetation / Оригинальная документация к zapret'у
url: https://github.com/bol-van/zapret/blob/master/docs/readme.md
about: README zapret

66
.github/ISSUE_TEMPLATE/feature_request_en.yml vendored
View File

@@ -1,66 +0,0 @@
---
name: ✨ Feature Request
description: Suggest a new feature or improvement
title: "[FEATURE] "
labels: ["enhancement", "needs-discussion"]
assignees: []
body:
- type: markdown
attributes:
value: |
Before sending, please:
- Check [existing requests](https://github.com/remittor/zapret-openwrt/issues?q=is%3Aissue+label%3Aenhancement)
- Make sure the function doesn't exist in [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: summary
attributes:
label: Brief description
description: Brief description of the proposed function
placeholder: In one sentence, describe what you want to add...
validations:
required: true
- type: textarea
id: problem
attributes:
label: The problem it solves
description: |
Description of the problem or inconvenience this feature will solve
placeholder: |
There is no possibility now [...]
validations:
required: true
- type: textarea
id: solution
attributes:
label: 💡 Proposed solution
description: A clear and concise description of what you want to achieve
placeholder: |
I want Zapret to be able to [...]
I suggest adding a feature that [...]
Could be improved [...]
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Workaround
description: |
Describe any alternative solutions or features you considered.
Are there any workarounds you currently use?
placeholder: |
I'm currently solving this problem by [...]
An alternative would be [...]
I tried using [...], but it doesn't work because [...]
- type: textarea
id: implementation
attributes:
label: Implementation ideas (optional)
description: |
If you have any ideas on how this could be implemented, please share them. Please keep LuCI's limitations in mind.
placeholder: |
This can be achieved using [...]

68
.github/ISSUE_TEMPLATE/feature_request_ru.yml vendored
View File

@@ -1,68 +0,0 @@
---
name: ✨ Запрос новой функции
description: Предложите новую функцию или улучшение для Zapret
title: "[FEATURE] "
labels: ["enhancement", "needs-discussion"]
assignees: []
body:
- type: markdown
attributes:
value: |
Спасибо за предложение новой функции!
Перед отправкой, пожалуйста:
- Проверьте [существующие запросы](https://github.com/remittor/zapret-openwrt/issues?q=is%3Aissue+label%3Aenhancement)
- Убедитесь, что функции не существует в [документации](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: summary
attributes:
label: Краткое описание
description: Краткое описание предлагаемой функции
placeholder: В одном предложении опишите, что вы хотите добавить...
validations:
required: true
- type: textarea
id: problem
attributes:
label: Проблема, которую решает
description: |
Описание проблемы или неудобства, которое решит эта функция
placeholder: |
Сейчас нет возможности [...]
validations:
required: true
- type: textarea
id: solution
attributes:
label: 💡 Предлагаемое решение
description: Четкое и краткое описание того, что вы хотите реализовать
placeholder: |
Я хочу, чтобы Zapret мог [...]
Предлагаю добавить функцию, которая [...]
Можно было бы улучшить [...] путем [...]
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Workaround
description: |
Опишите альтернативные решения или функции, которые вы рассматривали
Есть ли обходные пути, которые вы используете сейчас?
placeholder: |
Сейчас я решаю это проблему путем [...]
Альтернативой могло бы быть [...]
Пробовал использовать [...], но это не подходит потому что [...]
- type: textarea
id: implementation
attributes:
label: Идеи реализации (опционально)
description: |
Если у вас есть идеи о том, как это можно реализовать, поделитесь ими. Помните про ограничения LuCI.
placeholder: |
Это можно реализовать с помощью [...]

78
.github/ISSUE_TEMPLATE/help_wanted_en.yml vendored
View File

@@ -1,78 +0,0 @@
---
name: 🆘 Help wanted
description: Ask for help or propose to help
title: "[HELP] "
labels: ["help wanted"]
assignees: []
body:
- type: markdown
attributes:
value: |
Before sending, please:
- Check [existing issues](https://github.com/remittor/zapret-openwrt/issues)
- Read [documentation](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Problem description
description: What do you need help with?
placeholder: A clear and concise description of the problem
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Steps to reproduce
description: Steps to reproduce the problem. If you're following a manual, please include a link to it.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Expected behavior
description: A clear and concise description of what was to happen
placeholder: Describe the expected behavior
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ System Information
description: |
Information about your system (fill in all that used)
value: |
- **OpenWrt version**:
- **Zapret version**:
- **Router model**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ The NFQWS strategy used
description: All parameters of the NFQWS strategy, or its name
placeholder: If the problem is caused by the NFQWS strategy
- type: textarea
id: config
attributes:
label: ⚙️ System Configurations
description: |
Relevant parts of the configuration (remove sensitive information!)
placeholder: |
For example:
- Contents of /etc/config/zapret
- Firewall configuration (Flow offloading, etc.)
- Additional configurations required for wireless/network/dhcp, etc.
render: shell

78
.github/ISSUE_TEMPLATE/help_wanted_ru.yml vendored
View File

@@ -1,78 +0,0 @@
---
name: 🆘 Нужна помощь
description: Нужна помощь
title: "[HELP] "
labels: ["help wanted"]
assignees: []
body:
- type: markdown
attributes:
value: |
Перед отправкой, пожалуйста:
- Проверьте [существующие issues](https://github.com/remittor/zapret-openwrt/issues)
- Просмотрите [документацию](https://github.com/remittor/zapret-openwrt/wiki/)
- type: textarea
id: description
attributes:
label: 📝 Описание проблемы
description: В чём именно нужна помощь?
placeholder: Опишите проблему
validations:
required: true
- type: textarea
id: reproduction
attributes:
label: Шаги для воспроизведения
description: Шаги для воспроизведения проблемы. Если вы настраваете что-то по какому либо мануалу, приложите ссылку на него.
placeholder: |
1.
2.
3.
4.
validations:
required: true
- type: textarea
id: expected
attributes:
label: ✅ Ожидаемое поведение
description: Четкое и краткое описание того, что должно было произойти
placeholder: Опишите ожидаемое поведение
validations:
required: true
- type: textarea
id: environment
attributes:
label: 🖥️ Информация о системе
description: |
Информация о вашей системе (заполните всё применяемое)
value: |
- **OpenWrt версия**:
- **Zapret версия**:
- **Роутер модель**:
render: markdown
validations:
required: true
- type: textarea
id: strategy
attributes:
label: ✅ Используемая стратегия NFQWS
description: Все параметры стратегии NFQWS, либо её название
placeholder: Если проблема вызвана стратегией NFQWS
- type: textarea
id: config
attributes:
label: ⚙️ Конфигурация
description: |
Релевантные части конфигурации (удалите чувствительную информацию!)
placeholder: |
Например:
- Содержимое /etc/config/zapret
- Конфигурация файервола (опция Flow offloading и т.п.)
- Дополнительные конфиги, которые потребуются wireless/network/dhcp и т.д.
render: shell

24
.github/workflows/build.yml vendored
View File

@@ -155,8 +155,6 @@ jobs:
- mipsel_24kc_24kf
- mipsel_74kc
- mipsel_mips32
- riscv64_riscv64
- riscv64_generic
- x86_64
isTestOrFake:
- ${{ needs.check.outputs.test_build == 'true' || needs.check.outputs.fake_build == 'true' }}
@@ -165,10 +163,6 @@ jobs:
arch: arm_cortex-a9_vfpv3-d16
- branch: ${{ needs.var.outputs.APK_BRANCH }}
arch: mips_4kec
- branch: ${{ needs.var.outputs.APK_BRANCH }}
arch: riscv64_riscv64
- branch: ${{ needs.var.outputs.IPK_BRANCH }}
arch: riscv64_generic
- { isTestOrFake: true }
include:
- branch: ${{ needs.var.outputs.IPK_BRANCH }}
@@ -276,8 +270,6 @@ jobs:
run: |
make defconfig
sed -i 's/CONFIG_LUCI_JSMIN=y/CONFIG_LUCI_JSMIN=n/g' .config
sed -i 's/CONFIG_LUCI_CSSMIN=y/CONFIG_LUCI_CSSMIN=n/g' .config
grep -q '^CONFIG_LUCI_CSSMIN=' .config || echo 'CONFIG_LUCI_CSSMIN=n' >> .config
echo "status=success" >> $GITHUB_OUTPUT
- name: Show config
@@ -292,9 +284,9 @@ jobs:
env:
ARCH_TAG: ${{ matrix.arch }}
run: |
PKGLIST="package/zapret-openwrt/zapret/compile"
PKGLIST="package/zapret-openwrt/zapret2/compile"
if [ "$ARCH_TAG" = "$LUCI_ARCH" ]; then
PKGLIST="$PKGLIST package/zapret-openwrt/luci-app-zapret/compile"
PKGLIST="$PKGLIST package/zapret-openwrt/luci-app-zapret2/compile"
fi
MAKE_JOBS=$(nproc)
echo "$MAKE_JOBS thread compile"
@@ -314,8 +306,8 @@ jobs:
run: |
OUT_DIR=./bin/packages/dev_x/base
mkdir -p $OUT_DIR
touch $OUT_DIR/zapret_$PKGVER-$ARCH_TAG.$PKGTYPE
touch $OUT_DIR/luci-app-zapret_$PKGVER-all.$PKGTYPE
touch $OUT_DIR/zapret2_$PKGVER-$ARCH_TAG.$PKGTYPE
touch $OUT_DIR/luci-app-zapret2_$PKGVER-all.$PKGTYPE
echo "status=success" >> $GITHUB_OUTPUT
- name: Install packages
@@ -326,7 +318,7 @@ jobs:
ARCH_TAG: ${{ matrix.arch }}
SIGN_KEY: ${{ secrets.SIGN_PRIVATE_KEY }}
run: |
find ./bin/packages/*/base -type f ! -regex ".*\(zapret\).*\.[ai]pk$" -delete
find ./bin/packages/*/base -type f ! -regex ".*\(zapret2\).*\.[ai]pk$" -delete
#echo ">>>>>>> build a repository index to make the output directory usable as local OPKG source"
#ln -s `which usign` staging_dir/host/bin/usign
#echo "$SIGN_KEY" | base64 -d > key-build
@@ -392,7 +384,7 @@ jobs:
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec cp -f "$LUCI_IPK" "{}/" \;
find ./sorted -mindepth 2 -maxdepth 2 -type d -name "apk" -exec cp -f "$LUCI_APK" "{}/" \;
mkdir -p public
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec sh -c '7z a ./public/zapret_v${PKGVER}_$(basename "{}" | cut -d, -f3).zip {}/*' \;
find ./sorted -mindepth 1 -maxdepth 1 -type d -exec sh -c '7z a ./public/zapret2_v${PKGVER}_$(basename "{}" | cut -d, -f3).zip {}/*' \;
ls -lh ./public/*.zip
- name: Upload assets
@@ -404,7 +396,7 @@ jobs:
draft: ${{ env.TEST_BUILD == 'true' || env.FAKE_BUILD == 'true' }}
prerelease: true
tag_name: v${{ needs.build.outputs.pkgver }}${{ env.TAG_SUFFIX }}
name: zapret v${{ needs.build.outputs.pkgver }}
name: zapret2 v${{ needs.build.outputs.pkgver }}
body: |
zapret v${{ needs.build.outputs.pkgver }} for OpenWrt
zapret2 v${{ needs.build.outputs.pkgver }} for OpenWrt
files: ./public/*.zip

5
README.md
View File

@@ -2,12 +2,13 @@
[![Github All Releases](https://img.shields.io/github/downloads/remittor/zapret-openwrt/total.svg)](https://github.com/remittor/zapret-openwrt/releases)
[![Github Latest Release](https://img.shields.io/github/downloads/remittor/zapret-openwrt/latest/total.svg)](https://github.com/remittor/zapret-openwrt/releases)
[![ViewCount](https://views.whatilearened.today/views/github/remittor/zapret-openwrt.svg)](https://github.com/remittor/zapret-openwrt)
[![Hits](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fremittor%2Fzapret-openwrt&count_bg=%2379C83D&title_bg=%23555555&icon=&icon_color=%23E7E7E7&title=hits&edge_flat=false)](https://github.com/remittor/zapret-openwrt/releases)
[![Donations Page](https://github.com/andry81-cache/gh-content-static-cache/raw/master/common/badges/donate/donate.svg)](https://github.com/remittor/donate)
# zapret-openwrt
Zapret is not a VPN! Zapret is an Anti-DPI utility!
Zapret2 is not a VPN! Zapret2 is an Anti-DPI utility!
[Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki)
[Instructions for installing](https://github.com/remittor/zapret-openwrt/wiki/Installing-zapretopenwrt-package)
[Download page](https://github.com/remittor/zapret-openwrt/releases)

53
luci-app-zapret/htdocs/luci-static/resources/view/zapret/env.js
View File

@@ -1,53 +0,0 @@
'use strict';
'require baseclass';
return baseclass.extend({
packager : { },
appName : 'zapret',
AppName : 'Zapret',
execPath : '/etc/init.d/zapret',
appDir : '/opt/zapret',
syncCfgPath : '/opt/zapret/sync_config.sh',
defCfgPath : '/opt/zapret/def-cfg.sh',
defaultCfgPath : '/opt/zapret/restore-def-cfg.sh',
hostsGoogleFN : '/opt/zapret/ipset/zapret-hosts-google.txt',
hostsUserFN : '/opt/zapret/ipset/zapret-hosts-user.txt',
hostsUserExcludeFN: '/opt/zapret/ipset/zapret-hosts-user-exclude.txt',
iplstExcludeFN : '/opt/zapret/ipset/zapret-ip-exclude.txt',
iplstUserFN : '/opt/zapret/ipset/zapret-ip-user.txt',
iplstUserExcludeFN: '/opt/zapret/ipset/zapret-ip-user-exclude.txt',
custFileMax : 4,
custFileTemplate : '/opt/zapret/ipset/cust%s.txt',
customdPrefixList : [ 10, 20, 50, 60, 90 ] ,
customdFileFormat : '/opt/zapret/init.d/openwrt/custom.d/%s-script.sh',
discord_num : 50,
discord_url : [ 'https://github.com/bol-van/zapret/blob/4e8e3a9ed9dbeb1156db68dfaa7b353051c13797/init.d/custom.d.examples.linux/50-discord',
'https://github.com/bol-van/zapret/blob/b251ea839cc8f04c45090314ef69fce69f2c00f2/init.d/custom.d.examples.linux/50-discord-media',
'https://github.com/bol-van/zapret/blob/b251ea839cc8f04c45090314ef69fce69f2c00f2/init.d/custom.d.examples.linux/50-stun4all',
'https://github.com/bol-van/zapret/tree/master/init.d/custom.d.examples.linux'
],
nfqws_opt_url : 'https://github.com/remittor/zapret-openwrt/discussions/168',
autoHostListFN : '/opt/zapret/ipset/zapret-hosts-auto.txt',
autoHostListDbgFN : '/opt/zapret/ipset/zapret-hosts-auto-debug.log',
load_env: function(dst_obj) {
let env_proto = Object.getPrototypeOf(this);
Object.getOwnPropertyNames(env_proto).forEach(function(key) {
if (key === 'constructor' || key === 'load_env' || key.startsWith('__'))
return;
dst_obj[key] = env_proto[key];
});
dst_obj.packager = { };
if (L.hasSystemFeature('apk')) {
dst_obj.packager.name = 'apk';
dst_obj.packager.path = '/usr/bin/apk';
dst_obj.packager.args = [ 'list', '-I', '*'+this.appName+'*' ];
} else {
dst_obj.packager.name = 'opkg';
dst_obj.packager.path = '/bin/opkg';
dst_obj.packager.args = [ 'list-installed', '*'+this.appName+'*' ];
}
}
});

46
luci-app-zapret/root/usr/share/luci/menu.d/luci-app-zapret.json
View File

@@ -1,46 +0,0 @@
{
"admin/services/zapret": {
"title": "Zapret",
"order": 61,
"action": {
"type": "alias",
"path": "admin/services/zapret/service"
},
"depends": {
"acl": [ "luci-app-zapret" ],
"fs": {
"/opt/zapret/sync_config.sh": "executable",
"/opt/zapret/restore-def-cfg.sh": "executable",
"/etc/init.d/zapret": "executable"
},
"uci": { "zapret": true }
}
},
"admin/services/zapret/service": {
"title": "Service",
"order": 10,
"action": {
"type": "view",
"path": "zapret/service"
}
},
"admin/services/zapret/settings": {
"title": "Settings",
"order": 20,
"action": {
"type": "view",
"path": "zapret/settings"
}
},
"admin/services/zapret/dmnlog": {
"title": "Log Viewer",
"order": 30,
"action": {
"type": "view",
"path": "zapret/dmnlog"
}
}
}

40
luci-app-zapret/root/usr/share/rpcd/acl.d/luci-app-zapret.json
View File

@@ -1,40 +0,0 @@
{
"luci-app-zapret": {
"description": "Grant access to zapret procedures",
"read": {
"cgi-io": [ "exec" ],
"file": {
"/opt/zapret/config": [ "read" ],
"/opt/zapret/ipset/*": [ "read" ],
"/opt/zapret/init.d/openwrt/custom.d/*": [ "read" ],
"/etc/crontabs/root": [ "read" ],
"/tmp/zapret*": [ "read" ],
"/etc/init.d/zapret*": [ "exec" ],
"/bin/ps*": [ "exec" ],
"/bin/cat*": [ "exec" ],
"/bin/busybox*": [ "exec" ],
"/bin/opkg*": [ "exec" ],
"/usr/bin/apk*": [ "exec" ],
"/usr/bin/find*": [ "exec" ],
"/opt/zapret/restore-def-cfg.sh*": [ "exec" ],
"/opt/zapret/script-exec.sh*": [ "exec" ],
"/opt/zapret/update-pkg.sh*": [ "exec" ],
"/opt/zapret/sync_config.sh*": [ "exec" ]
},
"uci": [ "zapret", "network" ],
"ubus": {
"luci": [ "getInitList", "setInitAction" ],
"service": [ "list" ]
}
},
"write": {
"file": {
"/opt/zapret/config": [ "write" ],
"/opt/zapret/ipset/*": [ "write" ],
"/opt/zapret/init.d/openwrt/custom.d/*": [ "write" ],
"/etc/crontabs/root": [ "write" ]
},
"uci": [ "zapret" ]
}
}
}

8
luci-app-zapret/Makefile → luci-app-zapret2/Makefile
View File

@@ -4,14 +4,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-zapret
PKG_VERSION:=72.20260125
PKG_NAME:=luci-app-zapret2
PKG_VERSION:=0.8.20260125
PKG_RELEASE:=1
PKG_LICENSE:=MIT
PKG_MAINTAINER:=remittor <https://github.com/remittor>
LUCI_TITLE:=LuCI support for zapret
LUCI_DEPENDS:=+zapret
LUCI_TITLE:=LuCI support for zapret2
LUCI_DEPENDS:=+zapret2
LUCI_PKGARCH:=all
define Package/$(PKG_NAME)/postinst

2
luci-app-zapret/htdocs/luci-static/resources/view/zapret/diagnost.js → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/diagnost.js
View File

@@ -5,7 +5,7 @@
'require uci';
'require ui';
'require view';
'require view.zapret.tools as tools';
'require view.zapret2.tools as tools';
const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action';

2
luci-app-zapret/htdocs/luci-static/resources/view/zapret/dmnlog.js → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/dmnlog.js
View File

@@ -5,7 +5,7 @@
'require poll';
'require uci';
'require ui';
'require view.zapret.tools as tools';
'require view.zapret2.tools as tools';
return view.extend({
retrieveLog: async function() {

52
luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/env.js Normal file
View File

@@ -0,0 +1,52 @@
'use strict';
'require baseclass';
return baseclass.extend({
packager : { },
appName : 'zapret2',
AppName : 'Zapret2',
execPath : '/etc/init.d/zapret2',
appDir : '/opt/zapret2',
syncCfgPath : '/opt/zapret2/sync_config.sh',
defCfgPath : '/opt/zapret2/def-cfg.sh',
defaultCfgPath : '/opt/zapret2/restore-def-cfg.sh',
hostsGoogleFN : '/opt/zapret2/ipset/zapret-hosts-google.txt',
hostsUserFN : '/opt/zapret2/ipset/zapret-hosts-user.txt',
hostsUserExcludeFN: '/opt/zapret2/ipset/zapret-hosts-user-exclude.txt',
iplstExcludeFN : '/opt/zapret2/ipset/zapret-ip-exclude.txt',
iplstUserFN : '/opt/zapret2/ipset/zapret-ip-user.txt',
iplstUserExcludeFN: '/opt/zapret2/ipset/zapret-ip-user-exclude.txt',
custFileMax : 4,
custFileTemplate : '/opt/zapret2/ipset/cust%s.txt',
customdPrefixList : [ 10, 20, 50, 60, 90 ] ,
customdFileFormat : '/opt/zapret2/init.d/openwrt/custom.d/%s-script.sh',
discord_num : 50,
discord_url : [ 'https://github.com/bol-van/zapret2/blob/master/init.d/custom.d.examples.linux/50-discord-media',
'https://github.com/bol-van/zapret2/blob/master/init.d/custom.d.examples.linux/50-stun4all',
'https://github.com/bol-van/zapret2/tree/master/init.d/custom.d.examples.linux'
],
nfqws_opt_url : 'https://github.com/remittor/zapret-openwrt/discussions/',
autoHostListFN : '/opt/zapret2/ipset/zapret-hosts-auto.txt',
autoHostListDbgFN : '/opt/zapret2/ipset/zapret-hosts-auto-debug.log',
load_env: function(dst_obj) {
let env_proto = Object.getPrototypeOf(this);
Object.getOwnPropertyNames(env_proto).forEach(function(key) {
if (key === 'constructor' || key === 'load_env' || key.startsWith('__'))
return;
dst_obj[key] = env_proto[key];
});
dst_obj.packager = { };
if (L.hasSystemFeature('apk')) {
dst_obj.packager.name = 'apk';
dst_obj.packager.path = '/usr/bin/apk';
dst_obj.packager.args = [ 'list', '-I', '*'+this.appName+'*' ];
} else {
dst_obj.packager.name = 'opkg';
dst_obj.packager.path = '/bin/opkg';
dst_obj.packager.args = [ 'list-installed', '*'+this.appName+'*' ];
}
}
});

151
luci-app-zapret/htdocs/luci-static/resources/view/zapret/service.js → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/service.js
View File

@@ -4,9 +4,9 @@
'require uci';
'require ui';
'require view';
'require view.zapret.tools as tools';
'require view.zapret.diagnost as diagnost';
'require view.zapret.updater as updater';
'require view.zapret2.tools as tools';
'require view.zapret2.diagnost as diagnost';
'require view.zapret2.updater as updater';
const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action';
@@ -50,7 +50,7 @@ return view.extend({
fs.exec(tools.execPath, [ 'enabled' ]), // svc_en
tools.getSvcInfo(), // svc_info
fs.exec('/bin/busybox', [ 'ps' ]), // process list
fs.exec(tools.packager.path, tools.packager.args), // installed packages
tools.getPackageDict(), // installed packages
tools.getStratList(), // nfqws strategy list
fs.exec('/bin/cat', [ '/etc/openwrt_release' ]), // CPU arch
uci.load(tools.appName), // config
@@ -75,7 +75,7 @@ return view.extend({
let svc_en = status_array[1]; // stdout: empty or error text
let svc_info = status_array[2]; // stdout: JSON as text
let proc_list = status_array[3]; // stdout: multiline text
let pkg_list = status_array[4]; // stdout: installed packages
let pkg_dict = status_array[4]; // stdout: installed packages
let stratlist = status_array[5]; // array of strat names
let sys_info = status_array[6]; // stdout: openwrt distrib info
@@ -95,8 +95,8 @@ return view.extend({
this.disableButtons(true, -1, elems);
return;
}
if (pkg_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
if (!pkg_dict) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': getPackageDict()'));
this.disableButtons(true, -1, elems);
return;
}
@@ -135,89 +135,51 @@ return view.extend({
}
},
serviceAction: function(action, button) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
serviceActionEx: async function(action, button, args = [ ], hide_modal = false, btn_dis = true)
{
let btn = document.getElementById(button);
this.disableButtons(true, btn);
poll.stop();
let _this = this;
return tools.handleServiceAction(tools.appName, action)
.then(() => {
return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
let errmsg = null;
try {
let exec_cmd = null;
let exec_arg = [ ];
if (action == 'start' || action == 'restart') {
if (tools.checkUnsavedChanges()) {
ui.changes.apply(true);
await new Promise(resolve => setTimeout(resolve, 100));
}
exec_cmd = tools.syncCfgPath;
errmsg = _('Unable to run sync_config.sh script.');
}
if (action == 'reset') {
exec_cmd = tools.defaultCfgPath;
exec_arg = args; // (reset_ipset)(sync) ==> restore all configs + sync config
errmsg = _('Unable to run restore-def-cfg.sh script.');
action = null;
}
if (exec_cmd) {
let res = await fs.exec(exec_cmd, exec_arg);
if (res.code != 0) {
throw Error('res.code = ' + res.code);
}
);
})
.catch(e => {
ui.addNotification(null, E('p', _('Unable to run service action.') + ' Error: ' + e.message));
});
},
serviceActionEx: function(action, button, args = [ ], hide_modal = false) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
poll.stop();
let _this = this;
let exec_cmd = null;
let exec_arg = [ ];
let errmsg = 'ERROR:';
if (action == 'start' || action == 'restart') {
exec_cmd = tools.syncCfgPath;
errmsg = _('Unable to run sync_config.sh script.');
}
else if (action == 'reset') {
exec_cmd = tools.defaultCfgPath;
exec_arg = args; // (reset_ipset)(sync) ==> restore all configs + sync config
errmsg = _('Unable to run restore-def-cfg.sh script.');
action = null;
} else {
ui.addNotification(null, E('p', 'ERROR: unknown action'));
return null;
}
return fs.exec(exec_cmd, exec_arg)
.then(function(res) {
if (res.code != 0) {
ui.addNotification(null, E('p', errmsg + ' res.code = ' + res.code));
action = null; // return with error
}
if (hide_modal) {
ui.hideModal();
}
if (!action) {
return _this.getAppStatus().then(
(status_array) => {
_this.setAppStatus(status_array);
}
);
errmsg = null;
await tools.handleServiceAction(tools.appName, action);
} catch(e) {
let msg = errmsg ? errmsg : _('Unable to run service action') + ' "' + action + '".';
ui.addNotification(null, E('p', msg + ' Error: ' + e.message));
} finally {
if (!poll.active()) {
poll.start();
}
if (btn && btn_dis) {
setTimeout(() => { btn.disabled = true; }, 0);
}
return _this.serviceAction(action, null);
})
.catch(e => {
ui.addNotification(null, E('p', errmsg + ' Error: ' + e.message));
});
},
appAction: function(action, button) {
if (button) {
let elem = document.getElementById(button);
this.disableButtons(true, elem);
}
poll.stop();
return fs.exec_direct(tools.execPath, [ action ]).then(res => {
return this.getAppStatus().then(
(status_array) => {
this.setAppStatus(status_array);
ui.hideModal();
}
);
});
},
statusPoll: function() {
@@ -226,7 +188,12 @@ return view.extend({
);
},
dialogResetCfg: function(ev) {
dialogResetCfg: function(ev)
{
if (tools.checkUnsavedChanges()) {
ui.addNotification(null, E('p', _('You have unapplied changes')));
return;
}
ev.target.blur();
let reset_base = E('label', [
@@ -274,7 +241,7 @@ return view.extend({
let resetcfg_btn = E('button', {
'class': btn_style_action,
}, _('Reset settings'));
resetcfg_btn.onclick = ui.createHandlerFn(this, () => {
resetcfg_btn.onclick = ui.createHandlerFn(this, async () => {
//cancel_button.disabled = true;
let opt_flags = '';
if (document.getElementById('cfg_reset_base').checked == false) {
@@ -342,9 +309,9 @@ return view.extend({
}
let cfg = uci.get(tools.appName, 'config');
let pkg_list = status_array[4];
if (pkg_list === undefined || typeof(pkg_list) !== 'object' || pkg_list.code != 0) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': setAppStatus()'));
let pkgdict = status_array[4];
if (pkgdict == null) {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages') + ': render()'));
return;
}
@@ -390,9 +357,9 @@ return view.extend({
};
let btn_enable = create_btn('btn_enable', btn_style_success, _('Enable'));
btn_enable.onclick = ui.createHandlerFn(this, this.serviceAction, 'enable', 'btn_enable');
btn_enable.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'enable', 'btn_enable');
let btn_disable = create_btn('btn_disable', btn_style_warning, _('Disable'));
btn_disable.onclick = ui.createHandlerFn(this, this.serviceAction, 'disable', 'btn_disable');
btn_disable.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'disable', 'btn_disable');
layout_append(_('Service autorun control'), null, [ btn_enable, btn_disable ] );
let btn_start = create_btn('btn_start', btn_style_action, _('Start'));
@@ -400,7 +367,7 @@ return view.extend({
let btn_restart = create_btn('btn_restart', btn_style_action, _('Restart'));
btn_restart.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'restart', 'btn_restart');
let btn_stop = create_btn('btn_stop', btn_style_warning, _('Stop'));
btn_stop.onclick = ui.createHandlerFn(this, this.serviceAction, 'stop', 'btn_stop');
btn_stop.onclick = ui.createHandlerFn(this, this.serviceActionEx, 'stop', 'btn_stop');
layout_append(_('Service daemons control'), null, [ btn_start, btn_restart, btn_stop ] );
let btn_reset = create_btn('btn_reset', btn_style_action, _('Reset settings'));
@@ -428,15 +395,15 @@ return view.extend({
};
this.setAppStatus(status_array, elems);
poll.add(L.bind(this.statusPoll, this));
poll.add(L.bind(this.statusPoll, this), 2); // interval 2 sec
let page_title = tools.AppName;
let pkgdict = tools.decode_pkg_list(pkg_list.stdout, false);
page_title += ' &nbsp ';
if (pkgdict[tools.appName] === undefined || pkgdict[tools.appName] == '') {
page_title += 'unknown version';
} else {
page_title += 'v' + pkgdict[tools.appName];
page_title = page_title.replace(/-r1$/, '');
}
let aux1 = E('em');
let aux2 = E('em');

4
luci-app-zapret/htdocs/luci-static/resources/view/zapret/settings.js → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/settings.js
View File

@@ -5,11 +5,11 @@
'require uci';
'require ui';
'require view';
'require view.zapret.tools as tools';
'require view.zapret2.tools as tools';
document.head.appendChild(E('link', {
rel: 'stylesheet',
href: L.resource('view/zapret/styles.css')
href: L.resource('view/zapret2/styles.css')
}));
return view.extend({

0
luci-app-zapret/htdocs/luci-static/resources/view/zapret/styles.css → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/styles.css
View File

41
luci-app-zapret/htdocs/luci-static/resources/view/zapret/tools.js → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/tools.js
View File

@@ -4,7 +4,7 @@
'require rpc';
'require ui';
'require uci';
'require view.zapret.env as env_tools';
'require view.zapret2.env as env_tools';
document.head.append(E('style', {'type': 'text/css'},
`
@@ -101,6 +101,30 @@ return baseclass.extend({
});
},
getPackageDict: function()
{
let ses_var_name = this.appName+'_pkgdict';
let exec_cmd = this.packager.path;
let exec_arg = this.packager.args;
return fs.exec(exec_cmd, exec_arg).then(res => {
let pdict_json = sessionStorage.getItem(ses_var_name);
if (res.code != 0) {
console.log(this.appName + ': Unable to enumerate installed packages. code = ' + res.code);
if (pdict_json != null) {
return JSON.parse(pdict_json); // return cached value
}
return null;
}
let pdict = this.decode_pkg_list(res.stdout);
if (pdict != pdict_json) {
sessionStorage.setItem(ses_var_name, JSON.stringify(pdict)); // renew cache
}
return pdict;
}).catch(e => {
ui.addNotification(null, E('p', _('Unable to enumerate installed packages.') + ' Error: %s'.format(e)));
});
},
getStratList: function() {
let exec_cmd = '/bin/busybox';
let exec_arg = [ 'awk', '-F', '"', '/if \\[ "\\$strat" = "/ {print $4}', this.defCfgPath ];
@@ -124,6 +148,13 @@ return baseclass.extend({
ui.addNotification(null, E('p', _('Service action failed "%s %s": %s').format(name, action, e)));
});
},
checkUnsavedChanges: function()
{
if (!ui.changes) return false;
if (!ui.changes.changes) return false;
return ui.changes.changes[this.appName] ? true : false;
},
normalizeValue: function(v) {
return (v && typeof(v) === 'string') ? v.trim().replace(/\r?\n/g, '') : v;
@@ -141,7 +172,7 @@ return baseclass.extend({
return m ? m[2] : defval;
},
decode_pkg_list: function(pkg_list, with_suffix_r1 = true) {
decode_pkg_list: function(pkg_list) {
let pkg_dict = { };
if (!pkg_list) {
return pkg_dict;
@@ -180,11 +211,7 @@ return baseclass.extend({
}
}
if (rev >= 0) {
if (rev == 1 && !with_suffix_r1) {
// nothing
} else {
ver += '-r' + rev;
}
ver += '-r' + rev;
}
pkg_dict[name] = ver;
}

6
luci-app-zapret/htdocs/luci-static/resources/view/zapret/updater.js → luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/updater.js
View File

@@ -5,7 +5,7 @@
'require uci';
'require ui';
'require view';
'require view.zapret.tools as tools';
'require view.zapret2.tools as tools';
const btn_style_neutral = 'btn';
const btn_style_action = 'btn cbi-button-action';
@@ -136,6 +136,10 @@ return baseclass.extend({
openUpdateDialog: function(pkg_arch)
{
if (tools.checkUnsavedChanges()) {
ui.addNotification(null, E('p', _('You have unapplied changes')));
return;
}
this.stage = 0;
this.pkg_arch = pkg_arch;
this.pkg_url = null;

41
luci-app-zapret2/root/usr/share/luci/menu.d/luci-app-zapret2.json Normal file
View File

@@ -0,0 +1,41 @@
{
"admin/services/zapret2": {
"title": "Zapret2",
"order": 62,
"action": {
"type": "alias",
"path": "admin/services/zapret2/service"
},
"depends": {
"acl": [ "luci-app-zapret2" ],
"uci": { "zapret2": true }
}
},
"admin/services/zapret2/service": {
"title": "Service",
"order": 10,
"action": {
"type": "view",
"path": "zapret2/service"
}
},
"admin/services/zapret2/settings": {
"title": "Settings",
"order": 20,
"action": {
"type": "view",
"path": "zapret2/settings"
}
},
"admin/services/zapret2/dmnlog": {
"title": "Log Viewer",
"order": 30,
"action": {
"type": "view",
"path": "zapret2/dmnlog"
}
}
}

40
luci-app-zapret2/root/usr/share/rpcd/acl.d/luci-app-zapret2.json Normal file
View File

@@ -0,0 +1,40 @@
{
"luci-app-zapret2": {
"description": "Grant access to zapret2 procedures",
"read": {
"cgi-io": [ "exec" ],
"file": {
"/opt/zapret2/config": [ "read" ],
"/opt/zapret2/ipset/*": [ "read" ],
"/opt/zapret2/init.d/openwrt/custom.d/*": [ "read" ],
"/etc/crontabs/root": [ "read" ],
"/tmp/zapret*": [ "read" ],
"/etc/init.d/zapret2*": [ "exec" ],
"/bin/ps*": [ "exec" ],
"/bin/cat*": [ "exec" ],
"/bin/busybox*": [ "exec" ],
"/bin/opkg*": [ "exec" ],
"/usr/bin/apk*": [ "exec" ],
"/usr/bin/find*": [ "exec" ],
"/opt/zapret2/restore-def-cfg.sh*": [ "exec" ],
"/opt/zapret2/script-exec.sh*": [ "exec" ],
"/opt/zapret2/update-pkg.sh*": [ "exec" ],
"/opt/zapret2/sync_config.sh*": [ "exec" ]
},
"uci": [ "zapret2", "network" ],
"ubus": {
"luci": [ "getInitList", "setInitAction" ],
"service": [ "list" ]
}
},
"write": {
"file": {
"/opt/zapret2/config": [ "write" ],
"/opt/zapret2/ipset/*": [ "write" ],
"/opt/zapret2/init.d/openwrt/custom.d/*": [ "write" ],
"/etc/crontabs/root": [ "write" ]
},
"uci": [ "zapret2" ]
}
}
}

458
zapret/def-cfg.sh
View File

@@ -1,458 +0,0 @@
#!/bin/sh
# Copyright (c) 2024 remittor
function set_cfg_reset_values
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.run_on_boot='0'
# settings for zapret service
set $cfgname.config.FWTYPE='nftables'
set $cfgname.config.POSTNAT='1'
set $cfgname.config.FLOWOFFLOAD='none'
set $cfgname.config.INIT_APPLY_FW='1'
set $cfgname.config.DISABLE_IPV4='0'
set $cfgname.config.DISABLE_IPV6='1'
set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.DISABLE_CUSTOM='1'
set $cfgname.config.WS_USER='daemon'
set $cfgname.config.DAEMON_LOG_ENABLE='0'
set $cfgname.config.DAEMON_LOG_FILE='/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
# autohostlist options
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
# nfqws options
set $cfgname.config.NFQWS_ENABLE='1'
set $cfgname.config.DESYNC_MARK='0x40000000'
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
set $cfgname.config.FILTER_MARK='$TAB'
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_TCP_PKT_OUT='9'
set $cfgname.config.NFQWS_TCP_PKT_IN='3'
set $cfgname.config.NFQWS_UDP_PKT_OUT='9'
set $cfgname.config.NFQWS_UDP_PKT_IN='0'
set $cfgname.config.NFQWS_PORTS_TCP_KEEPALIVE='0'
set $cfgname.config.NFQWS_PORTS_UDP_KEEPALIVE='0'
# save changes
commit $cfgname
EOF
return 0
}
function clear_nfqws_strat
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT='$TAB'
commit $cfgname
EOF
}
function set_cfg_nfqws_strat
{
local strat=${1:--}
local cfgname=${2:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
commit $cfgname
EOF
if [ "$strat" = "empty" ]; then
clear_nfqws_strat $cfgname
fi
if [ "$strat" = "v1_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake,multidisorder
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=badseq
--dpi-desync-badseq-increment=10000000
--dpi-desync-repeats=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v2_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=fonts.google.com
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v3_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443 <HOSTLIST>
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/t2.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=m.ok.ru
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-split-seqovl=336
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_gosuslugi_ru.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v4_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,multisplit
--dpi-desync-split-pos=2,sld
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=google.com
--dpi-desync-split-seqovl=2108
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fooling=badseq
--new
--filter-tcp=443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync-any-protocol=1
--dpi-desync-cutoff=n5
--dpi-desync=multisplit
--dpi-desync-split-seqovl=582
--dpi-desync-split-pos=1
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/4pda.bin
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v5_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-tcp=443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,fakeddisorder
--dpi-desync-split-pos=10,midsld
--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
--dpi-desync-fake-tls-mod=rnd,dupsid
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls-mod=none
--dpi-desync-fakedsplit-pattern=/opt/zapret/files/fake/tls_clienthello_vk_com.bin
--dpi-desync-fooling=badseq,badsum
--dpi-desync-badseq-increment=0
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v6_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443,2053,2083,2087,2096,8443'
set $cfgname.config.NFQWS_PORTS_UDP='443,19294-19344,50000-50100'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=multisplit
--dpi-desync-split-pos=1,sniext+1
--dpi-desync-split-seqovl=1
--new
--filter-tcp=443 <HOSTLIST>
--dpi-desync=hostfakesplit
--dpi-desync-hostfakesplit-mod=host=rzd.ru
--dpi-desync-hostfakesplit-midhost=host-2
--dpi-desync-split-seqovl=726
--dpi-desync-fooling=badsum,badseq
--dpi-desync-badseq-increment=0
--new
--filter-udp=443 <HOSTLIST_NOAUTO>
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
--new
--filter-udp=19294-19344,50000-50100
--filter-l7=discord,stun
--dpi-desync=fake
--dpi-desync-repeats=6
--new
--filter-tcp=2053,2083,2087,2096,8443
--hostlist-domains=discord.media
--dpi-desync=multisplit
--dpi-desync-split-seqovl=652
--dpi-desync-split-pos=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "v7_by_StressOzz" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443,2053,2083,2087,2096,8443'
set $cfgname.config.NFQWS_PORTS_UDP='443,19294-19344,50000-50100'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--dpi-desync=fake,multisplit
--dpi-desync-split-pos=2,sld
--dpi-desync-fake-tls=0x0F0F0F0F
--dpi-desync-fake-tls=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=ggpht.com
--dpi-desync-split-seqovl=620
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fooling=badsum,badseq
--new
--filter-tcp=443 <HOSTLIST>
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=654
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/max.bin
--dpi-desync-fake-tls=/opt/zapret/files/fake/max.bin
--new
--filter-udp=443 <HOSTLIST_NOAUTO>
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
--new
--filter-udp=19294-19344,50000-50100
--filter-l7=discord,stun
--dpi-desync=fake
--dpi-desync-repeats=6
--new
--filter-tcp=2053,2083,2087,2096,8443
--hostlist-domains=discord.media
--dpi-desync=multisplit
--dpi-desync-split-seqovl=652
--dpi-desync-split-pos=2
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "ALT7_by_Flowseal" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=multisplit
--dpi-desync-split-pos=2,sniext+1
--dpi-desync-split-seqovl=679
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-tcp=80,443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=multisplit
--dpi-desync-split-pos=2,sniext+1
--dpi-desync-split-seqovl=679
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=6
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
if [ "$strat" = "TLS_AUTO_ALT3_by_Flowseal" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS_PORTS_TCP='80,443'
set $cfgname.config.NFQWS_PORTS_UDP='443'
set $cfgname.config.NFQWS_OPT="
--comment=Strategy__$strat
--filter-tcp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--hostlist-exclude-domains=openwrt.org
--ip-id=zero
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com
--new
--filter-tcp=80,443 <HOSTLIST>
--hostlist-exclude-domains=openwrt.org
--dpi-desync=fake,multisplit
--dpi-desync-split-seqovl=681
--dpi-desync-split-pos=1
--dpi-desync-fooling=ts
--dpi-desync-repeats=8
--dpi-desync-split-seqovl-pattern=/opt/zapret/files/fake/tls_clienthello_www_google_com.bin
--dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com
--new
--filter-udp=443
--hostlist=/opt/zapret/ipset/zapret-hosts-google.txt
--hostlist-exclude=/opt/zapret/ipset/zapret-hosts-user-exclude.txt
--dpi-desync=fake
--dpi-desync-repeats=11
--dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin
"
commit $cfgname
EOF
fi
return 0
}
function set_cfg_default_values
{
local opt_flags=${1:--}
local opt_strat=${2:-v6_by_StressOzz}
local cfgname=${3:-$ZAPRET_CFG_NAME}
if ! echo "$opt_flags" | grep -q "(skip_base)"; then
set_cfg_reset_values $cfgname
fi
if [ "$opt_strat" != "-" ]; then
set_cfg_nfqws_strat "$opt_strat" $cfgname
fi
if echo "$opt_flags" | grep -q "(set_mode_autohostlist)"; then
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='autohostlist'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(enable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='0'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(disable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='1'
commit $cfgname
EOF
fi
return 0
}

155
zapret/Makefile → zapret2/Makefile
View File

@@ -1,40 +1,55 @@
#
# Copyright (c) 2024 remittor
# Copyright (c) 2025 remittor
#
include $(TOPDIR)/rules.mk
PKG_NAME:=zapret
PKG_VERSION:=72.20260125
PKG_NAME:=zapret2
PKG_VERSION:=0.8.20260125
PKG_RELEASE:=1
PKG_MAINTAINER:=bol-van
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=docs/LICENSE.txt
PKG_SOURCE_URL:=https://github.com/bol-van/zapret.git
PKG_SOURCE_URL:=https://github.com/bol-van/zapret2.git
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=119e243b3664d6a512ed8b6ab61dcba00987105c
PKG_SOURCE_VERSION:=8b11d6c279c737bf78496d04c0261bd3e2c4327f
PKG_SOURCE_DATE:=2026-01-25
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_SOURCE_URL:=https://github.com/bol-van/zapret2/archive/refs/tags/v$(PKG_VERSION).tar.gz?
#PKG_HASH:=skip
LUA_JIT?=1
ifeq ($(LUA_JIT),1)
LUAJIT_VER?=2.1
LUA_VER?=5.1
LUA_DEPEND:=luajit
LUA_INCLUDE:=-I$(STAGING_DIR)/usr/include/luajit-$(LUAJIT_VER)
LUA_LIBRARY:=-L$(STAGING_DIR)/usr/lib -lluajit-$(LUA_VER)
else
LUA_VER?=5.5
LUA_DEPEND:=lua$(LUA_VER)
LUA_INCLUDE:=-I$(STAGING_DIR)/usr/include/lua$(LUA_VER)
LUA_LIBRARY:=-L$(STAGING_DIR)/usr/lib -llua$(LUA_VER)
endif
include $(INCLUDE_DIR)/package.mk
#TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
#TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
MAKE_PATH:=nfq
MAKE_PATH:=nfq2
define Package/$(PKG_NAME)
SECTION:=net
CATEGORY:=Network
TITLE:=$(PKG_NAME)
SUBMENU:=Zapret
URL:=https://github.com/bol-van/zapret
DEPENDS:= +nftables +curl +gzip
SUBMENU:=Zapret2
URL:=https://github.com/bol-van/zapret2
DEPENDS:= +nftables +curl +gzip +$(LUA_DEPEND)
DEPENDS+= +coreutils +coreutils-sort +coreutils-sleep
DEPENDS+= +kmod-nft-nat +kmod-nft-offload +kmod-nft-queue
DEPENDS+= +libnetfilter-queue +libcap +zlib
@@ -42,7 +57,7 @@ endef
define Build/Prepare
$(Build/Prepare/Default)
rm -f $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws
rm -f $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws2
rm -f $(PKG_BUILD_DIR)/ip2net/ip2net
rm -f $(PKG_BUILD_DIR)/mdig/mdig
endef
@@ -51,12 +66,12 @@ endef
#endef
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) $(TARGET_CONFIGURE_OPTS)
$(MAKE) -C $(PKG_BUILD_DIR)/$(MAKE_PATH) $(TARGET_CONFIGURE_OPTS) LUA_JIT=$(LUA_JIT) LUA_CFLAGS="$(LUA_INCLUDE)" LUA_LIB="$(LUA_LIBRARY)"
$(MAKE) -C $(PKG_BUILD_DIR)/ip2net $(TARGET_CONFIGURE_OPTS)
$(MAKE) -C $(PKG_BUILD_DIR)/mdig $(TARGET_CONFIGURE_OPTS)
endef
ZAPRET_DIR := /opt/zapret
ZAPRET_DIR := /opt/zapret2
define ZAPRET_CONFFILES_LIST
$(ZAPRET_DIR)/config
@@ -85,33 +100,37 @@ endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/$(MAKE_PATH)
$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/nfqws2 $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/ip2net
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ip2net/ip2net $(1)$(ZAPRET_DIR)/ip2net/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/mdig
$(INSTALL_BIN) $(PKG_BUILD_DIR)/mdig/mdig $(1)$(ZAPRET_DIR)/mdig/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/common
$(CP) $(PKG_BUILD_DIR)/common/* $(1)$(ZAPRET_DIR)/common/
#$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/docs
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/lua
$(CP) $(PKG_BUILD_DIR)/lua/* $(1)$(ZAPRET_DIR)/lua/
#$(INSTALL_DIR) $(1)$(ZAPRET_DIR)docs
#$(CP) $(PKG_BUILD_DIR)/docs/* $(1)$(ZAPRET_DIR)/docs/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/files
$(CP) $(PKG_BUILD_DIR)/files/* $(1)$(ZAPRET_DIR)/files/
$(CP) ./files/* $(1)$(ZAPRET_DIR)/files/
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/ipset
$(CP) $(PKG_BUILD_DIR)/ipset/* $(1)$(ZAPRET_DIR)/ipset/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/blockcheck.sh $(1)$(ZAPRET_DIR)/blockcheck.sh
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/blockcheck2.d
$(CP) $(PKG_BUILD_DIR)/blockcheck2.d/* $(1)$(ZAPRET_DIR)/blockcheck2.d/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/blockcheck2.sh $(1)$(ZAPRET_DIR)/blockcheck2.sh
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/tmp
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt
$(CP) $(PKG_BUILD_DIR)/init.d/openwrt/* $(1)$(ZAPRET_DIR)/init.d/openwrt/
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret $(1)/etc/hotplug.d/iface/90-zapret
$(INSTALL_BIN) $(PKG_BUILD_DIR)/init.d/openwrt/90-zapret2 $(1)/etc/hotplug.d/iface/90-zapret2
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret
$(INSTALL_BIN) ./init.d.sh $(1)/etc/init.d/zapret2
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt
$(INSTALL_DIR) $(1)$(ZAPRET_DIR)/init.d/openwrt/custom.d
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret-uci-def-cfg.sh
$(INSTALL_BIN) ./uci-def-cfg.sh $(1)/etc/uci-defaults/zapret2-uci-def-cfg.sh
# install all sh-scripts
$(CP) ./*.sh $(1)$(ZAPRET_DIR)/
rm -f $(1)$(ZAPRET_DIR)/init.d.sh
@@ -147,21 +166,19 @@ define Package/$(PKG_NAME)/install
chmod 755 $(1)$(ZAPRET_DIR)/$(MAKE_PATH)/*
chmod 755 $(1)$(ZAPRET_DIR)/ip2net/*
chmod 755 $(1)$(ZAPRET_DIR)/mdig/*
# Disable TPWS in blockcheck
grep -q '^SKIP_TPWS=' $(1)$(ZAPRET_DIR)/blockcheck.sh || sed -i '/^NFT_TABLE=blockcheck$$$$/a SKIP_TPWS=$$$${SKIP_TPWS:-1}' $(1)$(ZAPRET_DIR)/blockcheck.sh
endef
define Package/$(PKG_NAME)/preinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_DIR=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_CFG=/etc/config/zapret
ZAPRET_DIR=/opt/zapret2
ZAPRET_INITD=/etc/init.d/zapret2
ZAPRET_CFG=/etc/config/zapret2
if [ -f "$${ZAPRET_INITD}" ]; then
SCRIPT=$$( readlink "$${ZAPRET_INITD}" )
if [ -n "$${SCRIPT}" ]; then
echo "Please uninstall incompatible \"zapret\" service!"
echo "Please uninstall incompatible \"zapret2\" service!"
exit 44
fi
fi
@@ -180,20 +197,20 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
$${ZAPRET_INITD} running && $${ZAPRET_INITD} stop >/dev/null 2>&1
fi
fi
if $${PKG_CHECK} zapret >/dev/null 2>&1; then
if [ ! -f "/opt/zapret/sync_config.sh" ]; then
echo "Please uninstall incompatible \"zapret\" package!"
if $${PKG_CHECK} zapret2 >/dev/null 2>&1; then
if [ ! -f "/opt/zapret2/sync_config.sh" ]; then
echo "Please uninstall incompatible \"zapret2\" package!"
exit 47
fi
if [ -f "$${ZAPRET_CFG}" ] && ! grep -q "run_on_boot" "$${ZAPRET_CFG}"; then
echo "Please uninstall incompatible \"zapret\" package!"
echo "Please uninstall incompatible \"zapret2\" package!"
exit 48
fi
fi
if $${PKG_CHECK} luci-app-zapret >/dev/null 2>&1; then
SVC_FILE=/www/luci-static/resources/view/zapret/service.js
if $${PKG_CHECK} luci-app-zapret2 >/dev/null 2>&1; then
SVC_FILE=/www/luci-static/resources/view/zapret2/service.js
if [ ! -f "$${SVC_FILE}" ] || ! grep -Fq "/remittor/zapret-openwrt" "$${SVC_FILE}"; then
echo "Please uninstall incompatible \"luci-app-zapret\" package!"
echo "Please uninstall incompatible \"luci-app-zapret2\" package!"
exit 55
fi
fi
@@ -206,23 +223,15 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
[ -d "$${ZAPRET_DIR}" ] && rm -rf $${ZAPRET_DIR}
echo "All files of the previously installed package have been removed!"
fi
if $${PKG_CHECK} zapret-mdig >/dev/null 2>&1; then
$${PKG_REMOVE} zapret-mdig
if $${PKG_CHECK} zapret2-mdig >/dev/null 2>&1; then
$${PKG_REMOVE} zapret2-mdig
fi
if $${PKG_CHECK} zapret-ip2net >/dev/null 2>&1; then
$${PKG_REMOVE} zapret-ip2net
if $${PKG_CHECK} zapret2-ip2net >/dev/null 2>&1; then
$${PKG_REMOVE} zapret2-ip2net
fi
if [ ! -d "$${ZAPRET_DIR}" ]; then
mkdir -p $${ZAPRET_DIR}
fi
if [ ! -f "/opt/zapret/ipset/zapret-hosts-google.txt" ]; then
if [ -f "/opt/zapret/ipset/zapret-hosts-user.txt" ]; then
CFGLISTHASH=$$( md5sum "/opt/zapret/ipset/zapret-hosts-user.txt" | awk '{print $$1;}' )
if [ "$${CFGLISTHASH}" = "79e35df62b0d1ae455d0a7e04c4cecac" ]; then
rm -f "/opt/zapret/ipset/zapret-hosts-user.txt"
fi
fi
fi
fi
exit 0
endef
@@ -231,11 +240,11 @@ define Package/$(PKG_NAME)/postinst
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_DIR=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_CFG=/etc/config/zapret
ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
ZAPRET_DIR=/opt/zapret2
ZAPRET_INITD=/etc/init.d/zapret2
ZAPRET_CFG=/etc/config/zapret2
ZAPRET_CONFIG=/opt/zapret2/config
ZAPRET_CONFIG_DEF="/opt/zapret2/config.default"
# Fix permissions
chmod 644 $${ZAPRET_CFG} >/dev/null 2>&1
chmod 644 $${ZAPRET_DIR}/ipset/*.txt >/dev/null 2>&1
@@ -250,25 +259,17 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
if [ ! -f "$${ZAPRET_CONFIG}" ]; then
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# check obsolete format for main config
if grep -qE "^NFQWS_OPT_DESYNC=|^MODE_HTTP=|^MODE_HTTPS=|^MODE_QUIC=|^MODE=" "$${ZAPRET_CONFIG}" ; then
echo "Detect obsolute format for main config!"
ZAPRET_CONFIG_BACKUP="$${ZAPRET_CONFIG}.backup"
cp -f "$${ZAPRET_CONFIG}" "$${ZAPRET_CONFIG_BACKUP}"
echo "Current file $${ZAPRET_CONFIG} backuped to $${ZAPRET_CONFIG_BACKUP}"
cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
fi
# remove fake uci-config
[ -f "$${ZAPRET_CFG}" ] && [ ! -s "$${ZAPRET_CFG}" ] && rm -f "$${ZAPRET_CFG}"
# check existing uci-config
[ -f "$${ZAPRET_CFG}" ] && ZAPRET_CFG_EXISTS=1 || ZAPRET_CFG_EXISTS=0
# create or merge uci-config
/opt/zapret/uci-def-cfg.sh
[ "$${ZAPRET_CFG_EXISTS}" = "1" ] && echo "Config /etc/config/zapret merged with default uci-config"
/opt/zapret2/uci-def-cfg.sh
[ "$${ZAPRET_CFG_EXISTS}" = "1" ] && echo "Config /etc/config/zapret2 merged with default uci-config"
# remove uci-default script from system dir (used into /etc/init.d/boot)
rm -f /etc/uci-defaults/zapret-uci-def-cfg.sh
rm -f /etc/uci-defaults/zapret2-uci-def-cfg.sh
# copy (sync) all params from uci-config to main config
/opt/zapret/sync_config.sh
/opt/zapret2/sync_config.sh
# check main config
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || exit 58
@@ -277,7 +278,7 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
# stop all
$${ZAPRET_INITD} stop_fw >/dev/null 2>&1
$${ZAPRET_INITD} stop_daemons >/dev/null 2>&1
ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
ps w | grep '/opt/zapret2/nfq2/nfqws2' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
# start main service
$${ZAPRET_INITD} start
# restart firewall
@@ -290,17 +291,17 @@ define Package/$(PKG_NAME)/prerm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
ZAPRET_DIR=/opt/zapret
ZAPRET_BASE=/opt/zapret
ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_CFG=/etc/config/zapret
ZAPRET_CONFIG=/opt/zapret/config
ZAPRET_CONFIG_DEF="/opt/zapret/config.default"
OPENWRT_FW_INCLUDE=/etc/firewall.zapret
ZAPRET_DIR=/opt/zapret2
ZAPRET_BASE=/opt/zapret2
ZAPRET_INITD=/etc/init.d/zapret2
ZAPRET_CFG=/etc/config/zapret2
ZAPRET_CONFIG=/opt/zapret2/config
ZAPRET_CONFIG_DEF="/opt/zapret2/config.default"
OPENWRT_FW_INCLUDE=/etc/firewall.zapret2
# check main config
sh -n "$${ZAPRET_CONFIG}" 2>/dev/null || cp -f "$${ZAPRET_CONFIG_DEF}" "$${ZAPRET_CONFIG}"
if ! sh -n "$${ZAPRET_CONFIG}" 2>/dev/null ; then
ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
ps w | grep '/opt/zapret2/nfq2/nfqws2' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
exit 0
fi
. "$${ZAPRET_CONFIG}"
@@ -310,7 +311,7 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
. "$${ZAPRET_BASE}/common/installer.sh"
$${ZAPRET_INITD} running && $${ZAPRET_INITD} stop >/dev/null 2>&1
$${ZAPRET_INITD} disable >/dev/null 2>&1
ps w | grep '/opt/zapret/nfq/nfqws' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
ps w | grep '/opt/zapret2/nfq2/nfqws2' | grep -v grep | awk '{print $$1}' | xargs -r kill -9
remove_openwrt_firewall
nft_del_table
restart_openwrt_firewall
@@ -322,12 +323,12 @@ define Package/$(PKG_NAME)/postrm
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
rm -f /etc/config/zapret-opkg*
rm -f /etc/config/zapret.opkg*
rm -f /etc/config/zapret.apk*
[ -f "/opt/zapret/config" ] && cp -f /opt/zapret/config "/opt/zapret/config.backup"
#rm -rf /opt/zapret
#echo "Directory /opt/zapret removed!"
rm -f /etc/config/zapret2-opkg*
rm -f /etc/config/zapret2.opkg*
rm -f /etc/config/zapret2.apk*
[ -f "/opt/zapret2/config" ] && cp -f /opt/zapret2/config "/opt/zapret2/config.backup"
#rm -rf /opt/zapret2
#echo "Directory /opt/zapret2 removed!"
fi
exit 0
endef

14
zapret/comfunc.sh → zapret2/comfunc.sh
View File

@@ -1,20 +1,20 @@
#!/bin/sh
# Copyright (c) 2024 remittor
EXEDIR=/opt/zapret
ZAPRET_BASE=/opt/zapret
EXEDIR=/opt/zapret2
ZAPRET_BASE=/opt/zapret2
ZAPRET_INITD=/etc/init.d/zapret
ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret"
ZAPRET_INITD=/etc/init.d/zapret2
ZAPRET_ORIG_INITD="$ZAPRET_BASE/init.d/openwrt/zapret2"
ZAP_LOG_TAG=ZAPRET
ZAP_LOG_TAG=ZAPRET2
ZAPRET_CONFIG="$ZAPRET_BASE/config"
ZAPRET_CONFIG_NEW="$ZAPRET_BASE/config.new"
ZAPRET_CONFIG_DEF="$ZAPRET_BASE/config.default"
ZAPRET_CFG=/etc/config/zapret
ZAPRET_CFG_NAME=zapret
ZAPRET_CFG=/etc/config/zapret2
ZAPRET_CFG_NAME=zapret2
ZAPRET_CFG_SEC=$ZAPRET_CFG_NAME.config
ZAPRET_CFG_SEC_NAME="$( uci -q get $ZAPRET_CFG_SEC )"

61
zapret/config.default → zapret2/config.default
View File

@@ -30,14 +30,25 @@ IP2NET_OPT4="--prefix-length=22-30 --v4-threshold=3/4"
IP2NET_OPT6="--prefix-length=56-64 --v6-threshold=5"
# options for auto hostlist
# NOTE : in order for these adjustment to work it's required to redirect enough starting packets
# NOTE : set PKT_IN, PKT_OUT variables appropriately
AUTOHOSTLIST_INCOMING_MAXSEQ=4096
AUTOHOSTLIST_RETRANS_MAXSEQ=32768
AUTOHOSTLIST_RETRANS_RESET=1
AUTOHOSTLIST_RETRANS_THRESHOLD=3
AUTOHOSTLIST_FAIL_THRESHOLD=3
AUTOHOSTLIST_FAIL_TIME=60
AUTOHOSTLIST_UDP_IN=1
AUTOHOSTLIST_UDP_OUT=4
# 1 = debug autohostlist positives to ipset/zapret-hosts-auto-debug.log
AUTOHOSTLIST_DEBUGLOG=0
# number of parallel threads for domain list resolves
MDIG_THREADS=30
# EAI_AGAIN retries
MDIG_EAGAIN=10
# delay between EAI_AGAIN retries (ms)
MDIG_EAGAIN_DELAY=500
# ipset/*.sh can compress large lists
GZIP_LISTS=0
@@ -63,47 +74,30 @@ DESYNC_MARK_POSTNAT=0x20000000
FILTER_MARK=""
TPWS_SOCKS_ENABLE=0
# tpws socks listens on this port on localhost and LAN interfaces
TPPORT_SOCKS=987
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_SOCKS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
TPWS_ENABLE=0
TPWS_PORTS="80,443"
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
TPWS_OPT="--filter-tcp=80 --methodeol <HOSTLIST> --new --filter-tcp=443 --split-tls=sni --disorder <HOSTLIST>"
NFQWS_ENABLE=1
NFQWS2_ENABLE=1
# redirect outgoing traffic with connbytes limiter applied in both directions.
NFQWS_PORTS_TCP="80,443"
NFQWS_PORTS_UDP="443"
NFQWS2_PORTS_TCP="80,443"
NFQWS2_PORTS_UDP="443"
# PKT_OUT means connbytes dir original
# PKT_IN means connbytes dir reply
# this is --dpi-desync-cutoff=nX kernel mode implementation for linux. it saves a lot of CPU.
NFQWS_TCP_PKT_OUT="9"
NFQWS_TCP_PKT_IN="3"
NFQWS_UDP_PKT_OUT="9"
NFQWS_UDP_PKT_IN="0"
NFQWS2_TCP_PKT_OUT="20"
NFQWS2_TCP_PKT_IN="10"
NFQWS2_UDP_PKT_OUT="5"
NFQWS2_UDP_PKT_IN="3"
# redirect outgoing traffic without connbytes limiter and incoming with connbytes limiter
# normally it's needed only for stateless DPI that matches every packet in a single TCP session
# typical example are plain HTTP keep alives
# this mode can be very CPU consuming. enable with care !
NFQWS_PORTS_TCP_KEEPALIVE=""
NFQWS_PORTS_UDP_KEEPALIVE=""
NFQWS2_PORTS_TCP_KEEPALIVE=""
NFQWS2_PORTS_UDP_KEEPALIVE=""
# use <HOSTLIST> and <HOSTLIST_NOAUTO> placeholders to engage standard hostlists and autohostlist in ipset dir
# hostlist markers are replaced to empty string if MODE_FILTER does not satisfy
# <HOSTLIST_NOAUTO> appends ipset/zapret-hosts-auto.txt as normal list
NFQWS_OPT="--filter-tcp=80 <HOSTLIST> --dpi-desync=fake,fakedsplit --dpi-desync-autottl=2 --dpi-desync-fooling=badsum --new --filter-tcp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake,multidisorder --dpi-desync-split-pos=1,midsld --dpi-desync-repeats=11 --dpi-desync-fooling=badsum --dpi-desync-fake-tls-mod=rnd,dupsid,sni=www.google.com --new --filter-udp=443 --hostlist=/opt/zapret/ipset/zapret-hosts-google.txt --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic=/opt/zapret/files/fake/quic_initial_www_google_com.bin --new --filter-udp=443 <HOSTLIST_NOAUTO> --dpi-desync=fake --dpi-desync-repeats=11 --new --filter-tcp=443 <HOSTLIST> --dpi-desync=multidisorder --dpi-desync-split-pos=1,sniext+1,host+1,midsld-2,midsld,midsld+2,endhost-1"
NFQWS2_OPT="--filter-tcp=80 --filter-l7=http <HOSTLIST> --payload=http_req --lua-desync=fake:blob=fake_default_http:tcp_md5 --lua-desync=multisplit:pos=method+2 --new --filter-tcp=443 --filter-l7=tls <HOSTLIST> --payload=tls_client_hello --lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000 --lua-desync=multidisorder:pos=1,midsld --new --filter-udp=443 --filter-l7=quic <HOSTLIST_NOAUTO> --payload=quic_initial --lua-desync=fake:blob=fake_default_quic:repeats=6"
DISABLE_CUSTOM=1
@@ -121,9 +115,8 @@ FLOWOFFLOAD=none
# for routers based on desktop linux and macos. has no effect in openwrt.
# CHOOSE LAN and optinally WAN/WAN6 NETWORK INTERFACES
# or leave them commented if its not router
# it's possible to specify multiple interfaces like this : IFACE_LAN="eth0 eth1 eth2"
# it's possible to specify multiple interfaces like this : IFACE_WAN="eth0 eth1 eth2"
# if IFACE_WAN6 is not defined it take the value of IFACE_WAN
#IFACE_LAN=eth0
#IFACE_WAN=eth1
#IFACE_WAN6="ipsec0 wireguard0 he_net"
@@ -132,10 +125,10 @@ FLOWOFFLOAD=none
INIT_APPLY_FW=1
# firewall apply hooks
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret.hook.post_down"
#INIT_FW_PRE_UP_HOOK="/etc/firewall.zapret2.hook.pre_up"
#INIT_FW_POST_UP_HOOK="/etc/firewall.zapret2.hook.post_up"
#INIT_FW_PRE_DOWN_HOOK="/etc/firewall.zapret2.hook.pre_down"
#INIT_FW_POST_DOWN_HOOK="/etc/firewall.zapret2.hook.post_down"
# do not work with ipv4
DISABLE_IPV4=0
@@ -156,4 +149,4 @@ FILTER_TTL_EXPIRED_ICMP=1
DAEMON_LOG_ENABLE=0
DAEMON_LOG_FILE="/tmp/zapret+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log"
DAEMON_LOG_FILE="/tmp/zapret2+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log"

6
zapret/custom.d/50-script.sh → zapret2/custom.d/50-script.sh
View File

@@ -3,7 +3,7 @@
# NOTE: @ih requires nft 1.0.1+ and updated kernel version. it's confirmed to work on 5.15 (openwrt 23) and not work on 5.10 (openwrt 22)
# can override in config :
NFQWS_OPT_DESYNC_STUN="${NFQWS_OPT_DESYNC_STUN:---dpi-desync=fake --dpi-desync-repeats=2}"
NFQWS_OPT_DESYNC_STUN="${NFQWS_OPT_DESYNC_STUN:---payload stun --lua-desync=fake:blob=0x00000000000000000000000000000000:repeats=2}"
alloc_dnum DNUM_STUN4ALL
alloc_qnum QNUM_STUN4ALL
@@ -17,14 +17,14 @@ zapret_custom_daemons()
}
zapret_custom_firewall()
{
# $1 - 1 - run, 0 - stop
# $1 - 1 - run, 0 - stop
local f='-p udp -m u32 --u32'
fw_nfqws_post $1 "$f 0>>22&0x3C@4>>16=28:65535&&0>>22&0x3C@12=0x2112A442&&0>>22&0x3C@8&0xC0000003=0" "$f 44>>16=28:65535&&52=0x2112A442&&48&0xC0000003=0" $QNUM_STUN4ALL
}
zapret_custom_firewall_nft()
{
# stop logic is not required
# stop logic is not required
local f="udp length >= 28 @ih,32,32 0x2112A442 @ih,0,2 0 @ih,30,2 0"
nft_fw_nfqws_post "$f" "$f" $QNUM_STUN4ALL

197
zapret2/def-cfg.sh Executable file
View File

@@ -0,0 +1,197 @@
#!/bin/sh
# Copyright (c) 2025 remittor
function set_cfg_reset_values
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.run_on_boot='0'
# settings for zapret service
set $cfgname.config.FWTYPE='nftables'
set $cfgname.config.POSTNAT='1'
set $cfgname.config.FLOWOFFLOAD='none'
set $cfgname.config.INIT_APPLY_FW='1'
set $cfgname.config.DISABLE_IPV4='0'
set $cfgname.config.DISABLE_IPV6='1'
set $cfgname.config.FILTER_TTL_EXPIRED_ICMP='1'
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.DISABLE_CUSTOM='1'
set $cfgname.config.WS_USER='daemon'
set $cfgname.config.DAEMON_LOG_ENABLE='0'
set $cfgname.config.DAEMON_LOG_FILE='/tmp/zapret2+<DAEMON_NAME>+<DAEMON_IDNUM>+<DAEMON_CFGNAME>.log'
# autohostlist options
set $cfgname.config.AUTOHOSTLIST_INCOMING_MAXSEQ='4096'
set $cfgname.config.AUTOHOSTLIST_RETRANS_MAXSEQ='32768'
set $cfgname.config.AUTOHOSTLIST_RETRANS_RESET='1'
set $cfgname.config.AUTOHOSTLIST_RETRANS_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_THRESHOLD='3'
set $cfgname.config.AUTOHOSTLIST_FAIL_TIME='60'
set $cfgname.config.AUTOHOSTLIST_UDP_IN='1'
set $cfgname.config.AUTOHOSTLIST_UDP_OUT='4'
set $cfgname.config.AUTOHOSTLIST_DEBUGLOG='0'
# nfqws options
set $cfgname.config.NFQWS2_ENABLE='1'
set $cfgname.config.DESYNC_MARK='0x40000000'
set $cfgname.config.DESYNC_MARK_POSTNAT='0x20000000'
set $cfgname.config.FILTER_MARK='$TAB'
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_TCP_PKT_OUT='20'
set $cfgname.config.NFQWS2_TCP_PKT_IN='10'
set $cfgname.config.NFQWS2_UDP_PKT_OUT='5'
set $cfgname.config.NFQWS2_UDP_PKT_IN='3'
set $cfgname.config.NFQWS2_PORTS_TCP_KEEPALIVE='0'
set $cfgname.config.NFQWS2_PORTS_UDP_KEEPALIVE='0'
# save changes
commit $cfgname
EOF
return 0
}
function clear_nfqws_strat
{
local cfgname=${1:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT='$TAB'
commit $cfgname
EOF
}
function set_cfg_nfqws_strat
{
local strat=${1:--}
local cfgname=${2:-$ZAPRET_CFG_NAME}
local TAB="$( printf '\t' )"
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='hostlist'
commit $cfgname
EOF
if [ "$strat" = "empty" ]; then
clear_nfqws_strat $cfgname
fi
if [ "$strat" = "default" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--filter-tcp=80
--filter-l7=http <HOSTLIST>
--payload=http_req
--lua-desync=fake:blob=fake_default_http:tcp_md5
--lua-desync=multisplit:pos=method+2
--new
--filter-tcp=443
--filter-l7=tls <HOSTLIST>
--payload=tls_client_hello
--lua-desync=fake:blob=fake_default_tls:tcp_md5:tcp_seq=-10000
--lua-desync=multidisorder:pos=1,midsld
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--payload=quic_initial
--lua-desync=fake:blob=fake_default_quic:repeats=6
"
commit $cfgname
EOF
fi
if [ "$strat" = "v1_by_Schiz23" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--filter-tcp=80
--filter-l7=http <HOSTLIST>
--payload=http_req
--lua-desync=fake:blob=fake_default_http:tcp_md5
--lua-desync=multisplit:pos=method+2
--new
--filter-tcp=443
--filter-l7=tls <HOSTLIST>
--lua-desync=fake:blob=fake_default_tls:ip_ttl=1:ip6_ttl=1:tls_mod=rnd,rndsni,padencap
--lua-desync=multidisorder:payload=tls_client_hello:pos=3
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--lua-desync=fake:blob=fake_default_quic:repeats=11:payload=all:out_range=-d10
"
commit $cfgname
EOF
fi
if [ "$strat" = "v2_by_Schiz23" ]; then
uci batch <<-EOF
set $cfgname.config.NFQWS2_PORTS_TCP='80,443'
set $cfgname.config.NFQWS2_PORTS_UDP='443'
set $cfgname.config.NFQWS2_OPT="
--comment=Strategy__$strat
--filter-tcp=80
--filter-l7=http <HOSTLIST>
--payload=http_req
--lua-desync=fake:blob=fake_default_http:tcp_md5
--lua-desync=multisplit:pos=method+2
--new
--filter-tcp=443
--filter-l7=tls <HOSTLIST>
--payload=tls_client_hello
--lua-desync=multidisorder:payload=tls_client_hello:pos=100,midsld,sniext+1,endhost-2,-10
--lua-desync=send:sni=.microsoft
--new
--filter-udp=443
--filter-l7=quic <HOSTLIST_NOAUTO>
--payload=quic_initial
--lua-desync=fake:blob=fake_default_quic:repeats=4
"
commit $cfgname
EOF
fi
return 0
}
function set_cfg_default_values
{
local opt_flags=${1:--}
local opt_strat=${2:-default}
local cfgname=${3:-$ZAPRET_CFG_NAME}
if ! echo "$opt_flags" | grep -q "(skip_base)"; then
set_cfg_reset_values $cfgname
fi
if [ "$opt_strat" != "-" ]; then
set_cfg_nfqws_strat "$opt_strat" $cfgname
fi
if echo "$opt_flags" | grep -q "(set_mode_autohostlist)"; then
uci batch <<-EOF
set $cfgname.config.MODE_FILTER='autohostlist'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(enable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='0'
commit $cfgname
EOF
fi
if echo "$opt_flags" | grep -q "(disable_custom_d)"; then
uci batch <<-EOF
set $cfgname.config.DISABLE_CUSTOM='1'
commit $cfgname
EOF
fi
return 0
}

2
zapret/dwc.sh → zapret2/dwc.sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh
# Copyright (c) 2026 remittor
ZAP_TMP_DIR=/tmp/zapret_dwc
ZAP_TMP_DIR=/tmp/zapret2_dwc
opt_sites=
opt_dig=

0
zapret/files/fake/4pda.bin → zapret2/files/fake/4pda.bin
View File

0
zapret/files/fake/max.bin → zapret2/files/fake/max.bin
View File

0
zapret/files/fake/t2.bin → zapret2/files/fake/t2.bin
View File

0
zapret/files/fake/tls_clienthello_max_ru.bin → zapret2/files/fake/tls_clienthello_max_ru.bin
View File

2
zapret/init.d.sh → zapret2/init.d.sh
View File

@@ -7,7 +7,7 @@ START=21
SCRIPT_FILENAME=$1
. /opt/zapret/comfunc.sh
. /opt/zapret2/comfunc.sh
if ! is_valid_config ; then
logger -p err -t $ZAP_LOG_TAG "Wrong main config: $ZAPRET_CONFIG"

0
zapret/ipset/zapret-hosts-google.txt → zapret2/ipset/zapret-hosts-google.txt
View File

0
zapret/ipset/zapret-hosts-user-exclude.txt → zapret2/ipset/zapret-hosts-user-exclude.txt
View File

0
zapret/ipset/zapret-hosts-user.txt → zapret2/ipset/zapret-hosts-user.txt
View File

0
zapret/ipset/zapret-ip-exclude.txt → zapret2/ipset/zapret-ip-exclude.txt
View File

12
zapret/patches/0001-Add-support-log-file-for-each-daemons.patch → zapret2/patches/0001-Add-support-log-file-for-each-daemons.patch
View File

@@ -25,10 +25,10 @@ index 0af19c0..41c0967 100644
done
}
}
diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret
diff --git a/init.d/openwrt/zapret b/init.d/openwrt/zapret2
index 8d6d3a9..fcb1e91 100755
--- a/init.d/openwrt/zapret
+++ b/init.d/openwrt/zapret
--- a/init.d/openwrt/zapret2
+++ b/init.d/openwrt/zapret2
@@ -58,12 +58,29 @@ run_daemon()
# use $PIDDIR/$DAEMONBASE$1.pid as pidfile
local DAEMONBASE="$(basename "$2")"
@@ -51,15 +51,15 @@ index 8d6d3a9..fcb1e91 100755
procd_open_instance
- procd_set_param command $2 $3
+ procd_set_param command $DAEMON_PATH $DAEMON_ARGS
procd_set_param pidfile $PIDDIR/$DAEMONBASE$1.pid
procd_set_param pidfile $PIDDIR/${DAEMONBASE}_$1.pid
procd_close_instance
}
+DAEMON_CFGNAME="main"
+
run_tpws()
run_nfqws()
{
[ "$DISABLE_IPV4" = "1" ] && [ "$DISABLE_IPV6" = "1" ] && return 0
run_daemon $1 "$NFQWS2" "$NFQWS2_OPT_BASE $2"
--
2.41.0.windows.3

0
zapret/renew-cfg.sh → zapret2/renew-cfg.sh
View File

0
zapret/restore-def-cfg.sh → zapret2/restore-def-cfg.sh
View File

0
zapret/script-exec.sh → zapret2/script-exec.sh
View File

0
zapret/sync_config.sh → zapret2/sync_config.sh
View File

4
zapret/uci-def-cfg.sh → zapret2/uci-def-cfg.sh
View File

@@ -1,9 +1,9 @@
#!/bin/sh
# Copyright (c) 2024 remittor
[ ! -f /opt/zapret/comfunc.sh ] && exit 0
[ ! -f /opt/zapret2/comfunc.sh ] && exit 0
. /opt/zapret/comfunc.sh
. /opt/zapret2/comfunc.sh
mkdir -p $ZAPRET_BASE/ipset

0
zapret/update-pkg.sh → zapret2/update-pkg.sh
View File