mirror of
https://github.com/SunBK201/UA3F.git
synced 2025-12-16 08:44:29 +00:00
feat: add TTL settings
This commit is contained in:
SunBK201
parent
a6fb5a65d4
commit
383d7edabd
@ -1,6 +1,6 @@
|
||||
Package: ua3f
|
||||
Version: 1.2.1-1
|
||||
Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack
|
||||
Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack, iptables-mod-ipopt
|
||||
Source: /feed/openwrt
|
||||
SourceName: UA3F
|
||||
License: GPL-3.0-only
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Package: ua3f
|
||||
Version: 1.2.1-1
|
||||
Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack
|
||||
Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack, iptables-mod-ipopt
|
||||
Source: /feed/openwrt
|
||||
SourceName: UA3F
|
||||
License: GPL-3.0-only
|
||||
|
||||
@ -28,7 +28,7 @@ define Package/ua3f
|
||||
SUBMENU:=Web Servers/Proxies
|
||||
TITLE:=A SOCKS5 Server for User-Agent Rewriting
|
||||
URL:=https://github.com/SunBK201/UA3F
|
||||
DEPENDS:=$(GO_ARCH_DEPENDS) +luci-compat +ipset +iptables +iptables-mod-tproxy +iptables-mod-extra +iptables-mod-nat-extra +kmod-ipt-conntrack
|
||||
DEPENDS:=$(GO_ARCH_DEPENDS) +luci-compat +ipset +iptables +iptables-mod-tproxy +iptables-mod-extra +iptables-mod-nat-extra +kmod-ipt-conntrack +iptables-mod-ipopt
|
||||
endef
|
||||
|
||||
define Package/ua3f/description
|
||||
|
||||
@ -30,6 +30,7 @@ end
|
||||
general:tab("general", translate("Settings"))
|
||||
general:tab("stats", translate("Statistics"))
|
||||
general:tab("log", translate("Log"))
|
||||
general:tab("others", translate("Others"))
|
||||
|
||||
server_mode = general:taboption("general", ListValue, "server_mode", translate("Server Mode"))
|
||||
server_mode:value("SOCKS5", "SOCKS5")
|
||||
@ -55,7 +56,7 @@ log_level.description = translate(
|
||||
|
||||
ua = general:taboption("general", Value, "ua", translate("User-Agent"))
|
||||
ua.placeholder = "FFF"
|
||||
ua.description = translate("User-Agent to be rewritten")
|
||||
ua.description = translate("User-Agent after rewrite")
|
||||
|
||||
uaRegexPattern = general:taboption("general", Value, "ua_regex", translate("User-Agent Regex Pattern"))
|
||||
uaRegexPattern.description = translate("Regular expression pattern for matching User-Agent")
|
||||
@ -131,4 +132,7 @@ end
|
||||
stats = general:taboption("stats", DummyValue, "")
|
||||
stats.template = "ua3f/statistics"
|
||||
|
||||
ttl = general:taboption("others", Flag, "set_ttl", translate("Set TTL"))
|
||||
ttl.description = translate("Set the TTL 64 for packets")
|
||||
|
||||
return ua3f
|
||||
|
||||
@ -13,6 +13,7 @@ SERVER_PORT="1080"
|
||||
|
||||
FW_BACKEND=""
|
||||
NFT_TABLE="UA3F"
|
||||
UA3F_TTL_TABLE="UA3F_TTL"
|
||||
UA3F_CHAIN="UA3F"
|
||||
UA3F_OUT_CHAIN="UA3F_OUTPUT"
|
||||
UA3F_LANSET="ua3f_localnetwork"
|
||||
@ -25,6 +26,7 @@ SKIP_GIDS=""
|
||||
SIDECAR="OC"
|
||||
FAKEIP_RANGE="198.18.0.0/16, 198.18.0.1/15, 28.0.0.1/8"
|
||||
SKIP_PORTS="22,51080,51090"
|
||||
SET_TTL="0"
|
||||
|
||||
LOG_FILE="/var/log/ua3f/ua3f.log"
|
||||
|
||||
@ -162,7 +164,10 @@ cleanup_tproxy_route() {
|
||||
ip rule del fwmark 0x1c9 table "$ROUTE_TABLE" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
nft_drop_table() { nft delete table ip "$NFT_TABLE" 2>/dev/null; }
|
||||
nft_drop_table() {
|
||||
nft delete table ip "$NFT_TABLE" 2>/dev/null
|
||||
nft delete table inet "$UA3F_TTL_TABLE" 2>/dev/null
|
||||
}
|
||||
|
||||
nft_reinit_table() {
|
||||
nft_drop_table
|
||||
@ -240,11 +245,6 @@ fw_setup_nft_redirect_tcp() {
|
||||
nft add rule ip $NFT_TABLE output tcp dport != {22} counter redirect to :$SERVER_PORT comment '"cap scc"'
|
||||
}
|
||||
|
||||
fw_revert_nft() {
|
||||
nft_drop_table
|
||||
cleanup_tproxy_route
|
||||
}
|
||||
|
||||
setup_ipset_ipt() {
|
||||
cleanup_ipset_ipt
|
||||
ipset create $UA3F_LANSET hash:net || return 1
|
||||
@ -349,6 +349,31 @@ cleanup_ipset_ipt() {
|
||||
ipset destroy $UA3F_LANSET 2>/dev/null
|
||||
}
|
||||
|
||||
set_ttl_nft() {
|
||||
nft drop table inet $UA3F_TTL_TABLE 2>/dev/null
|
||||
nft add table inet $UA3F_TTL_TABLE || return 1
|
||||
nft add chain inet $UA3F_TTL_TABLE postrouting '{ type filter hook postrouting priority -150; policy accept; }' || return 1
|
||||
nft add rule inet $UA3F_TTL_TABLE postrouting ip ttl set 64 || return 1
|
||||
}
|
||||
|
||||
unset_ttl_nft() {
|
||||
nft delete table inet $UA3F_TTL_TABLE 2>/dev/null
|
||||
}
|
||||
|
||||
set_ttl_ipt() {
|
||||
iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64 || return 1
|
||||
}
|
||||
|
||||
unset_ttl_ipt() {
|
||||
iptables -t mangle -D POSTROUTING -j TTL --ttl-set 64 2>/dev/null
|
||||
}
|
||||
|
||||
fw_revert_nft() {
|
||||
nft_drop_table
|
||||
cleanup_tproxy_route
|
||||
unset_ttl_nft
|
||||
}
|
||||
|
||||
fw_revert_ipt() {
|
||||
# sidecar
|
||||
iptables -t mangle -F SIDECAR 2>/dev/null
|
||||
@ -371,6 +396,8 @@ fw_revert_ipt() {
|
||||
# ipset
|
||||
cleanup_ipset_ipt
|
||||
cleanup_tproxy_route
|
||||
# ttl
|
||||
unset_ttl_ipt
|
||||
}
|
||||
|
||||
start_service() {
|
||||
@ -388,7 +415,7 @@ start_service() {
|
||||
|
||||
LOG "Starting $NAME service..."
|
||||
|
||||
local server_mode port bind ua log_level ua_regex partial_replace
|
||||
local server_mode port bind ua log_level ua_regex partial_replace set_ttl
|
||||
config_get server_mode "main" "server_mode" "SOCKS5"
|
||||
config_get port "main" "port" "1080"
|
||||
config_get bind "main" "bind" "127.0.0.1"
|
||||
@ -396,10 +423,13 @@ start_service() {
|
||||
config_get ua_regex "main" "ua_regex" ""
|
||||
config_get_bool partial_replace "main" "partial_replace" 0
|
||||
config_get log_level "main" "log_level" "info"
|
||||
config_get_bool set_ttl "main" "set_ttl" 0
|
||||
|
||||
SERVER_MODE="$(echo "$server_mode" | tr '[:lower:]' '[:upper:]')"
|
||||
SERVER_MODE="$server_mode"
|
||||
|
||||
SET_TTL="$set_ttl"
|
||||
|
||||
LOG "Server Mode: $SERVER_MODE"
|
||||
LOG "Port: $port"
|
||||
LOG "Bind: $bind"
|
||||
@ -407,6 +437,7 @@ start_service() {
|
||||
LOG "User-Agent Regex: $ua_regex"
|
||||
LOG "Log level: $log_level"
|
||||
LOG "Partial Replace: $partial_replace"
|
||||
LOG "Set TTL: $SET_TTL"
|
||||
|
||||
set_ua3f_group
|
||||
LOG "Run as GID: $UA3F_GID, Group: $UA3F_GROUP"
|
||||
@ -464,6 +495,20 @@ start_service() {
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "$SET_TTL" = "1" ]; then
|
||||
if [ "$FW_BACKEND" = "nft" ]; then
|
||||
set_ttl_nft || {
|
||||
LOG "set_ttl_nft setup failed"
|
||||
}
|
||||
LOG "Set TTL 64 via nftables"
|
||||
else
|
||||
set_ttl_ipt || {
|
||||
LOG "set_ttl_ipt setup failed"
|
||||
}
|
||||
LOG "Set TTL 64 via iptables"
|
||||
fi
|
||||
fi
|
||||
|
||||
# dump all fw rules for debug
|
||||
if [ "$log_level" = "debug" ]; then
|
||||
if [ "$FW_BACKEND" = "nft" ]; then
|
||||
|
||||
@ -9,4 +9,5 @@ config 'ua3f' 'main'
|
||||
option ua_regex '(Apple|iPhone|iPad|Macintosh|Mac OS X|Mac|Darwin|Microsoft|Windows|Linux|Android|OpenHarmony|HUAWEI|OPPO|Vivo|XiaoMi|Mobile|Dalvik)'
|
||||
option partial_replace false
|
||||
option log_level 'error'
|
||||
option log_lines '1000'
|
||||
option log_lines '1000'
|
||||
option set_ttl '0'
|
||||
@ -41,6 +41,9 @@ msgstr "日志级别"
|
||||
msgid "User-Agent"
|
||||
msgstr "User-Agent"
|
||||
|
||||
msgid "User-Agent after rewrite"
|
||||
msgstr "重写后的 User-Agent"
|
||||
|
||||
msgid "User-Agent Regex Pattern"
|
||||
msgstr "User-Agent 正则表达式"
|
||||
|
||||
@ -88,3 +91,12 @@ msgstr "下载日志"
|
||||
|
||||
msgid "Clear Logs"
|
||||
msgstr "清除日志"
|
||||
|
||||
msgid "Others"
|
||||
msgstr "其他"
|
||||
|
||||
msgid "Set TTL"
|
||||
msgstr "固定 TTL"
|
||||
|
||||
msgid "Set the TTL 64 for packets"
|
||||
msgstr "固定数据包的 TTL"
|
||||
Loading…
Reference in New Issue
Block a user