diff --git a/ipkg/CONTROL/control b/ipkg/CONTROL/control index 75b5978..1416ca0 100644 --- a/ipkg/CONTROL/control +++ b/ipkg/CONTROL/control @@ -1,6 +1,6 @@ Package: ua3f Version: 1.2.1-1 -Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack +Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack, iptables-mod-ipopt Source: /feed/openwrt SourceName: UA3F License: GPL-3.0-only diff --git a/ipkg/CONTROL/control-e b/ipkg/CONTROL/control-e index 75b5978..1416ca0 100644 --- a/ipkg/CONTROL/control-e +++ b/ipkg/CONTROL/control-e @@ -1,6 +1,6 @@ Package: ua3f Version: 1.2.1-1 -Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack +Depends: luci-compat, ipset, iptables, iptables-mod-tproxy, iptables-mod-extra, iptables-mod-nat-extra, kmod-ipt-conntrack, iptables-mod-ipopt Source: /feed/openwrt SourceName: UA3F License: GPL-3.0-only diff --git a/openwrt/Makefile b/openwrt/Makefile index d35bdc3..1d80694 100644 --- a/openwrt/Makefile +++ b/openwrt/Makefile @@ -28,7 +28,7 @@ define Package/ua3f SUBMENU:=Web Servers/Proxies TITLE:=A SOCKS5 Server for User-Agent Rewriting URL:=https://github.com/SunBK201/UA3F - DEPENDS:=$(GO_ARCH_DEPENDS) +luci-compat +ipset +iptables +iptables-mod-tproxy +iptables-mod-extra +iptables-mod-nat-extra +kmod-ipt-conntrack + DEPENDS:=$(GO_ARCH_DEPENDS) +luci-compat +ipset +iptables +iptables-mod-tproxy +iptables-mod-extra +iptables-mod-nat-extra +kmod-ipt-conntrack +iptables-mod-ipopt endef define Package/ua3f/description diff --git a/openwrt/files/luci/cbi.lua b/openwrt/files/luci/cbi.lua index 5ad194d..1ac7bef 100644 --- a/openwrt/files/luci/cbi.lua +++ b/openwrt/files/luci/cbi.lua @@ -30,6 +30,7 @@ end general:tab("general", translate("Settings")) general:tab("stats", translate("Statistics")) general:tab("log", translate("Log")) +general:tab("others", translate("Others")) server_mode = general:taboption("general", ListValue, "server_mode", translate("Server Mode")) server_mode:value("SOCKS5", "SOCKS5") @@ -55,7 +56,7 @@ log_level.description = translate( ua = general:taboption("general", Value, "ua", translate("User-Agent")) ua.placeholder = "FFF" -ua.description = translate("User-Agent to be rewritten") +ua.description = translate("User-Agent after rewrite") uaRegexPattern = general:taboption("general", Value, "ua_regex", translate("User-Agent Regex Pattern")) uaRegexPattern.description = translate("Regular expression pattern for matching User-Agent") @@ -131,4 +132,7 @@ end stats = general:taboption("stats", DummyValue, "") stats.template = "ua3f/statistics" +ttl = general:taboption("others", Flag, "set_ttl", translate("Set TTL")) +ttl.description = translate("Set the TTL 64 for packets") + return ua3f diff --git a/openwrt/files/ua3f.init b/openwrt/files/ua3f.init index a3d3594..b73fbe9 100755 --- a/openwrt/files/ua3f.init +++ b/openwrt/files/ua3f.init @@ -13,6 +13,7 @@ SERVER_PORT="1080" FW_BACKEND="" NFT_TABLE="UA3F" +UA3F_TTL_TABLE="UA3F_TTL" UA3F_CHAIN="UA3F" UA3F_OUT_CHAIN="UA3F_OUTPUT" UA3F_LANSET="ua3f_localnetwork" @@ -25,6 +26,7 @@ SKIP_GIDS="" SIDECAR="OC" FAKEIP_RANGE="198.18.0.0/16, 198.18.0.1/15, 28.0.0.1/8" SKIP_PORTS="22,51080,51090" +SET_TTL="0" LOG_FILE="/var/log/ua3f/ua3f.log" @@ -162,7 +164,10 @@ cleanup_tproxy_route() { ip rule del fwmark 0x1c9 table "$ROUTE_TABLE" >/dev/null 2>&1 } -nft_drop_table() { nft delete table ip "$NFT_TABLE" 2>/dev/null; } +nft_drop_table() { + nft delete table ip "$NFT_TABLE" 2>/dev/null + nft delete table inet "$UA3F_TTL_TABLE" 2>/dev/null +} nft_reinit_table() { nft_drop_table @@ -240,11 +245,6 @@ fw_setup_nft_redirect_tcp() { nft add rule ip $NFT_TABLE output tcp dport != {22} counter redirect to :$SERVER_PORT comment '"cap scc"' } -fw_revert_nft() { - nft_drop_table - cleanup_tproxy_route -} - setup_ipset_ipt() { cleanup_ipset_ipt ipset create $UA3F_LANSET hash:net || return 1 @@ -349,6 +349,31 @@ cleanup_ipset_ipt() { ipset destroy $UA3F_LANSET 2>/dev/null } +set_ttl_nft() { + nft drop table inet $UA3F_TTL_TABLE 2>/dev/null + nft add table inet $UA3F_TTL_TABLE || return 1 + nft add chain inet $UA3F_TTL_TABLE postrouting '{ type filter hook postrouting priority -150; policy accept; }' || return 1 + nft add rule inet $UA3F_TTL_TABLE postrouting ip ttl set 64 || return 1 +} + +unset_ttl_nft() { + nft delete table inet $UA3F_TTL_TABLE 2>/dev/null +} + +set_ttl_ipt() { + iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64 || return 1 +} + +unset_ttl_ipt() { + iptables -t mangle -D POSTROUTING -j TTL --ttl-set 64 2>/dev/null +} + +fw_revert_nft() { + nft_drop_table + cleanup_tproxy_route + unset_ttl_nft +} + fw_revert_ipt() { # sidecar iptables -t mangle -F SIDECAR 2>/dev/null @@ -371,6 +396,8 @@ fw_revert_ipt() { # ipset cleanup_ipset_ipt cleanup_tproxy_route + # ttl + unset_ttl_ipt } start_service() { @@ -388,7 +415,7 @@ start_service() { LOG "Starting $NAME service..." - local server_mode port bind ua log_level ua_regex partial_replace + local server_mode port bind ua log_level ua_regex partial_replace set_ttl config_get server_mode "main" "server_mode" "SOCKS5" config_get port "main" "port" "1080" config_get bind "main" "bind" "127.0.0.1" @@ -396,10 +423,13 @@ start_service() { config_get ua_regex "main" "ua_regex" "" config_get_bool partial_replace "main" "partial_replace" 0 config_get log_level "main" "log_level" "info" + config_get_bool set_ttl "main" "set_ttl" 0 SERVER_MODE="$(echo "$server_mode" | tr '[:lower:]' '[:upper:]')" SERVER_MODE="$server_mode" + SET_TTL="$set_ttl" + LOG "Server Mode: $SERVER_MODE" LOG "Port: $port" LOG "Bind: $bind" @@ -407,6 +437,7 @@ start_service() { LOG "User-Agent Regex: $ua_regex" LOG "Log level: $log_level" LOG "Partial Replace: $partial_replace" + LOG "Set TTL: $SET_TTL" set_ua3f_group LOG "Run as GID: $UA3F_GID, Group: $UA3F_GROUP" @@ -464,6 +495,20 @@ start_service() { ;; esac + if [ "$SET_TTL" = "1" ]; then + if [ "$FW_BACKEND" = "nft" ]; then + set_ttl_nft || { + LOG "set_ttl_nft setup failed" + } + LOG "Set TTL 64 via nftables" + else + set_ttl_ipt || { + LOG "set_ttl_ipt setup failed" + } + LOG "Set TTL 64 via iptables" + fi + fi + # dump all fw rules for debug if [ "$log_level" = "debug" ]; then if [ "$FW_BACKEND" = "nft" ]; then diff --git a/openwrt/files/ua3f.uci b/openwrt/files/ua3f.uci index 0a3eea4..921df61 100644 --- a/openwrt/files/ua3f.uci +++ b/openwrt/files/ua3f.uci @@ -9,4 +9,5 @@ config 'ua3f' 'main' option ua_regex '(Apple|iPhone|iPad|Macintosh|Mac OS X|Mac|Darwin|Microsoft|Windows|Linux|Android|OpenHarmony|HUAWEI|OPPO|Vivo|XiaoMi|Mobile|Dalvik)' option partial_replace false option log_level 'error' - option log_lines '1000' \ No newline at end of file + option log_lines '1000' + option set_ttl '0' \ No newline at end of file diff --git a/openwrt/po/zh_cn/ua3f.po b/openwrt/po/zh_cn/ua3f.po index c8e4295..c3557e5 100644 --- a/openwrt/po/zh_cn/ua3f.po +++ b/openwrt/po/zh_cn/ua3f.po @@ -41,6 +41,9 @@ msgstr "日志级别" msgid "User-Agent" msgstr "User-Agent" +msgid "User-Agent after rewrite" +msgstr "重写后的 User-Agent" + msgid "User-Agent Regex Pattern" msgstr "User-Agent 正则表达式" @@ -88,3 +91,12 @@ msgstr "下载日志" msgid "Clear Logs" msgstr "清除日志" + +msgid "Others" +msgstr "其他" + +msgid "Set TTL" +msgstr "固定 TTL" + +msgid "Set the TTL 64 for packets" +msgstr "固定数据包的 TTL" \ No newline at end of file