diff --git a/ruantiblock/files/usr/bin/ruantiblock b/ruantiblock/files/usr/bin/ruantiblock index e01dad9..996dee7 100755 --- a/ruantiblock/files/usr/bin/ruantiblock +++ b/ruantiblock/files/usr/bin/ruantiblock @@ -516,8 +516,8 @@ UpdateBllistProxySet() { _ip_string=`FormatNftSetElemsList "$_ip_string"` if [ $DEBUG -ge 1 ]; then - echo " ruantiblock.UpdateBllistProxySet()._ip_string=${_ip_string=}; _name=${_name}" >&2 - MakeLogRecord "debug" "ruantiblock.UpdateBllistProxySet()._ip_string=${_ip_string=}; _name=${_name}" + echo " ruantiblock.UpdateBllistProxySet()._ip_string=${_ip_string}; _name=${_name}" >&2 + MakeLogRecord "debug" "ruantiblock.UpdateBllistProxySet()._ip_string=${_ip_string}; _name=${_name}" fi if [ -n "$_ip_string" ]; then @@ -834,7 +834,7 @@ AddUserEntries() { ClearDataFiles user_instances fi - for _inst in $USER_INSTANCES_ALL + for _inst in $USER_INSTANCES_ALL_FNAMES do IncludeUserInstanceVars "$_inst" _instance_entries_file="${USER_LISTS_DIR}/${_inst}" @@ -844,14 +844,14 @@ AddUserEntries() { MakeLogRecord "debug" "ruantiblock.AddUserEntries._instance_entries_file=${_instance_entries_file}" fi - printf "flush set %s %s\nflush set %s %s\n" "$NFT_TABLE" "${NFTSET_CIDR}.${_inst}" "$NFT_TABLE" "${NFTSET_IP}.${_inst}" >> "$_ip_data_file_user_instances" + printf "flush set %s %s\nflush set %s %s\n" "$NFT_TABLE" "${NFTSET_CIDR}.${U_NAME}" "$NFT_TABLE" "${NFTSET_IP}.${U_NAME}" >> "$_ip_data_file_user_instances" if [ "$U_PROXY_MODE" != "2" -a "$U_PROXY_MODE" != "3" ]; then ### Запись для .onion - printf "server=/onion/%s\nnftset=/onion/%s#%s\n" "$U_ONION_DNS_ADDR" "$NFT_TABLE_DNSMASQ" "${NFTSET_ONION}.${_inst}" >> "$_dnsmasq_data_file_user_instances" + printf "server=/onion/%s\nnftset=/onion/%s#%s\n" "$U_ONION_DNS_ADDR" "$NFT_TABLE_DNSMASQ" "${NFTSET_ONION}.${U_NAME}" >> "$_dnsmasq_data_file_user_instances" fi if [ -f "$_instance_entries_file" ]; then - { cat "$_instance_entries_file"; printf "\n0\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}.${_inst}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}.${_inst}"`" "${NFTSET_DNSMASQ}.${_inst}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${_inst}:local" "$U_ENTRIES_DNS" + { cat "$_instance_entries_file"; printf "\n0\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}.${U_NAME}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}.${U_NAME}"`" "${NFTSET_DNSMASQ}.${U_NAME}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${U_NAME}:local" "$U_ENTRIES_DNS" fi if [ -n "$U_ENTRIES_REMOTE" ]; then for _url in $U_ENTRIES_REMOTE @@ -861,17 +861,17 @@ AddUserEntries() { while : do if [ "$U_ENABLE_ENTRIES_REMOTE_PROXY" = "1" ]; then - UpdateBllistProxySet "$_inst" "$_url" + UpdateBllistProxySet "$U_NAME" "$_url" fi - { Download - "$_url"; printf "\n$?\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}.${_inst}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}.${_inst}"`" "${NFTSET_DNSMASQ}.${_inst}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${_inst}:${_url}" "$U_ENTRIES_DNS" + { Download - "$_url"; printf "\n$?\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}.${U_NAME}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}.${U_NAME}"`" "${NFTSET_DNSMASQ}.${U_NAME}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${U_NAME}:${_url}" "$U_ENTRIES_DNS" if [ $? -eq 0 ]; then _instance_return_code=0 break else _instance_return_code=1 ### STDOUT - echo " User entries download attempt ${_attempt}: failed [${_inst}:${_url}]" >&2 - MakeLogRecord "err" "User entries download attempt ${_attempt}: failed [${_inst}:${_url}]" + echo " User entries download attempt ${_attempt}: failed [${U_NAME}:${_url}]" >&2 + MakeLogRecord "err" "User entries download attempt ${_attempt}: failed [${U_NAME}:${_url}]" _attempt=$(($_attempt + 1)) [ $_attempt -gt $USER_ENTRIES_REMOTE_DOWNLOAD_ATTEMPTS ] && break sleep $USER_ENTRIES_REMOTE_DOWNLOAD_TIMEOUT @@ -885,7 +885,7 @@ AddUserEntries() { fi done if [ "$U_ENABLE_ENTRIES_REMOTE_PROXY" = "1" ]; then - FlushNftSets "${NFTSET_BLLIST_PROXY}.${_inst}" + FlushNftSets "${NFTSET_BLLIST_PROXY}.${U_NAME}" fi fi ClearUserInstanceVars diff --git a/ruantiblock/files/usr/share/ruantiblock/config_script b/ruantiblock/files/usr/share/ruantiblock/config_script index a2a67bc..94d6d17 100644 --- a/ruantiblock/files/usr/share/ruantiblock/config_script +++ b/ruantiblock/files/usr/share/ruantiblock/config_script @@ -1,3 +1,4 @@ + UCI_SECTION="ruantiblock.config" UCI_VARS="dnsmasq_cfg_dir proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_mode bypass_entries_dns enable_fproxy fproxy_list enable_bllist_proxy if_vpn vpn_gw_ip vpn_route_check tor_trans_port onion_dns_addr t_proxy_type t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup enable_tmp_downloads" UCI_CMD=`which uci` @@ -27,3 +28,9 @@ eval `$UCI_CMD show "$UCI_SECTION" | $AWK_CMD -F "=" -v UCI_VARS="$UCI_VARS" ' print toupper(i) "=\"""\""; }; }'` + +. /lib/functions/network.sh +network_get_subnet subnet_lan "lan" +if [ -n "$subnet_lan" ]; then + FPROXY_PRIVATE_NETS="${subnet_lan} ${FPROXY_PRIVATE_NETS}" +fi diff --git a/ruantiblock/files/usr/share/ruantiblock/nft_functions b/ruantiblock/files/usr/share/ruantiblock/nft_functions index 38cd62a..edabd2f 100644 --- a/ruantiblock/files/usr/share/ruantiblock/nft_functions +++ b/ruantiblock/files/usr/share/ruantiblock/nft_functions @@ -35,16 +35,16 @@ NftCmdWrapper() { NftRouteDelete() { local _route_table_id=$1 - $IP_CMD route flush table $_route_table_id - $IP_CMD rule del table $_route_table_id + $IP_CMD route flush table "$_route_table_id" + $IP_CMD rule del table "$_route_table_id" } NftRouteAdd() { local _vpn_ip _type="$1" _route_table_id=$2 _pkts_mark=$3 _if_vpn="$4" _vpn_gw_ip="$5" if [ "$_type" = "lo" ]; then - echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter - $IP_CMD rule add fwmark $_pkts_mark table $_route_table_id priority $LO_RULE_PRIO - $IP_CMD route add local default dev lo table $_route_table_id + echo 0 > "/proc/sys/net/ipv4/conf/lo/rp_filter" + $IP_CMD rule add fwmark "$_pkts_mark" table "$_route_table_id" priority "$LO_RULE_PRIO" + $IP_CMD route add local default dev lo table "$_route_table_id" if [ $DEBUG -ge 1 ]; then echo " nft_functions.NftRouteAdd: ${IP_CMD} rule add fwmark ${_pkts_mark} table ${_route_table_id} priority ${LO_RULE_PRIO}" >&2 @@ -56,13 +56,13 @@ NftRouteAdd() { if [ -n "$_vpn_gw_ip" ]; then _vpn_ip="$_vpn_gw_ip" else - _vpn_ip=`$IP_CMD addr list dev $_if_vpn 2> /dev/null | $AWK_CMD '/inet/{f=($3 == "peer") ? 4 : 2; sub("/[0-9]{1,2}$", "", $f); print $f; exit}'` + _vpn_ip=`$IP_CMD addr list dev "$_if_vpn" 2> /dev/null | $AWK_CMD '/inet/{f=($3 == "peer") ? 4 : 2; sub("/[0-9]{1,2}$", "", $f); print $f; exit}'` fi if [ -n "$_vpn_ip" -a "$_type" = "vpn" ]; then - echo 0 > /proc/sys/net/ipv4/conf/$_if_vpn/rp_filter - NftRouteDelete $_route_table_id 2> /dev/null - $IP_CMD rule add fwmark $_pkts_mark table $_route_table_id priority $VPN_RULE_PRIO - $IP_CMD route add default via $_vpn_ip table $_route_table_id + echo 0 > "/proc/sys/net/ipv4/conf/${_if_vpn}/rp_filter" + NftRouteDelete "$_route_table_id" 2> /dev/null + $IP_CMD rule add fwmark "$_pkts_mark" table "$_route_table_id" priority "$VPN_RULE_PRIO" + $IP_CMD route add default via "$_vpn_ip" table "$_route_table_id" if [ $? -ne 0 ]; then echo " Error! An error occurred while adding the route. Routing table id=${_route_table_id}, VPN gateway IP=${_vpn_ip}" >&2 MakeLogRecord "err" "Error! An error occurred while adding the route. Routing table id=${_route_table_id}, VPN gateway IP=${_vpn_ip}" @@ -80,7 +80,7 @@ NftRouteAdd() { NftRouteStatus() { local _route_table_id=$1 - [ -n "`$IP_CMD route show table $_route_table_id 2> /dev/null`" ] && return 0 + [ -n "`$IP_CMD route show table "$_route_table_id" 2> /dev/null`" ] && return 0 return 1 } @@ -88,7 +88,7 @@ NftAddBaseChains() { local _chain_prio_first=$1 _chain_prio_local=$2 _chain_prio_fproxy=$3 $NFT_CMD add chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" { type route hook output priority ${_chain_prio_local}\; policy accept\; } $NFT_CMD add chain $NFT_TABLE "$NFT_BLLIST_CHAIN" - $NFT_CMD add chain $NFT_TABLE "$NFT_FPROXY_CHAIN" { type filter hook prerouting priority ${_chain_prio_fproxy}\; policy accept\; } + $NFT_CMD add chain $NFT_TABLE "$NFT_FPROXY_CHAIN" { type filter hook prerouting priority ${_chain_prio_fproxy}\; policy accept\; } $NFT_CMD add chain $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" { type filter hook prerouting priority ${_chain_prio_first}\; policy accept\; } NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_FPROXY_CHAIN" meta iif lo return NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_FPROXY_CHAIN" ip daddr "@${NFTSET_FPROXY_PRIVATE}" return