OSDN Git Service

luci-app-passwall: sync with upstream
authorTianling Shen <cnsztl@immortalwrt.org>
Sun, 12 Jun 2022 12:53:59 +0000 (20:53 +0800)
committerTianling Shen <cnsztl@immortalwrt.org>
Sun, 12 Jun 2022 12:53:59 +0000 (20:53 +0800)
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
14 files changed:
applications/luci-app-passwall/Makefile
applications/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
applications/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
applications/luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe_config.lua
applications/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua
applications/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
applications/luci-app-passwall/luasrc/model/cbi/passwall/server/api/shadowsocks.lua
applications/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
applications/luci-app-passwall/po/zh_Hans/passwall.po
applications/luci-app-passwall/root/usr/share/passwall/0_default_config
applications/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
applications/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
applications/luci-app-passwall/root/usr/share/passwall/rule_update.lua
applications/luci-app-passwall/root/usr/share/passwall/subscribe.lua

index 20ff610..4d336e1 100644 (file)
@@ -46,6 +46,7 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +coreutils-nohup +curl \
        +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Client:shadowsocks-libev-ss-redir \
        +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Libev_Server:shadowsocks-libev-ss-server \
        +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client:shadowsocks-rust-sslocal \
+       +PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server:shadowsocks-rust-ssserver \
        +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client:shadowsocksr-libev-ssr-local \
        +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client:shadowsocksr-libev-ssr-redir \
        +PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Server:shadowsocksr-libev-ssr-server \
@@ -113,6 +114,11 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Client
        depends on aarch64||arm||i386||mips||mipsel||x86_64
        default y if aarch64
 
+config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Rust_Server
+       bool "Include Shadowsocks Rust Server"
+       depends on aarch64||arm||i386||mips||mipsel||x86_64
+       default n
+
 config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Libev_Client
        bool "Include ShadowsocksR Libev Client"
        default y
index 521c235..92a15da 100644 (file)
@@ -177,7 +177,8 @@ function gen_outbound(node, tag, proxy_table)
                     path = node.ws_path or "",
                     headers = (node.ws_host ~= nil) and
                         {Host = node.ws_host} or nil,
-                    maxEarlyData = tonumber(node.ws_maxEarlyData) or nil
+                    maxEarlyData = tonumber(node.ws_maxEarlyData) or nil,
+                    earlyDataHeaderName = (node.ws_earlyDataHeaderName) and node.ws_earlyDataHeaderName or nil
                 } or nil,
                 httpSettings = (node.transport == "h2") and {
                     path = node.h2_path,
@@ -224,6 +225,7 @@ function gen_outbound(node, tag, proxy_table)
                         method = node.method or nil,
                         flow = node.flow or nil,
                         ivCheck = (node.protocol == "shadowsocks") and node.iv_check == "1" or nil,
+                        uot = (node.protocol == "shadowsocks") and node.uot == "1" or nil,
                         password = node.password or "",
                         users = (node.username and node.password) and {
                             {
index 8614efd..e2d82a1 100644 (file)
@@ -42,7 +42,7 @@ local v_ss_encrypt_method_list = {
 }
 
 local x_ss_encrypt_method_list = {
-    "aes-128-gcm", "aes-256-gcm", "chacha20-poly1305", "xchacha20-poly1305"
+    "aes-128-gcm", "aes-256-gcm", "chacha20-poly1305", "xchacha20-poly1305", "2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"
 }
 
 local security_list = {"none", "auto", "aes-128-gcm", "chacha20-poly1305", "zero"}
@@ -405,6 +405,9 @@ iv_check = s:option(Flag, "iv_check", translate("IV Check"))
 iv_check:depends({ type = "V2ray", protocol = "shadowsocks" })
 iv_check:depends({ type = "Xray", protocol = "shadowsocks" })
 
+uot = s:option(Flag, "uot", translate("UDP over TCP"), translate("Need Xray server side with Shadowsocks-2022 protocol"))
+uot:depends({ type = "Xray", protocol = "shadowsocks" })
+
 ssr_protocol = s:option(Value, "ssr_protocol", translate("Protocol"))
 for a, t in ipairs(ssr_protocol_list) do ssr_protocol:value(t) end
 ssr_protocol:depends("type", "SSR")
@@ -689,17 +692,14 @@ ws_path:depends("trojan_transport", "ws")
 ws_path:depends({ type = "Brook", brook_protocol = "wsclient" })
 
 ws_enableEarlyData = s:option(Flag, "ws_enableEarlyData", translate("Enable early data"))
-ws_enableEarlyData:depends("transport", "ws")
+ws_enableEarlyData:depends({ type = "V2ray", transport = "ws" })
 
 ws_maxEarlyData = s:option(Value, "ws_maxEarlyData", translate("Early data length"))
 ws_maxEarlyData.default = "1024"
 ws_maxEarlyData:depends("ws_enableEarlyData", true)
-function ws_maxEarlyData.cfgvalue(self, section)
-       return m:get(section, "ws_maxEarlyData")
-end
-function ws_maxEarlyData.write(self, section, value)
-       m:set(section, "ws_maxEarlyData", value)
-end
+
+ws_earlyDataHeaderName = s:option(Value, "ws_earlyDataHeaderName", translate("Early data header name"), translate("Recommended value: Sec-WebSocket-Protocol"))
+ws_earlyDataHeaderName:depends("ws_enableEarlyData", true)
 
 -- [[ HTTP/2部分 ]]--
 h2_host = s:option(Value, "h2_host", translate("HTTP/2 Host"))
index 402ba48..cc1f25a 100644 (file)
@@ -45,7 +45,7 @@ o.rows = 5
 o.rmempty = false
 
 o = s:option(Flag, "allowInsecure", translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, Certificate validation will be skipped."))
-o.default = "1"
+o.default = "0"
 o.rmempty = false
 
 o = s:option(ListValue, "filter_keyword_mode", translate("Filter keyword Mode"))
index 1303ce6..b2591ec 100644 (file)
@@ -15,18 +15,18 @@ o.rmempty = false
 
 ---- gfwlist URL
 o = s:option(DynamicList, "gfwlist_url", translate("GFW domains(gfwlist) Update URL"))
-o:value("https://cdn.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt", translate("v2fly/domain-list-community"))
-o:value("https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt", translate("Loyalsoldier/v2ray-rules-dat"))
-o:value("https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt", translate("Loukky/gfwlist-by-loukky"))
-o:value("https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt", translate("gfwlist/gfwlist"))
-o.default = "https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt"
+o:value("https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt", translate("v2fly/domain-list-community"))
+o:value("https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt", translate("Loyalsoldier/v2ray-rules-dat"))
+o:value("https://fastly.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt", translate("Loukky/gfwlist-by-loukky"))
+o:value("https://fastly.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt", translate("gfwlist/gfwlist"))
+o.default = "https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt"
 
 ----chnroute  URL
 o = s:option(DynamicList, "chnroute_url", translate("China IPs(chnroute) Update URL"))
 o:value("https://ispip.clang.cn/all_cn.txt", translate("Clang.CN"))
 o:value("https://ispip.clang.cn/all_cn_cidr.txt", translate("Clang.CN.CIDR"))
-o:value("https://cdn.jsdelivr.net/gh/soffchen/GeoIP2-CN@release/CN-ip-cidr.txt", translate("soffchen/GeoIP2-CN"))
-o:value("https://cdn.jsdelivr.net/gh/Hackl0us/GeoIP2-CN@release/CN-ip-cidr.txt", translate("Hackl0us/GeoIP2-CN"))
+o:value("https://fastly.jsdelivr.net/gh/soffchen/GeoIP2-CN@release/CN-ip-cidr.txt", translate("soffchen/GeoIP2-CN"))
+o:value("https://fastly.jsdelivr.net/gh/Hackl0us/GeoIP2-CN@release/CN-ip-cidr.txt", translate("Hackl0us/GeoIP2-CN"))
 o.default = "https://ispip.clang.cn/all_cn.txt"
 
 ----chnroute6 URL
@@ -36,9 +36,9 @@ o.default = "https://ispip.clang.cn/all_cn_ipv6.txt"
 
 ----chnlist URL
 o = s:option(DynamicList, "chnlist_url", translate("China List(Chnlist) Update URL"))
-o:value("https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf", translate("felixonmars/domains.china"))
-o:value("https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf", translate("felixonmars/apple.china"))
-o:value("https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf", translate("felixonmars/google.china"))
+o:value("https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf", translate("felixonmars/domains.china"))
+o:value("https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf", translate("felixonmars/apple.china"))
+o:value("https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf", translate("felixonmars/google.china"))
 
 s:append(Template(appname .. "/rule/rule_version"))
 
index 92693bd..ffc7c3b 100755 (executable)
@@ -121,6 +121,9 @@ local function start()
                 end
                 type = type:lower()
                 bin = ln_run("/usr/bin/" .. type .. "-server", type .. "-server", "-c " .. config_file .. " " .. udp_param, log_path)
+            elseif type == "SS-Rust" then
+                config = require(require_dir .. "shadowsocks").gen_config(user)
+                bin = ln_run("/usr/bin/ssserver", "ssserver", "-c " .. config_file, log_path)
             elseif type == "V2ray" then
                 config = require(require_dir .. "v2ray").gen_config(user)
                 bin = ln_run(api.get_v2ray_path(), "v2ray", "run -c " .. config_file, log_path)
index fdd18e0..5b32c46 100644 (file)
@@ -1,13 +1,19 @@
 module("luci.model.cbi.passwall.server.api.shadowsocks", package.seeall)
 function gen_config(user)
     local config = {}
-    config.server = {"[::0]", "0.0.0.0"}
     config.server_port = tonumber(user.port)
     config.password = user.password
     config.timeout = tonumber(user.timeout)
     config.fast_open = (user.tcp_fast_open and user.tcp_fast_open == "1") and true or false
     config.method = user.method
 
+    if user.type == "SS-Rust" then
+        config.server = "::"
+        config.mode = "tcp_and_udp"
+    else
+        config.server = {"[::0]", "0.0.0.0"}
+    end
+
     if user.type == "SSR" then
         config.protocol = user.protocol
         config.protocol_param = user.protocol_param
index 8b0a5f2..cc016c3 100644 (file)
@@ -9,6 +9,12 @@ local ss_encrypt_method_list = {
     "xchacha20-ietf-poly1305"
 }
 
+local ss_rust_encrypt_method_list = {
+    "plain", "none",
+    "aes-128-gcm", "aes-256-gcm", "chacha20-ietf-poly1305",
+    "2022-blake3-aes-128-gcm","2022-blake3-aes-256-gcm","2022-blake3-chacha8-poly1305","2022-blake3-chacha20-poly1305"
+}
+
 local ssr_encrypt_method_list = {
     "none", "table", "rc2-cfb", "rc4", "rc4-md5", "rc4-md5-6", "aes-128-cfb",
     "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr",
@@ -33,7 +39,7 @@ local v_ss_encrypt_method_list = {
 }
 
 local x_ss_encrypt_method_list = {
-    "aes-128-gcm", "aes-256-gcm", "chacha20-poly1305", "xchacha20-poly1305"
+    "aes-128-gcm", "aes-256-gcm", "chacha20-poly1305", "xchacha20-poly1305", "2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "2022-blake3-chacha20-poly1305"
 }
 
 local header_type_list = {
@@ -68,6 +74,9 @@ end
 if api.is_finded("ss-server") then
     type:value("SS", translate("Shadowsocks"))
 end
+if api.is_finded("ssserver") then
+    type:value("SS-Rust", translate("Shadowsocks Rust"))
+end
 if api.is_finded("ssr-server") then
     type:value("SSR", translate("ShadowsocksR"))
 end
@@ -150,6 +159,7 @@ password = s:option(Value, "password", translate("Password"))
 password.password = true
 password:depends("auth", true)
 password:depends("type", "SS")
+password:depends("type", "SS-Rust")
 password:depends("type", "SSR")
 password:depends("type", "Brook")
 password:depends({ type = "V2ray", protocol = "shadowsocks" })
@@ -245,6 +255,16 @@ function ss_encrypt_method.write(self, section, value)
        m:set(section, "method", value)
 end
 
+ss_rust_encrypt_method = s:option(ListValue, "ss_rust_encrypt_method", translate("Encrypt Method"))
+for a, t in ipairs(ss_rust_encrypt_method_list) do ss_rust_encrypt_method:value(t) end
+ss_rust_encrypt_method:depends("type", "SS-Rust")
+function ss_rust_encrypt_method.cfgvalue(self, section)
+       return m:get(section, "method")
+end
+function ss_rust_encrypt_method.write(self, section, value)
+       m:set(section, "method", value)
+end
+
 ssr_encrypt_method = s:option(ListValue, "ssr_encrypt_method", translate("Encrypt Method"))
 for a, t in ipairs(ssr_encrypt_method_list) do ssr_encrypt_method:value(t) end
 ssr_encrypt_method:depends("type", "SSR")
@@ -311,6 +331,7 @@ timeout = s:option(Value, "timeout", translate("Connection Timeout"))
 timeout.datatype = "uinteger"
 timeout.default = 300
 timeout:depends("type", "SS")
+timeout:depends("type", "SS-Rust")
 timeout:depends("type", "SSR")
 
 udp_forward = s:option(Flag, "udp_forward", translate("UDP Forward"))
@@ -617,6 +638,7 @@ ss_aead_pwd:depends("ss_aead", true)
 tcp_fast_open = s:option(Flag, "tcp_fast_open", translate("TCP Fast Open"))
 tcp_fast_open.default = "0"
 tcp_fast_open:depends("type", "SS")
+tcp_fast_open:depends("type", "SS-Rust")
 tcp_fast_open:depends("type", "SSR")
 tcp_fast_open:depends("type", "Trojan")
 tcp_fast_open:depends("type", "Trojan-Plus")
index e7036c0..c7afa0d 100644 (file)
@@ -994,6 +994,12 @@ msgstr "密码"
 msgid "IV Check"
 msgstr "IV 检查"
 
+msgid "UDP over TCP"
+msgstr "TCP封装UDP"
+
+msgid "Need Xray server side with Shadowsocks-2022 protocol"
+msgstr "需要Xray作服务器端的Shadowsocks-2022协议"
+
 msgid "Connection Timeout"
 msgstr "连接超时时间"
 
@@ -1273,6 +1279,12 @@ msgstr "启用前置数据"
 msgid "Early data length"
 msgstr "前置数据最大长度"
 
+msgid "Early data header name"
+msgstr "前置数据HTTP头名"
+
+msgid "Recommended value: Sec-WebSocket-Protocol"
+msgstr "推荐值:Sec-WebSocket-Protocol"
+
 msgid "Health check"
 msgstr "健康检查"
 
index 68e66a4..5f1adda 100644 (file)
@@ -48,12 +48,12 @@ config global_rules
        option gfwlist_update '1'
        option geosite_update '0'
        option geoip_update '0'
-       list gfwlist_url 'https://cdn.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt'
+       list gfwlist_url 'https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt'
        list chnroute_url 'https://ispip.clang.cn/all_cn.txt'
        list chnroute6_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
-       list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf'
-       list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf'
-       list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf'
+       list chnlist_url 'https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf'
+       list chnlist_url 'https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf'
+       list chnlist_url 'https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf'
        option v2ray_location_asset '/usr/share/v2ray/'
 
 config global_app
index 192886d..3c61de0 100644 (file)
@@ -1,3 +1,4 @@
+require "luci.sys"\r
 local api = require "luci.model.cbi.passwall.api.api"\r
 \r
 local var = api.get_args(arg)\r
@@ -164,7 +165,8 @@ end
 local dnsmasq_default_dns\r
 \r
 local cache_text = ""\r
-local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6\r
+local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")\r
+local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules\r
 if fs.access(CACHE_TEXT_FILE) then\r
     for line in io.lines(CACHE_TEXT_FILE) do\r
         cache_text = line\r
index 39e0213..6152686 100644 (file)
@@ -1,3 +1,4 @@
+require "luci.sys"\r
 local api = require "luci.model.cbi.passwall.api.api"\r
 \r
 local var = api.get_args(arg)\r
@@ -145,7 +146,8 @@ local function check_excluded_domain(domain)
 end\r
 \r
 local cache_text = ""\r
-local new_text = SMARTDNS_CONF .. LOCAL_GROUP .. REMOTE_GROUP .. REMOTE_FAKEDNS .. TUN_DNS .. PROXY_MODE .. NO_PROXY_IPV6\r
+local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")\r
+local new_text = SMARTDNS_CONF .. LOCAL_GROUP .. REMOTE_GROUP .. REMOTE_FAKEDNS .. TUN_DNS .. PROXY_MODE .. NO_PROXY_IPV6 ..new_rules\r
 if fs.access(CACHE_TEXT_FILE) then\r
     for line in io.lines(CACHE_TEXT_FILE) do\r
         cache_text = line\r
index 40ee666..2784505 100755 (executable)
@@ -26,10 +26,10 @@ local ip6_ipset_pattern = ":-[%x]+%:+[%x]-[%/][%d]+$"
 local domain_pattern = "([%w%-%_]+%.[%w%.%-%_]+)[%/%*]*"
 local excluded_domain = {"apple.com","sina.cn","sina.com.cn","baidu.com","byr.cn","jlike.com","weibo.com","zhongsou.com","youdao.com","sogou.com","so.com","soso.com","aliyun.com","taobao.com","jd.com","qq.com","bing.com"}
 
-local gfwlist_url = ucic:get(name, "@global_rules[0]", "gfwlist_url") or {"https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt"}
+local gfwlist_url = ucic:get(name, "@global_rules[0]", "gfwlist_url") or {"https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt"}
 local chnroute_url = ucic:get(name, "@global_rules[0]", "chnroute_url") or {"https://ispip.clang.cn/all_cn.txt"}
 local chnroute6_url =  ucic:get(name, "@global_rules[0]", "chnroute6_url") or {"https://ispip.clang.cn/all_cn_ipv6.txt"}
-local chnlist_url = ucic:get(name, "@global_rules[0]", "chnlist_url") or {"https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf","https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf","https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf"}
+local chnlist_url = ucic:get(name, "@global_rules[0]", "chnlist_url") or {"https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf","https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf","https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf"}
 local geoip_api =  "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest"
 local geosite_api =  "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest"
 local v2ray_asset_location = ucic:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
@@ -87,6 +87,14 @@ local function line_count(file_path)
        return num;
 end
 
+local function non_file_check(file_path)
+       if nixio.fs.readfile(file_path, 1000) then
+               return nil;
+       else
+               return true;
+       end
+end
+
 --fetch rule
 local function fetch_rule(rule_name,rule_type,url,exclude_domain)
        local sret = 200
@@ -99,7 +107,10 @@ local function fetch_rule(rule_name,rule_type,url,exclude_domain)
        log(rule_name.. " 开始更新...")
        for k,v in ipairs(url) do
                sret_tmp = curl(v, download_file_tmp..k)
-               if sret_tmp == 200 then
+               if sret_tmp == 200 and non_file_check(download_file_tmp..k) then
+                       sret = 0
+                       log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载文件读取出错,请检查网络或下载链接后重试!")
+               elseif sret_tmp == 200 then
                        if rule_name == "gfwlist" then
                                local domains = {}
                                local gfwlist = io.open(download_file_tmp..k, "r")
@@ -152,11 +163,11 @@ local function fetch_rule(rule_name,rule_type,url,exclude_domain)
                                out:close()
 
                        end
-                       os.remove(download_file_tmp..k)                         
                else
                        sret = 0
-                       log(rule_name.. " 第" ..k.. "条规则:" ..v.. "下载失败!")
+                       log(rule_name.. " ç¬¬" ..k.. "æ\9d¡è§\84å\88\99:" ..v.. "ä¸\8b载失败ï¼\8c请æ£\80æ\9f¥ç½\91ç»\9cæ\88\96ä¸\8bè½½é\93¾æ\8e¥å\90\8eé\87\8dè¯\95ï¼\81")
                end
+               os.remove(download_file_tmp..k)
        end
 
        if sret == 200 then
@@ -169,9 +180,7 @@ local function fetch_rule(rule_name,rule_type,url,exclude_domain)
                end
                luci.sys.call("cat " ..unsort_file_tmp.. " | sort -u > "..file_tmp)
                os.remove(unsort_file_tmp)
-       end
 
-       if sret == 200 then
                local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/" ..rule_name.. " | awk '{print $1}')")
                local new_md5 = luci.sys.exec("echo -n $([ -f '" ..file_tmp.. "' ] && md5sum " ..file_tmp.." | awk '{print $1}')")
                if old_md5 ~= new_md5 then
index e7f52c3..8425a41 100755 (executable)
@@ -27,7 +27,7 @@ local has_trojan_plus = api.is_finded("trojan-plus")
 local has_v2ray = api.is_finded("v2ray")
 local has_xray = api.is_finded("xray")
 local has_trojan_go = api.is_finded("trojan-go")
-local allowInsecure_default = true
+local allowInsecure_default = nil
 local ss_aead_type_default = uci:get(appname, "@global_subscribe[0]", "ss_aead_type") or "shadowsocks-libev"
 local trojan_type_default = uci:get(appname, "@global_subscribe[0]", "trojan_type") or "trojan-plus"
 -- 判断是否过滤节点关键字
@@ -555,16 +555,12 @@ local function processData(szType, content, add_mode, add_from)
                                result.address = hostInfo and hostInfo[1] or Info[2]
                        end
                        local peer, sni = nil, ""
-                       local allowInsecure = allowInsecure_default
                        local query = split(Info[2], "?")
                        local params = {}
                        for _, v in pairs(split(query[2], '&')) do
                                local t = split(v, '=')
                                params[string.lower(t[1])] = UrlDecode(t[2])
                        end
-                       if params.allowinsecure then
-                               allowInsecure = params.allowinsecure
-                       end
                        if params.peer then peer = params.peer end
                        sni = params.sni and params.sni or ""
                        if params.ws and params.ws == "1" then
@@ -586,7 +582,16 @@ local function processData(szType, content, add_mode, add_from)
                        end
                        result.tls = '1'
                        result.tls_serverName = peer and peer or sni
-                       result.tls_allowInsecure = allowInsecure and "1" or "0"
+                       if params.allowinsecure then
+                               if params.allowinsecure == "1" or params.allowinsecure == "0" then
+                                       result.tls_allowInsecure = params.allowinsecure
+                               else
+                                       result.tls_allowInsecure = string.lower(params.allowinsecure) == "true" and "1" or "0"
+                               end
+                               log(result.remarks .. ' 使用节点AllowInsecure设定: '.. result.tls_allowInsecure)
+                       else
+                               result.tls_allowInsecure = allowInsecure_default and "1" or "0"
+                       end
                end
                if trojan_type_default == "trojan-plus" and has_trojan_plus then
                        result.type = "Trojan-Plus"
@@ -787,8 +792,11 @@ local function processData(szType, content, add_mode, add_from)
                result.hysteria_auth_type = "string"
                result.hysteria_auth_password = params.auth
                result.tls_serverName = params.peer
-               if params.insecure and params.insecure == "1" then
-                       result.tls_allowInsecure = "1"
+               if params.insecure and (params.insecure == "1" or params.insecure == "0") then
+                       result.tls_allowInsecure = params.insecure
+                       log(result.remarks ..' 使用节点AllowInsecure设定: '.. result.tls_allowInsecure)
+               else
+                       result.tls_allowInsecure = allowInsecure_default and "1" or "0"
                end
                result.hysteria_alpn = params.alpn
                result.hysteria_up_mbps = params.upmbps
@@ -1138,8 +1146,8 @@ local execute = function()
                        local cfgid = value[".name"]
                        local remark = value.remark
                        local url = value.url
-                       if value.allowInsecure and value.allowInsecure ~= "1" then
-                               allowInsecure_default = nil
+                       if value.allowInsecure and value.allowInsecure == "1" then
+                               allowInsecure_default = true
                        end
                        local filter_keyword_mode = value.filter_keyword_mode or "5"
                        if filter_keyword_mode == "0" then
@@ -1180,7 +1188,7 @@ local execute = function()
                        else
                                retry[#retry + 1] = value
                        end
-                       allowInsecure_default = true
+                       allowInsecure_default = nil
                        filter_keyword_mode_default = uci:get(appname, "@global_subscribe[0]", "filter_keyword_mode") or "0"
                        filter_keyword_discard_list_default = uci:get(appname, "@global_subscribe[0]", "filter_discard_list") or {}
                        filter_keyword_keep_list_default = uci:get(appname, "@global_subscribe[0]", "filter_keep_list") or {}