From 5062779dc79091d63929d44b6354e1cbefa2e8f5 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Sat, 18 Mar 2023 23:13:26 +0800 Subject: [PATCH 1/7] v2raya: Update to 2.0.4 - Added TproxyNotSkipBr flag for OpenWrt. - Removed all upstreamed patches. - Removed deprecated option. - Re-enable ipv6/nftables auto-detect. Signed-off-by: Tianling Shen --- net/v2raya/Makefile | 12 +- net/v2raya/files/v2raya.config | 8 +- net/v2raya/files/v2raya.init | 5 +- ...-interface-ppp-to-avoid-to-break-net.patch | 38 -- ...ad-from-vless-sharing-link-and-add-m.patch | 105 --- ...that-supervisor-cannot-exit-normally.patch | 100 --- ...ected-exit-does-not-apply-stop-steps.patch | 52 -- .../017-optimize-reduce-disk-writes.patch | 336 ---------- ...x-do-not-rollback-closed-transaction.patch | 27 - net/v2raya/patches/019-fix-simple-obfs.patch | 88 --- .../020-feat-add-nftables-support.patch | 624 ------------------ 11 files changed, 11 insertions(+), 1384 deletions(-) delete mode 100644 net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch delete mode 100644 net/v2raya/patches/014-fix-seed-cannot-be-read-from-vless-sharing-link-and-add-m.patch delete mode 100644 net/v2raya/patches/015-fix-a-problem-that-supervisor-cannot-exit-normally.patch delete mode 100644 net/v2raya/patches/016-fix-unexpected-exit-does-not-apply-stop-steps.patch delete mode 100644 net/v2raya/patches/017-optimize-reduce-disk-writes.patch delete mode 100644 net/v2raya/patches/018-fix-do-not-rollback-closed-transaction.patch delete mode 100644 net/v2raya/patches/019-fix-simple-obfs.patch delete mode 100644 net/v2raya/patches/020-feat-add-nftables-support.patch diff --git a/net/v2raya/Makefile b/net/v2raya/Makefile index 3787374c4..9bb77c928 100644 --- a/net/v2raya/Makefile +++ b/net/v2raya/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=v2rayA -PKG_VERSION:=1.5.9.1698.1 -PKG_RELEASE:=4 +PKG_VERSION:=2.0.4 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=247a357230c616bf48309c61d119686e4ad56939c05afef584c45051e9dc6220 +PKG_HASH:=fb0c60d95cd208e3306cf9c5488f41fe7cf6697d58dc377e5e7d471e37ce9060 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service PKG_LICENSE:=AGPL-3.0-only @@ -22,7 +22,9 @@ PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 GO_PKG:=github.com/v2rayA/v2rayA -GO_PKG_LDFLAGS_X:=$(GO_PKG)/conf.Version=$(PKG_VERSION) +GO_PKG_LDFLAGS_X:= \ + $(GO_PKG)/conf.Version=$(PKG_VERSION) \ + $(GO_PKG)/core/iptables.TproxyNotSkipBr=true include $(INCLUDE_DIR)/package.mk include ../../lang/golang/golang-package.mk @@ -57,7 +59,7 @@ define Download/v2raya-web URL:=https://codeload.github.com/v2rayA/v2raya-web/tar.gz/v$(PKG_VERSION)? URL_FILE:=$(WEB_FILE) FILE:=$(WEB_FILE) - HASH:=149097a42c3e5fa6f5c3cd46d1bf7ec4546e79ad37c1446b759539e700bd75e2 + HASH:=39eacb70753b309a0f44ede282ad01b5c6a13d51bed72d0f5563574de9bea0b7 endef define Build/Prepare diff --git a/net/v2raya/files/v2raya.config b/net/v2raya/files/v2raya.config index 131131cf8..8ebf318cd 100644 --- a/net/v2raya/files/v2raya.config +++ b/net/v2raya/files/v2raya.config @@ -10,11 +10,11 @@ config v2raya 'config' # Make sure your IPv6 network works fine before you turn it on. # Optional values: auto, on, off. - option ipv6_support 'on' + option ipv6_support 'auto' # Experimental feature. Make sure you have installed nftables. # Optional values: auto, on, off. - option nftables_support 'on' + option nftables_support 'auto' # Optional values: trace, debug, info, warn or error option log_level 'info' @@ -48,7 +48,3 @@ config v2raya 'config' # v2rayA will pass in the --stage (pre-start, post-start, pre-stop, post-stop) argument. option plugin_manager '' - # Specify the certification path instead of automatically generating a self-signed certificate. - # Example: /etc/v2raya/grpc_certificate.crt,/etc/v2raya/grpc_private.key - option vless_grpc_inbound_cert_key '' - diff --git a/net/v2raya/files/v2raya.init b/net/v2raya/files/v2raya.init index 2b77fa5dc..b4a719613 100755 --- a/net/v2raya/files/v2raya.init +++ b/net/v2raya/files/v2raya.init @@ -42,8 +42,8 @@ start_service() { append_env_arg "config" "address" "0.0.0.0:2017" append_env_arg "config" "config" "/etc/v2raya" - append_env_arg "config" "ipv6_support" "on" - append_env_arg "config" "nftables_support" "on" + append_env_arg "config" "ipv6_support" "auto" + append_env_arg "config" "nftables_support" "auto" append_env_arg "config" "log_level" "info" append_env_arg "config" "log_file" "/var/log/v2raya/v2raya.log" append_env_arg "config" "log_max_days" "3" @@ -52,7 +52,6 @@ start_service() { append_env_arg "config" "transparent_hook" append_env_arg "config" "core_hook" append_env_arg "config" "plugin_manager" - append_env_arg "config" "vless_grpc_inbound_cert_key" append_env_bool "config" "log_disable_color" append_env_bool "config" "log_disable_timestamp" diff --git a/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch b/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch deleted file mode 100644 index 5de1a86aa..000000000 --- a/net/v2raya/patches/013-fix-we-should-skip-interface-ppp-to-avoid-to-break-net.patch +++ /dev/null @@ -1,38 +0,0 @@ -From ca6a05273284daa04856a840e64f3936f700b7c3 Mon Sep 17 00:00:00 2001 -From: mzz2017 -Date: Fri, 16 Sep 2022 15:13:11 +0800 -Subject: [PATCH] fix: we should skip interface ppp+ to avoid to break net - ---- - service/core/iptables/tproxy.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - ---- a/core/iptables/tproxy.go -+++ b/core/iptables/tproxy.go -@@ -16,7 +16,7 @@ var Tproxy tproxy - func (t *tproxy) AddIPWhitelist(cidr string) { - // avoid duplication - t.RemoveIPWhitelist(cidr) -- pos := 5 -+ pos := 7 - if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { - pos += 3 - } -@@ -67,6 +67,8 @@ iptables -w 2 -t mangle -A TP_RULE -j CO - iptables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN - iptables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - iptables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN -+iptables -w 2 -t mangle -A TP_RULE -i ppp+ -j RETURN -+iptables -w 2 -t mangle -A TP_RULE -i dn42-+ -j RETURN - ` - if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { - commands += ` -@@ -125,6 +127,8 @@ ip6tables -w 2 -t mangle -A TP_RULE -j C - ip6tables -w 2 -t mangle -A TP_RULE -m mark --mark 0x40/0xc0 -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i docker+ -j RETURN - ip6tables -w 2 -t mangle -A TP_RULE -i veth+ -j RETURN -+ip6tables -w 2 -t mangle -A TP_RULE -i ppp+ -j RETURN -+ip6tables -w 2 -t mangle -A TP_RULE -i dn42-+ -j RETURN - ` - if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { - commands += ` diff --git a/net/v2raya/patches/014-fix-seed-cannot-be-read-from-vless-sharing-link-and-add-m.patch b/net/v2raya/patches/014-fix-seed-cannot-be-read-from-vless-sharing-link-and-add-m.patch deleted file mode 100644 index ba5030624..000000000 --- a/net/v2raya/patches/014-fix-seed-cannot-be-read-from-vless-sharing-link-and-add-m.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 5db722b22b39642280572a62b149d4e1efa21ce3 Mon Sep 17 00:00:00 2001 -From: mzz2017 -Date: Mon, 8 Aug 2022 22:30:36 +0800 -Subject: [PATCH] fix: seed cannot be read from vless sharing-link and add - missing sni field. #616 - ---- - service/core/serverObj/v2ray.go | 24 +++++++++++------------- - 1 file changed, 11 insertions(+), 13 deletions(-) - ---- a/core/serverObj/v2ray.go -+++ b/core/serverObj/v2ray.go -@@ -12,7 +12,6 @@ import ( - "time" - - jsoniter "github.com/json-iterator/go" -- "github.com/tidwall/gjson" - "github.com/v2rayA/v2rayA/common" - "github.com/v2rayA/v2rayA/core/coreObj" - "github.com/v2rayA/v2rayA/core/v2ray/service" -@@ -39,6 +38,7 @@ type V2Ray struct { - Net string `json:"net"` - Type string `json:"type"` - Host string `json:"host"` -+ SNI string `json:"sni"` - Path string `json:"path"` - TLS string `json:"tls"` - Flow string `json:"flow,omitempty"` -@@ -69,7 +69,8 @@ func ParseVlessURL(vless string) (data * - ID: u.User.String(), - Net: u.Query().Get("type"), - Type: u.Query().Get("headerType"), -- Host: u.Query().Get("sni"), -+ Host: u.Query().Get("host"), -+ SNI: u.Query().Get("sni"), - Path: u.Query().Get("path"), - TLS: u.Query().Get("security"), - Flow: u.Query().Get("flow"), -@@ -86,16 +87,13 @@ func ParseVlessURL(vless string) (data * - if data.Type == "" { - data.Type = "none" - } -- if data.Host == "" { -- data.Host = u.Query().Get("host") -- } - if data.TLS == "" { - data.TLS = "none" - } - if data.Flow == "" { - data.Flow = "xtls-rprx-direct" - } -- if data.Type == "mkcp" || data.Type == "kcp" { -+ if data.Net == "mkcp" || data.Net == "kcp" { - data.Path = u.Query().Get("seed") - } - return data, nil -@@ -145,6 +143,7 @@ func ParseVmessURL(vmess string) (data * - if aid == "" { - aid = q.Get("aid") - } -+ sni := q.Get("sni") - info = V2Ray{ - ID: subMatch[1], - Add: subMatch[2], -@@ -152,6 +151,7 @@ func ParseVmessURL(vmess string) (data * - Ps: ps, - Host: obfsParam, - Path: path, -+ SNI: sni, - Net: obfs, - Aid: aid, - TLS: map[string]string{"1": "tls"}[q.Get("tls")], -@@ -165,12 +165,6 @@ func ParseVmessURL(vmess string) (data * - if err != nil { - return - } -- if info.Host == "" { -- sni := gjson.Get(raw, "sni") -- if sni.Exists() { -- info.Host = sni.String() -- } -- } - } - // correct the wrong vmess as much as possible - if strings.HasPrefix(info.Host, "/") && info.Path == "" { -@@ -328,7 +322,9 @@ func (v *V2Ray) Configuration(info Prior - core.StreamSettings.TLSSettings.AllowInsecure = true - } - // SNI -- if v.Host != "" { -+ if v.SNI != "" { -+ core.StreamSettings.TLSSettings.ServerName = v.SNI -+ } else if v.Host != "" { - core.StreamSettings.TLSSettings.ServerName = v.Host - } - // Alpn -@@ -345,6 +341,8 @@ func (v *V2Ray) Configuration(info Prior - // SNI - if v.Host != "" { - core.StreamSettings.XTLSSettings.ServerName = v.Host -+ } else if v.Host != "" { -+ core.StreamSettings.TLSSettings.ServerName = v.Host - } - if v.AllowInsecure { - core.StreamSettings.XTLSSettings.AllowInsecure = true diff --git a/net/v2raya/patches/015-fix-a-problem-that-supervisor-cannot-exit-normally.patch b/net/v2raya/patches/015-fix-a-problem-that-supervisor-cannot-exit-normally.patch deleted file mode 100644 index 5447dc0f9..000000000 --- a/net/v2raya/patches/015-fix-a-problem-that-supervisor-cannot-exit-normally.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 3f78422f81f3abc2668fc3938b31d213bfe4dfff Mon Sep 17 00:00:00 2001 -From: mzz2017 -Date: Sun, 28 Aug 2022 17:54:36 +0800 -Subject: [PATCH] fix: a problem that supervisor cannot exit normally - ---- - service/core/specialMode/infra/handle.go | 11 ++++++---- - service/core/specialMode/infra/supervisor.go | 22 ++++++++------------ - 2 files changed, 16 insertions(+), 17 deletions(-) - ---- a/core/specialMode/infra/handle.go -+++ b/core/specialMode/infra/handle.go -@@ -127,10 +127,13 @@ func (interfaceHandle *handle) handleRec - return results, msg - } - --func packetFilter(portCache *portCache, pPacket *gopacket.Packet, whitelistDnsServers *v2router.GeoIPMatcher) (m *dnsmessage.Message, pSAddr, pSPort, pDAddr, pDPort *gopacket.Endpoint) { -- packet := *pPacket -- trans := packet.TransportLayer() -+func packetFilter(portCache *portCache, packet gopacket.Packet, whitelistDnsServers *v2router.GeoIPMatcher) (m *dnsmessage.Message, pSAddr, pSPort, pDAddr, pDPort *gopacket.Endpoint) { -+ //跳过非网络层的包 -+ if packet.NetworkLayer() == nil { -+ return -+ } - //跳过非传输层的包 -+ trans := packet.TransportLayer() - if trans == nil { - return - } -@@ -180,7 +183,7 @@ func packetFilter(portCache *portCache, - } - - func (interfaceHandle *handle) handlePacket(packet gopacket.Packet, ifname string, whitelistDnsServers *v2router.GeoIPMatcher, whitelistDomains *strmatcher.MatcherGroup) { -- m, sAddr, sPort, dAddr, dPort := packetFilter(interfaceHandle.portCache, &packet, whitelistDnsServers) -+ m, sAddr, sPort, dAddr, dPort := packetFilter(interfaceHandle.portCache, packet, whitelistDnsServers) - if m == nil { - return - } ---- a/core/specialMode/infra/supervisor.go -+++ b/core/specialMode/infra/supervisor.go -@@ -9,7 +9,6 @@ import ( - v2router "github.com/v2rayA/v2ray-lib/router" - "github.com/v2rayA/v2rayA/pkg/util/log" - "sync" -- "time" - ) - - type DnsSupervisor struct { -@@ -70,7 +69,7 @@ func (d *DnsSupervisor) DeleteHandles(if - } - close(d.handles[ifname].done) - delete(d.handles, ifname) -- log.Trace("DnsSupervisor:%v closed", ifname) -+ log.Trace("DnsSupervisor:%v deleted", ifname) - return - } - -@@ -81,28 +80,24 @@ func (d *DnsSupervisor) Run(ifname strin - d.inner.Lock() - handle, ok := d.handles[ifname] - if !ok { -+ d.inner.Unlock() - return fmt.Errorf("Run: %v not exsits", ifname) - } - if handle.running { -+ d.inner.Unlock() - return fmt.Errorf("Run: %v is running", ifname) - } - handle.running = true - log.Trace("[DnsSupervisor] " + ifname + ": running") -- pkgsrc := gopacket.NewPacketSource(handle, layers.LayerTypeEthernet) -+ // we only decode UDP packets -+ pkgsrc := gopacket.NewPacketSource(handle, layers.LayerTypeDNS) - pkgsrc.NoCopy = true -+ //pkgsrc.Lazy = true - d.inner.Unlock() - packets := pkgsrc.Packets() - go func() { -- for { -- //心跳包,防止内存泄漏 -- packets <- gopacket.NewPacket(nil, layers.LinkTypeEthernet, gopacket.DecodeOptions{}) -- select { -- case <-handle.done: -- return -- default: -- time.Sleep(2 * time.Second) -- } -- } -+ <-handle.done -+ packets <- gopacket.NewPacket(nil, layers.LinkTypeEthernet, pkgsrc.DecodeOptions) - }() - out: - for packet := range packets { -@@ -113,5 +108,6 @@ out: - } - go handle.handlePacket(packet, ifname, whitelistDnsServers, whitelistDomains) - } -+ log.Trace("DnsSupervisor:%v closed", ifname) - return - } diff --git a/net/v2raya/patches/016-fix-unexpected-exit-does-not-apply-stop-steps.patch b/net/v2raya/patches/016-fix-unexpected-exit-does-not-apply-stop-steps.patch deleted file mode 100644 index a945dbdeb..000000000 --- a/net/v2raya/patches/016-fix-unexpected-exit-does-not-apply-stop-steps.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 153b72ed623876ad73b731c2ec2344e9057d3c35 Mon Sep 17 00:00:00 2001 -From: mzz2017 -Date: Wed, 21 Sep 2022 16:50:24 +0800 -Subject: [PATCH] fix: unexpected exit does not apply stop steps - ---- - service/core/v2ray/process.go | 4 ++-- - service/core/v2ray/processManager.go | 8 +++----- - 2 files changed, 5 insertions(+), 7 deletions(-) - ---- a/core/v2ray/process.go -+++ b/core/v2ray/process.go -@@ -35,7 +35,7 @@ type Process struct { - tag2WhichIndex map[string]int - } - --func NewProcess(tmpl *Template, prestart func() error, poststart func() error) (process *Process, err error) { -+func NewProcess(tmpl *Template, prestart func() error, poststart func() error, stopfunc func(p *Process)) (process *Process, err error) { - process = &Process{ - template: tmpl, - } -@@ -111,7 +111,7 @@ func NewProcess(tmpl *Template, prestart - // canceled by v2rayA - return - } -- defer ProcessManager.Stop(false) -+ defer stopfunc(process) - var t []string - if p != nil { - if p.Success() { ---- a/core/v2ray/processManager.go -+++ b/core/v2ray/processManager.go -@@ -245,16 +245,14 @@ func (m *CoreProcessManager) Start(t *Te - return m.beforeStart(t) - }, func() error { - return m.afterStart(t) -+ }, func(p *Process) { -+ m.p = p -+ ProcessManager.Stop(false) - }) - if err != nil { - return err - } - m.p = process -- defer func() { -- if err != nil { -- m.stop(true) -- } -- }() - - configure.SetRunning(true) - return nil diff --git a/net/v2raya/patches/017-optimize-reduce-disk-writes.patch b/net/v2raya/patches/017-optimize-reduce-disk-writes.patch deleted file mode 100644 index 5437570c9..000000000 --- a/net/v2raya/patches/017-optimize-reduce-disk-writes.patch +++ /dev/null @@ -1,336 +0,0 @@ -From 00366b224b2e28861b80f677e8aa604c5d08dae3 Mon Sep 17 00:00:00 2001 -From: Kelo -Date: Sat, 29 Oct 2022 16:27:26 +0800 -Subject: [PATCH] optimize: reduce disk writes - ---- - service/db/boltdb.go | 43 +++++++++++++++++++++++++++++++---- - service/db/listOp.go | 48 +++++++++++++++++++++------------------ - service/db/plainOp.go | 52 ++++++++++++++++++++++++------------------- - service/db/setOp.go | 20 +++++++++-------- - 4 files changed, 105 insertions(+), 58 deletions(-) - ---- a/db/boltdb.go -+++ b/db/boltdb.go -@@ -1,13 +1,14 @@ - package db - - import ( -- "go.etcd.io/bbolt" -- "github.com/v2rayA/v2rayA/conf" -- "github.com/v2rayA/v2rayA/pkg/util/copyfile" -- "github.com/v2rayA/v2rayA/pkg/util/log" - "os" - "path/filepath" - "sync" -+ -+ "github.com/v2rayA/v2rayA/conf" -+ "github.com/v2rayA/v2rayA/pkg/util/copyfile" -+ "github.com/v2rayA/v2rayA/pkg/util/log" -+ "go.etcd.io/bbolt" - ) - - var once sync.Once -@@ -46,3 +47,37 @@ func DB() *bbolt.DB { - once.Do(initDB) - return db - } -+ -+// The function should return a dirty flag. -+// If the dirty flag is true and there is no error then the transaction is commited. -+// Otherwise, the transaction is rolled back. -+func Transaction(db *bbolt.DB, fn func(*bbolt.Tx) (bool, error)) error { -+ tx, err := db.Begin(true) -+ if err != nil { -+ return err -+ } -+ defer tx.Rollback() -+ dirty, err := fn(tx) -+ if err != nil { -+ _ = tx.Rollback() -+ return err -+ } -+ if !dirty { -+ return nil -+ } -+ return tx.Commit() -+} -+ -+// If the bucket does not exist, the dirty flag is setted -+func CreateBucketIfNotExists(tx *bbolt.Tx, name []byte, dirty *bool) (*bbolt.Bucket, error) { -+ bkt := tx.Bucket(name) -+ if bkt != nil { -+ return bkt, nil -+ } -+ bkt, err := tx.CreateBucket(name) -+ if err != nil { -+ return nil, err -+ } -+ *dirty = true -+ return bkt, nil -+} ---- a/db/listOp.go -+++ b/db/listOp.go -@@ -2,13 +2,14 @@ package db - - import ( - "fmt" -- "go.etcd.io/bbolt" -- jsoniter "github.com/json-iterator/go" -- "github.com/tidwall/gjson" -- "github.com/tidwall/sjson" - "reflect" - "sort" - "strconv" -+ -+ jsoniter "github.com/json-iterator/go" -+ "github.com/tidwall/gjson" -+ "github.com/tidwall/sjson" -+ "go.etcd.io/bbolt" - ) - - func ListSet(bucket string, key string, index int, val interface{}) (err error) { -@@ -31,20 +32,21 @@ func ListSet(bucket string, key string, - } - - func ListGet(bucket string, key string, index int) (b []byte, err error) { -- err = DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ err = Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - v := bkt.Get([]byte(key)) - if v == nil { -- return fmt.Errorf("ListGet: can't get element from an empty list") -+ return dirty, fmt.Errorf("ListGet: can't get element from an empty list") - } - r := gjson.GetBytes(v, strconv.Itoa(index)) - if r.Exists() { - b = []byte(r.Raw) -- return nil -+ return dirty, nil - } else { -- return fmt.Errorf("ListGet: no such element") -+ return dirty, fmt.Errorf("ListGet: no such element") - } - } - }) -@@ -79,24 +81,25 @@ func ListAppend(bucket string, key strin - } - - func ListGetAll(bucket string, key string) (list [][]byte, err error) { -- err = DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ err = Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - b := bkt.Get([]byte(key)) - if b == nil { -- return nil -+ return dirty, nil - } - parsed := gjson.ParseBytes(b) - if !parsed.IsArray() { -- return fmt.Errorf("ListGetAll: is not array") -+ return dirty, fmt.Errorf("ListGetAll: is not array") - } - results := parsed.Array() - for _, r := range results { - list = append(list, []byte(r.Raw)) - } - } -- return nil -+ return dirty, nil - }) - return list, err - } -@@ -143,21 +146,22 @@ func ListRemove(bucket, key string, inde - } - - func ListLen(bucket string, key string) (length int, err error) { -- err = DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ err = Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - b := bkt.Get([]byte(key)) - if b == nil { -- return nil -+ return dirty, nil - } - parsed := gjson.ParseBytes(b) - if !parsed.IsArray() { -- return fmt.Errorf("ListLen: is not array") -+ return dirty, fmt.Errorf("ListLen: is not array") - } - length = len(parsed.Array()) - } -- return nil -+ return dirty, nil - }) - return length, err - } ---- a/db/plainOp.go -+++ b/db/plainOp.go -@@ -2,50 +2,54 @@ package db - - import ( - "fmt" -- "go.etcd.io/bbolt" -+ - jsoniter "github.com/json-iterator/go" - "github.com/v2rayA/v2rayA/common" - "github.com/v2rayA/v2rayA/pkg/util/log" -+ "go.etcd.io/bbolt" - ) - - func Get(bucket string, key string, val interface{}) (err error) { -- return DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ return Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - if v := bkt.Get([]byte(key)); v == nil { -- return fmt.Errorf("Get: key is not found") -+ return dirty, fmt.Errorf("Get: key is not found") - } else { -- return jsoniter.Unmarshal(v, val) -+ return dirty, jsoniter.Unmarshal(v, val) - } - } - }) - } - - func GetRaw(bucket string, key string) (b []byte, err error) { -- err = DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ err = Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - v := bkt.Get([]byte(key)) - if v == nil { -- return fmt.Errorf("GetRaw: key is not found") -+ return dirty, fmt.Errorf("GetRaw: key is not found") - } - b = common.BytesCopy(v) -- return nil -+ return dirty, nil - } - }) - return b, err - } - - func Exists(bucket string, key string) (exists bool) { -- if err := DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ if err := Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - v := bkt.Get([]byte(key)) - exists = v != nil -- return nil -+ return dirty, nil - } - }); err != nil { - log.Warn("%v", err) -@@ -55,23 +59,25 @@ func Exists(bucket string, key string) ( - } - - func GetBucketLen(bucket string) (length int, err error) { -- err = DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ err = Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - length = bkt.Stats().KeyN - } -- return nil -+ return dirty, nil - }) - return length, err - } - - func GetBucketKeys(bucket string) (keys []string, err error) { -- err = DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ err = Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { -- return bkt.ForEach(func(k, v []byte) error { -+ return dirty, bkt.ForEach(func(k, v []byte) error { - keys = append(keys, string(k)) - return nil - }) ---- a/db/setOp.go -+++ b/db/setOp.go -@@ -4,8 +4,9 @@ import ( - "bytes" - "crypto/sha256" - "encoding/gob" -- "go.etcd.io/bbolt" -+ - "github.com/v2rayA/v2rayA/common" -+ "go.etcd.io/bbolt" - ) - - type set map[[32]byte]interface{} -@@ -28,26 +29,27 @@ func toSha256(val interface{}) (hash [32 - } - - func setOp(bucket string, key string, f func(m set) (readonly bool, err error)) (err error) { -- return DB().Update(func(tx *bbolt.Tx) error { -- if bkt, err := tx.CreateBucketIfNotExists([]byte(bucket)); err != nil { -- return err -+ return Transaction(DB(), func(tx *bbolt.Tx) (bool, error) { -+ dirty := false -+ if bkt, err := CreateBucketIfNotExists(tx, []byte(bucket), &dirty); err != nil { -+ return dirty, err - } else { - var m set - v := bkt.Get([]byte(key)) - if v == nil { - m = make(set) - } else if err := gob.NewDecoder(bytes.NewReader(v)).Decode(&m); err != nil { -- return err -+ return dirty, err - } - if readonly, err := f(m); err != nil { -- return err -+ return dirty, err - } else if readonly { -- return nil -+ return dirty, nil - } - if b, err := common.ToBytes(m); err != nil { -- return err -+ return dirty, err - } else { -- return bkt.Put([]byte(key), b) -+ return true, bkt.Put([]byte(key), b) - } - } - }) diff --git a/net/v2raya/patches/018-fix-do-not-rollback-closed-transaction.patch b/net/v2raya/patches/018-fix-do-not-rollback-closed-transaction.patch deleted file mode 100644 index b9815f459..000000000 --- a/net/v2raya/patches/018-fix-do-not-rollback-closed-transaction.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 451912074ba1ba4000c66874876bc0a6b64cb5da Mon Sep 17 00:00:00 2001 -From: Kelo -Date: Sun, 30 Oct 2022 16:49:22 +0800 -Subject: [PATCH] fix: do not rollback closed transaction - ---- - service/db/boltdb.go | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - ---- a/db/boltdb.go -+++ b/db/boltdb.go -@@ -56,14 +56,13 @@ func Transaction(db *bbolt.DB, fn func(* - if err != nil { - return err - } -- defer tx.Rollback() - dirty, err := fn(tx) - if err != nil { - _ = tx.Rollback() - return err - } - if !dirty { -- return nil -+ return tx.Rollback() - } - return tx.Commit() - } diff --git a/net/v2raya/patches/019-fix-simple-obfs.patch b/net/v2raya/patches/019-fix-simple-obfs.patch deleted file mode 100644 index e76b49cc8..000000000 --- a/net/v2raya/patches/019-fix-simple-obfs.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 58a6cf270e43ec3eaeef7d1c65de76278dd6d349 Mon Sep 17 00:00:00 2001 -From: mzz2017 <2017@duck.com> -Date: Mon, 13 Feb 2023 14:42:07 +0800 -Subject: [PATCH] fix: simple-obfs - ---- - service/pkg/plugin/simpleobfs/http.go | 8 +++++++- - service/pkg/plugin/simpleobfs/tls.go | 7 +++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) - ---- a/pkg/plugin/simpleobfs/http.go -+++ b/pkg/plugin/simpleobfs/http.go -@@ -12,6 +12,7 @@ import ( - "net" - "net/http" - "strings" -+ "sync" - ) - - // HTTPObfs is shadowsocks http simple-obfs implementation -@@ -24,9 +25,13 @@ type HTTPObfs struct { - offset int - firstRequest bool - firstResponse bool -+ rMu sync.Mutex -+ wMu sync.Mutex - } - - func (ho *HTTPObfs) Read(b []byte) (int, error) { -+ ho.rMu.Lock() -+ defer ho.rMu.Unlock() - if ho.buf != nil { - n := copy(b, ho.buf[ho.offset:]) - ho.offset += n -@@ -64,6 +69,8 @@ func (ho *HTTPObfs) Read(b []byte) (int, - } - - func (ho *HTTPObfs) Write(b []byte) (int, error) { -+ ho.wMu.Lock() -+ defer ho.wMu.Unlock() - if ho.firstRequest { - randBytes := make([]byte, 16) - rand.Read(randBytes) -@@ -71,7 +78,6 @@ func (ho *HTTPObfs) Write(b []byte) (int - req.Header.Set("User-Agent", fmt.Sprintf("curl/7.%d.%d", rand.Int()%54, rand.Int()%2)) - req.Header.Set("Upgrade", "websocket") - req.Header.Set("Connection", "Upgrade") -- req.Host = ho.host - if ho.port != "80" { - req.Host = fmt.Sprintf("%s:%s", ho.host, ho.port) - } ---- a/pkg/plugin/simpleobfs/tls.go -+++ b/pkg/plugin/simpleobfs/tls.go -@@ -8,6 +8,7 @@ import ( - "io" - "math/rand" - "net" -+ "sync" - "time" - ) - -@@ -26,6 +27,8 @@ type TLSObfs struct { - remain int - firstRequest bool - firstResponse bool -+ rMu sync.Mutex -+ wMu sync.Mutex - } - - func (to *TLSObfs) read(b []byte, discardN int) (int, error) { -@@ -54,6 +57,8 @@ func (to *TLSObfs) read(b []byte, discar - } - - func (to *TLSObfs) Read(b []byte) (int, error) { -+ to.rMu.Lock() -+ defer to.rMu.Unlock() - if to.remain > 0 { - length := to.remain - if length > len(b) { -@@ -77,6 +82,8 @@ func (to *TLSObfs) Read(b []byte) (int, - return to.read(b, 3) - } - func (to *TLSObfs) Write(b []byte) (int, error) { -+ to.wMu.Lock() -+ defer to.wMu.Unlock() - length := len(b) - for i := 0; i < length; i += chunkSize { - end := i + chunkSize diff --git a/net/v2raya/patches/020-feat-add-nftables-support.patch b/net/v2raya/patches/020-feat-add-nftables-support.patch deleted file mode 100644 index 50ef49b9c..000000000 --- a/net/v2raya/patches/020-feat-add-nftables-support.patch +++ /dev/null @@ -1,624 +0,0 @@ -From d10cf52839e848870df0ea852d9a818ac03e7aa3 Mon Sep 17 00:00:00 2001 -From: cubercsl <2014cais01@gmail.com> -Date: Thu, 19 Jan 2023 16:43:30 +0800 -Subject: [PATCH 1/5] feat: add nftables support - -fix: use iptables-nft if nftables-support is on -fix: save nft to V2RAYA_CONFIG -fix: tproxy for ipv6 -chore: small change in table format ---- - service/conf/environmentConfig.go | 1 + - service/core/iptables/dropSpoofing.go | 4 +- - service/core/iptables/iptables.go | 7 +- - service/core/iptables/redirect.go | 142 +++++++++++++++++-- - service/core/iptables/tproxy.go | 195 +++++++++++++++++++++++++- - service/core/iptables/utils.go | 23 ++- - service/core/iptables/watcher.go | 1 + - service/core/v2ray/asset/asset.go | 17 ++- - service/core/v2ray/transparent.go | 9 +- - 9 files changed, 367 insertions(+), 32 deletions(-) - ---- a/conf/environmentConfig.go -+++ b/conf/environmentConfig.go -@@ -24,6 +24,7 @@ type Params struct { - WebDir string `id:"webdir" desc:"v2rayA web files directory. use embedded files if not specify."` - VlessGrpcInboundCertKey []string `id:"vless-grpc-inbound-cert-key" desc:"Specify the certification path instead of automatically generating a self-signed certificate. Example: /etc/v2raya/grpc_certificate.crt,/etc/v2raya/grpc_private.key"` - IPV6Support string `id:"ipv6-support" default:"auto" desc:"Optional values: auto, on, off. Make sure your IPv6 network works fine before you turn it on."` -+ NFTablesSupport string `id:"nftables-support" default:"off" desc:"Optional values: auto, on, off. Experimental feature. Make sure you have installed nftables."` - PassCheckRoot bool `desc:"Skip privilege checking. Use it only when you cannot start v2raya but confirm you have root privilege"` - ResetPassword bool `id:"reset-password"` - LogLevel string `id:"log-level" default:"info" desc:"Optional values: trace, debug, info, warn or error"` ---- a/core/iptables/dropSpoofing.go -+++ b/core/iptables/dropSpoofing.go -@@ -34,7 +34,7 @@ ip6tables -w 2 -I FORWARD -j DROP_SPOOFI - ` - } - return Setter{ -- Cmds: commands, -+ Cmds: commands, - } - } - -@@ -54,6 +54,6 @@ ip6tables -w 2 -X DROP_SPOOFING - ` - } - return Setter{ -- Cmds: commands, -+ Cmds: commands, - } - } ---- a/core/iptables/iptables.go -+++ b/core/iptables/iptables.go -@@ -1,11 +1,12 @@ - package iptables - - import ( -- "github.com/v2rayA/v2rayA/common" -- "github.com/v2rayA/v2rayA/common/cmds" - "strings" - "sync" - "time" -+ -+ "github.com/v2rayA/v2rayA/common" -+ "github.com/v2rayA/v2rayA/common/cmds" - ) - - // http://briteming.hatenablog.com/entry/2019/06/18/175518 -@@ -56,6 +57,10 @@ func (c Setter) Run(stopAtError bool) er - if common.IsDocker() { - commands = strings.ReplaceAll(commands, "iptables", "iptables-legacy") - commands = strings.ReplaceAll(commands, "ip6tables", "ip6tables-legacy") -+ } else if (!cmds.IsCommandValid("iptables") || IsNFTablesSupported()) && -+ cmds.IsCommandValid("iptables-nft") { -+ commands = strings.ReplaceAll(commands, "iptables", "iptables-nft") -+ commands = strings.ReplaceAll(commands, "ip6tables", "ip6tables-nft") - } - var errs []error - if c.PreFunc != nil { ---- a/core/iptables/redirect.go -+++ b/core/iptables/redirect.go -@@ -2,15 +2,34 @@ package iptables - - import ( - "fmt" -- "github.com/v2rayA/v2rayA/common/cmds" -+ "os" - "strings" -+ -+ "github.com/v2rayA/v2rayA/common/cmds" -+ "github.com/v2rayA/v2rayA/core/v2ray/asset" - ) - --type redirect struct{} -+type redirect interface { -+ AddIPWhitelist(cidr string) -+ RemoveIPWhitelist(cidr string) -+ GetSetupCommands() Setter -+ GetCleanCommands() Setter -+} -+ -+type legacyRedirect struct{} -+type nftRedirect struct{} - - var Redirect redirect - --func (r *redirect) AddIPWhitelist(cidr string) { -+func init() { -+ if IsNFTablesSupported() { -+ Redirect = &nftRedirect{} -+ } else { -+ Redirect = &legacyRedirect{} -+ } -+} -+ -+func (r *legacyRedirect) AddIPWhitelist(cidr string) { - // avoid duplication - r.RemoveIPWhitelist(cidr) - var commands string -@@ -22,13 +41,13 @@ func (r *redirect) AddIPWhitelist(cidr s - cmds.ExecCommands(commands, false) - } - --func (r *redirect) RemoveIPWhitelist(cidr string) { -+func (r *legacyRedirect) RemoveIPWhitelist(cidr string) { - var commands string - commands = fmt.Sprintf(`iptables -w 2 -t mangle -D TP_RULE -d %s -j RETURN`, cidr) - cmds.ExecCommands(commands, false) - } - --func (r *redirect) GetSetupCommands() Setter { -+func (r *legacyRedirect) GetSetupCommands() Setter { - commands := ` - iptables -w 2 -t nat -N TP_OUT - iptables -w 2 -t nat -N TP_PRE -@@ -84,11 +103,11 @@ ip6tables -w 2 -t nat -A TP_OUT -j TP_RU - ` - } - return Setter{ -- Cmds: commands, -+ Cmds: commands, - } - } - --func (r *redirect) GetCleanCommands() Setter { -+func (r *legacyRedirect) GetCleanCommands() Setter { - commands := ` - iptables -w 2 -t nat -F TP_OUT - iptables -w 2 -t nat -D OUTPUT -p tcp -j TP_OUT -@@ -112,6 +131,113 @@ ip6tables -w 2 -t nat -X TP_RULE - ` - } - return Setter{ -- Cmds: commands, -+ Cmds: commands, -+ } -+} -+ -+func (t *nftRedirect) AddIPWhitelist(cidr string) { -+ command := fmt.Sprintf("nft add element inet v2raya interface { %s }", cidr) -+ if !strings.Contains(cidr, ".") { -+ command = strings.Replace(command, "interface", "interface6", 1) -+ } -+ cmds.ExecCommands(command, false) -+} -+ -+func (t *nftRedirect) RemoveIPWhitelist(cidr string) { -+ command := fmt.Sprintf("nft delete element inet v2raya interface { %s }", cidr) -+ if !strings.Contains(cidr, ".") { -+ command = strings.Replace(command, "interface", "interface6", 1) - } -+ cmds.ExecCommands(command, false) -+} -+ -+func (r *nftRedirect) GetSetupCommands() Setter { -+ // 198.18.0.0/15 and fc00::/7 are reserved for private use but used by fakedns -+ table := ` -+table inet v2raya { -+ set whitelist { -+ type ipv4_addr -+ flags interval -+ auto-merge -+ elements = { -+ 0.0.0.0/32, -+ 10.0.0.0/8, -+ 100.64.0.0/10, -+ 127.0.0.0/8, -+ 169.254.0.0/16, -+ 172.16.0.0/12, -+ 192.0.0.0/24, -+ 192.0.2.0/24, -+ 192.88.99.0/24, -+ 192.168.0.0/16, -+ 198.51.100.0/24, -+ 203.0.113.0/24, -+ 224.0.0.0/4, -+ 240.0.0.0/4 -+ } -+ } -+ -+ set whitelist6 { -+ type ipv6_addr -+ flags interval -+ auto-merge -+ elements = { -+ ::/128, -+ ::1/128, -+ 64:ff9b::/96, -+ 100::/64, -+ 2001::/32, -+ 2001:20::/28, -+ fe80::/10, -+ ff00::/8 -+ } -+ } -+ -+ set interface { -+ type ipv4_addr -+ flags interval -+ auto-merge -+ } -+ -+ set interface6 { -+ type ipv6_addr -+ flags interval -+ auto-merge -+ } -+ -+ chain tp_rule { -+ ip daddr @whitelist return -+ ip daddr @interface return -+ ip6 daddr @whitelist6 return -+ ip6 daddr @interface6 return -+ meta mark & 0x80 == 0x80 return -+ meta l4proto tcp redirect to :32345 -+ } -+ -+ chain tp_pre { -+ type nat hook prerouting priority dstnat - 5 -+ meta nfproto { ipv4, ipv6 } meta l4proto tcp jump tp_rule -+ } -+ -+ chain tp_out { -+ type nat hook output priority -105 -+ meta nfproto { ipv4, ipv6 } meta l4proto tcp jump tp_rule -+ } -+} -+` -+ if !IsIPv6Supported() { -+ table = strings.ReplaceAll(table, "meta nfproto { ipv4, ipv6 }", "meta nfproto ipv4") -+ } -+ -+ nftablesConf := asset.GetNFTablesConfigPath() -+ os.WriteFile(nftablesConf, []byte(table), 0644) -+ -+ command := `nft -f ` + nftablesConf -+ -+ return Setter{Cmds: command} -+} -+ -+func (r *nftRedirect) GetCleanCommands() Setter { -+ command := `nft delete table inet v2raya` -+ return Setter{Cmds: command} - } ---- a/core/iptables/tproxy.go -+++ b/core/iptables/tproxy.go -@@ -2,18 +2,36 @@ package iptables - - import ( - "fmt" -+ "os" -+ "strings" -+ - "github.com/v2rayA/v2rayA/common/cmds" -+ "github.com/v2rayA/v2rayA/core/v2ray/asset" - "github.com/v2rayA/v2rayA/db/configure" -- "strings" - ) - --type tproxy struct { -- watcher *LocalIPWatcher -+type tproxy interface { -+ AddIPWhitelist(cidr string) -+ RemoveIPWhitelist(cidr string) -+ GetSetupCommands() Setter -+ GetCleanCommands() Setter - } - -+type legacyTproxy struct{} -+ -+type nftTproxy struct{} -+ - var Tproxy tproxy - --func (t *tproxy) AddIPWhitelist(cidr string) { -+func init() { -+ if IsNFTablesSupported() { -+ Tproxy = &nftTproxy{} -+ } else { -+ Tproxy = &legacyTproxy{} -+ } -+} -+ -+func (t *legacyTproxy) AddIPWhitelist(cidr string) { - // avoid duplication - t.RemoveIPWhitelist(cidr) - pos := 7 -@@ -30,7 +48,7 @@ func (t *tproxy) AddIPWhitelist(cidr str - cmds.ExecCommands(commands, false) - } - --func (t *tproxy) RemoveIPWhitelist(cidr string) { -+func (t *legacyTproxy) RemoveIPWhitelist(cidr string) { - var commands string - commands = fmt.Sprintf(`iptables -w 2 -t mangle -D TP_RULE -d %s -j RETURN`, cidr) - if !strings.Contains(cidr, ".") { -@@ -40,7 +58,7 @@ func (t *tproxy) RemoveIPWhitelist(cidr - cmds.ExecCommands(commands, false) - } - --func (t *tproxy) GetSetupCommands() Setter { -+func (t *legacyTproxy) GetSetupCommands() Setter { - commands := ` - ip rule add fwmark 0x40/0xc0 table 100 - ip route add local 0.0.0.0/0 dev lo table 100 -@@ -158,7 +176,7 @@ ip6tables -w 2 -t mangle -A TP_MARK -j C - } - } - --func (t *tproxy) GetCleanCommands() Setter { -+func (t *legacyTproxy) GetCleanCommands() Setter { - commands := ` - ip rule del fwmark 0x40/0xc0 table 100 - ip route del local 0.0.0.0/0 dev lo table 100 -@@ -195,3 +213,166 @@ ip6tables -w 2 -t mangle -X TP_MARK - Cmds: commands, - } - } -+ -+func (t *nftTproxy) AddIPWhitelist(cidr string) { -+ command := fmt.Sprintf("nft add element inet v2raya interface { %s }", cidr) -+ if !strings.Contains(cidr, ".") { -+ command = strings.Replace(command, "interface", "interface6", 1) -+ } -+ cmds.ExecCommands(command, false) -+} -+ -+func (t *nftTproxy) RemoveIPWhitelist(cidr string) { -+ command := fmt.Sprintf("nft delete element inet v2raya interface { %s }", cidr) -+ if !strings.Contains(cidr, ".") { -+ command = strings.Replace(command, "interface", "interface6", 1) -+ } -+ cmds.ExecCommands(command, false) -+} -+ -+func (t *nftTproxy) GetSetupCommands() Setter { -+ // 198.18.0.0/15 and fc00::/7 are reserved for private use but used by fakedns -+ table := ` -+table inet v2raya { -+ set whitelist { -+ type ipv4_addr -+ flags interval -+ auto-merge -+ elements = { -+ 0.0.0.0/32, -+ 10.0.0.0/8, -+ 100.64.0.0/10, -+ 127.0.0.0/8, -+ 169.254.0.0/16, -+ 172.16.0.0/12, -+ 192.0.0.0/24, -+ 192.0.2.0/24, -+ 192.88.99.0/24, -+ 192.168.0.0/16, -+ 198.51.100.0/24, -+ 203.0.113.0/24, -+ 224.0.0.0/4, -+ 240.0.0.0/4 -+ } -+ } -+ -+ set whitelist6 { -+ type ipv6_addr -+ flags interval -+ auto-merge -+ elements = { -+ ::/128, -+ ::1/128, -+ 64:ff9b::/96, -+ 100::/64, -+ 2001::/32, -+ 2001:20::/28, -+ fe80::/10, -+ ff00::/8 -+ } -+ } -+ -+ set interface { -+ type ipv4_addr -+ flags interval -+ auto-merge -+ } -+ -+ set interface6 { -+ type ipv6_addr -+ flags interval -+ auto-merge -+ } -+ -+ chain tp_out { -+ meta mark & 0x80 == 0x80 return -+ meta l4proto { tcp, udp } fib saddr type local fib daddr type != local jump tp_rule -+ } -+ -+ chain tp_pre { -+ iifname "lo" mark & 0xc0 != 0x40 return -+ meta l4proto { tcp, udp } fib saddr type != local fib daddr type != local jump tp_rule -+ meta l4proto { tcp, udp } mark & 0xc0 == 0x40 tproxy ip to 127.0.0.1:32345 -+ meta l4proto { tcp, udp } mark & 0xc0 == 0x40 tproxy ip6 to [::1]:32345 -+ } -+ -+ chain output { -+ type route hook output priority mangle - 5; policy accept; -+ meta nfproto { ipv4, ipv6 } jump tp_out -+ } -+ -+ chain prerouting { -+ type filter hook prerouting priority mangle - 5; policy accept; -+ meta nfproto { ipv4, ipv6 } jump tp_pre -+ } -+ -+ chain tp_rule { -+ meta mark set ct mark -+ meta mark & 0xc0 == 0x40 return -+ iifname "docker*" return -+ iifname "veth*" return -+ iifname "wg*" return -+ iifname "ppp*" return -+ # anti-pollution -+ ip daddr @interface return -+ ip daddr @whitelist return -+ ip6 daddr @interface6 return -+ ip6 daddr @whitelist6 return -+ jump tp_mark -+ } -+ -+ chain tp_mark { -+ tcp flags & (fin | syn | rst | ack) == syn meta mark set mark | 0x40 -+ meta l4proto udp ct state new meta mark set mark | 0x40 -+ ct mark set mark -+ } -+} -+` -+ if configure.GetSettingNotNil().AntiPollution != configure.AntipollutionClosed { -+ table = strings.ReplaceAll(table, "# anti-pollution", ` -+ meta l4proto { tcp, udp } th dport 53 jump tp_mark -+ meta mark & 0xc0 == 0x40 return -+ `) -+ } -+ -+ if !IsIPv6Supported() { -+ // drop ipv6 packets hooks -+ table = strings.ReplaceAll(table, "meta nfproto { ipv4, ipv6 }", "meta nfproto ipv4") -+ } -+ -+ nftablesConf := asset.GetNFTablesConfigPath() -+ os.WriteFile(nftablesConf, []byte(table), 0644) -+ -+ command := ` -+ip rule add fwmark 0x40/0xc0 table 100 -+ip route add local 0.0.0.0/0 dev lo table 100 -+` -+ if IsIPv6Supported() { -+ command += ` -+ip -6 rule add fwmark 0x40/0xc0 table 100 -+ip -6 route add local ::/0 dev lo table 100 -+` -+ } -+ -+ command += `nft -f ` + nftablesConf -+ return Setter{Cmds: command} -+} -+ -+func (t *nftTproxy) GetCleanCommands() Setter { -+ command := ` -+ip rule del fwmark 0x40/0xc0 table 100 -+ip route del local 0.0.0.0/0 dev lo table 100 -+` -+ if IsIPv6Supported() { -+ command += ` -+ip -6 rule del fwmark 0x40/0xc0 table 100 -+ip -6 route del local ::/0 dev lo table 100 -+ ` -+ } -+ -+ command += `nft delete table inet v2raya` -+ if !IsIPv6Supported() { -+ command = strings.Replace(command, "inet", "ip", 1) -+ } -+ return Setter{Cmds: command} -+} ---- a/core/iptables/utils.go -+++ b/core/iptables/utils.go -@@ -1,12 +1,13 @@ - package iptables - - import ( -+ "net" -+ "strconv" -+ - "github.com/v2rayA/v2rayA/common" - "github.com/v2rayA/v2rayA/common/cmds" - "github.com/v2rayA/v2rayA/conf" - "golang.org/x/net/nettest" -- "net" -- "strconv" - ) - - func IPNet2CIDR(ipnet *net.IPNet) string { -@@ -44,3 +45,21 @@ func IsIPv6Supported() bool { - } - return cmds.IsCommandValid("ip6tables") - } -+ -+func IsNFTablesSupported() bool { -+ -+ switch conf.GetEnvironmentConfig().NFTablesSupport { -+ // Warning: -+ // This is an experimental feature for nftables support. -+ // The default value is "off" for now but may be changed to "auto" in the future -+ case "on": -+ return true -+ case "off": -+ return false -+ default: -+ } -+ if common.IsDocker() { -+ return false -+ } -+ return cmds.IsCommandValid("nft") -+} ---- a/core/iptables/watcher.go -+++ b/core/iptables/watcher.go -@@ -10,6 +10,7 @@ type LocalIPWatcher struct { - cidrPool map[string]struct{} - AddedFunc func(cidr string) - RemovedFunc func(cidr string) -+ UpdateFunc func(cidrs []string) - } - - func NewLocalIPWatcher(interval time.Duration, AddedFunc func(cidr string), RemovedFunc func(cidr string)) *LocalIPWatcher { ---- a/core/v2ray/asset/asset.go -+++ b/core/v2ray/asset/asset.go -@@ -3,12 +3,6 @@ package asset - import ( - "errors" - "fmt" -- "github.com/adrg/xdg" -- "github.com/muhammadmuzzammil1998/jsonc" -- "github.com/v2rayA/v2rayA/common/files" -- "github.com/v2rayA/v2rayA/conf" -- "github.com/v2rayA/v2rayA/core/v2ray/where" -- "github.com/v2rayA/v2rayA/pkg/util/log" - "io" - "io/fs" - "net/http" -@@ -17,6 +11,13 @@ import ( - "path/filepath" - "runtime" - "time" -+ -+ "github.com/adrg/xdg" -+ "github.com/muhammadmuzzammil1998/jsonc" -+ "github.com/v2rayA/v2rayA/common/files" -+ "github.com/v2rayA/v2rayA/conf" -+ "github.com/v2rayA/v2rayA/core/v2ray/where" -+ "github.com/v2rayA/v2rayA/pkg/util/log" - ) - - func GetV2rayLocationAssetOverride() string { -@@ -140,6 +141,10 @@ func GetV2rayConfigDirPath() (p string) - return conf.GetEnvironmentConfig().V2rayConfigDirectory - } - -+func GetNFTablesConfigPath() (p string) { -+ return path.Join(conf.GetEnvironmentConfig().Config, "v2raya.nft") -+} -+ - func Download(url string, to string) (err error) { - log.Info("Downloading %v to %v", url, to) - c := http.Client{Timeout: 90 * time.Second} ---- a/core/v2ray/transparent.go -+++ b/core/v2ray/transparent.go -@@ -2,13 +2,14 @@ package v2ray - - import ( - "fmt" -+ "strings" -+ "time" -+ - "github.com/v2rayA/v2rayA/conf" - "github.com/v2rayA/v2rayA/core/iptables" - "github.com/v2rayA/v2rayA/core/specialMode" - "github.com/v2rayA/v2rayA/db/configure" - "github.com/v2rayA/v2rayA/pkg/util/log" -- "strings" -- "time" - ) - - func deleteTransparentProxyRules() { -@@ -45,12 +46,12 @@ func writeTransparentProxyRules() (err e - } - return fmt.Errorf("not support \"tproxy\" mode of transparent proxy: %w", err) - } -- iptables.SetWatcher(&iptables.Tproxy) -+ iptables.SetWatcher(iptables.Tproxy) - case configure.TransparentRedirect: - if err = iptables.Redirect.GetSetupCommands().Run(true); err != nil { - return fmt.Errorf("not support \"redirect\" mode of transparent proxy: %w", err) - } -- iptables.SetWatcher(&iptables.Redirect) -+ iptables.SetWatcher(iptables.Redirect) - case configure.TransparentSystemProxy: - if err = iptables.SystemProxy.GetSetupCommands().Run(true); err != nil { - return fmt.Errorf("not support \"system proxy\" mode of transparent proxy: %w", err) From 67c26190089c99367140de63f1b1ba188567569d Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 20 Mar 2023 15:25:04 +0800 Subject: [PATCH 2/7] cloudflared: Update to 2023.3.1 Signed-off-by: Tianling Shen --- net/cloudflared/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/cloudflared/Makefile b/net/cloudflared/Makefile index 3f573ff23..fb2c2f1ec 100644 --- a/net/cloudflared/Makefile +++ b/net/cloudflared/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cloudflared -PKG_VERSION:=2023.3.0 +PKG_VERSION:=2023.3.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/cloudflare/cloudflared/tar.gz/$(PKG_VERSION)? -PKG_HASH:=90fad1f6eb59689e06d09837c5ec9a3e7e3d177fea15190027f60c5b9e7950be +PKG_HASH:=cdd0f02fc4170842c8210db2b700bad88d8a7b5d00fb8f7336073737f11fc718 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE From 65dc683efe329a13afdc632150f886b88d7f5edf Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Mon, 20 Mar 2023 15:25:35 +0800 Subject: [PATCH 3/7] yq: Update to 4.32.2 Signed-off-by: Tianling Shen --- utils/yq/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/yq/Makefile b/utils/yq/Makefile index 78f71a056..67005c08e 100644 --- a/utils/yq/Makefile +++ b/utils/yq/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=yq -PKG_VERSION:=4.31.2 +PKG_VERSION:=4.32.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/mikefarah/yq/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=82d5ef2ab01bc5065e7efe671d92fb82e53f41dc67b04cab6c3b22fd144bd009 +PKG_HASH:=769b77a01fe8c389b17b3a5eb606a395540eb7ccdc533e2db2542baeceefcbc9 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=MIT From e5395396bd34c8eba0e01529fe01637e4468e401 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Tue, 21 Mar 2023 01:33:22 +0800 Subject: [PATCH 4/7] dnsproxy: Update to 0.48.1 Signed-off-by: Tianling Shen --- net/dnsproxy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dnsproxy/Makefile b/net/dnsproxy/Makefile index faf495f92..dc3e07ea1 100644 --- a/net/dnsproxy/Makefile +++ b/net/dnsproxy/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsproxy -PKG_VERSION:=0.48.0 +PKG_VERSION:=0.48.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=b63d10b0f7d4ede68aae9bda9ef306a0673c8ca97ef9d57b838edb53e0023f8b +PKG_HASH:=c671c69879e1a76d7a079a311c6eeb10abc5471277ecaecf3ef8666b057f7a57 PKG_MAINTAINER:=Tianling Shen PKG_LICENSE:=Apache-2.0 From a4b9697684ad13e9c60e22a830c5d5c28bd5e9ad Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Mon, 20 Mar 2023 20:27:19 +0100 Subject: [PATCH 5/7] adblock: update to 4.1.5-7 * fix cornercase issue with duplicate entries in black- and whitelist * change cpbl source URL * firewall redirects now blocks IPv4 and IPv6 (set family to "any") Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 2 +- net/adblock/files/adblock.sh | 12 +++++++++--- net/adblock/files/adblock.sources | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 22a59a926..6eda908a4 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock PKG_VERSION:=4.1.5 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh index 2647df093..e76e81450 100755 --- a/net/adblock/files/adblock.sh +++ b/net/adblock/files/adblock.sh @@ -1,6 +1,6 @@ #!/bin/sh # dns based ad/abuse domain blocking -# Copyright (c) 2015-2022 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2015-2023 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # disable (s)hellcheck in release @@ -566,6 +566,7 @@ f_extconf() { set firewall."adblock_${zone}${port}".src_dport="${port}" set firewall."adblock_${zone}${port}".dest_port="${port}" set firewall."adblock_${zone}${port}".target="DNAT" + set firewall."adblock_${zone}${port}".family="any" EOC fi fwcfg="${fwcfg/adblock_${zone}${port}[ |\$]/}" @@ -686,8 +687,13 @@ f_list() { src_name="${mode}" if [ "${src_name}" = "blacklist" ] && [ -f "${adb_blacklist}" ]; then rset="/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" - "${adb_awk}" "${rset}" "${adb_blacklist}" | - "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' >"${adb_tmpdir}/tmp.raw.${src_name}" + "${adb_awk}" "${rset}" "${adb_blacklist}" >"${adb_tmpdir}/tmp.raw.${src_name}" + if [ -s "${adb_whitelist}" ]; then + "${adb_awk}" 'NR==FNR{member[$1];next}!($1 in member)' "${adb_whitelist}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.deduplicate.${src_name}" + else + cat "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.deduplicate.${src_name}" + fi + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "${adb_tmpdir}/tmp.deduplicate.${src_name}" >"${adb_tmpdir}/tmp.raw.${src_name}" "${adb_sort}" ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null >"${adb_tmpfile}.${src_name}" out_rc="${?}" rm -f "${adb_tmpdir}/tmp.raw.${src_name}" diff --git a/net/adblock/files/adblock.sources b/net/adblock/files/adblock.sources index d6f56f6d4..85af8602b 100644 --- a/net/adblock/files/adblock.sources +++ b/net/adblock/files/adblock.sources @@ -63,7 +63,7 @@ "descurl": "https://github.com/hoshsadiq/adblock-nocoin-list" }, "cpbl": { - "url": "https://raw.githubusercontent.com/bongochong/CombinedPrivacyBlockLists/master/NoFormatting/BlacklistedDomains.txt", + "url": "https://raw.githubusercontent.com/bongochong/CombinedPrivacyBlockLists/master/NoFormatting/cpbl-ctld.txt", "rule": "/^([[:alnum:]_-]{1,63}\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", "size": "XL", "focus": "compilation", From 94345b0325bbffebf97b8a54f2d896a1bbb1291a Mon Sep 17 00:00:00 2001 From: Hirokazu MORIKAWA Date: Mon, 20 Mar 2023 17:33:17 +0900 Subject: [PATCH 6/7] node: bump to v18.15.0 Update to v18.15.0 Fixed bug using system-icu Signed-off-by: Hirokazu MORIKAWA --- lang/node/Makefile | 4 +-- ...necessary_libraries_for_host_execute.patch | 6 ++--- lang/node/patches/991-v8_zlib_support.patch | 4 +-- .../patches/992-v8_add_include_dirs.patch | 26 +++++++++++++++++++ .../992-v8_compiler_add_include_dirs.patch | 10 ------- 5 files changed, 33 insertions(+), 17 deletions(-) create mode 100644 lang/node/patches/992-v8_add_include_dirs.patch delete mode 100644 lang/node/patches/992-v8_compiler_add_include_dirs.patch diff --git a/lang/node/Makefile b/lang/node/Makefile index f1eacd891..6da85cc12 100644 --- a/lang/node/Makefile +++ b/lang/node/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=node -PKG_VERSION:=v18.14.2 +PKG_VERSION:=v18.15.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION) -PKG_HASH:=fbc364dd25fee2cacc0f2033db2d86115fc07575310ea0e64408b8170d09c685 +PKG_HASH:=8e44d65018ff973284195c23186469a0ea4082e97ec4200e5f5706d5584daa37 PKG_MAINTAINER:=Hirokazu MORIKAWA , Adrian Panella PKG_LICENSE:=MIT diff --git a/lang/node/patches/990-delete_unnecessary_libraries_for_host_execute.patch b/lang/node/patches/990-delete_unnecessary_libraries_for_host_execute.patch index f9e5329db..d9b5b6889 100644 --- a/lang/node/patches/990-delete_unnecessary_libraries_for_host_execute.patch +++ b/lang/node/patches/990-delete_unnecessary_libraries_for_host_execute.patch @@ -51,7 +51,7 @@ 'dependencies': [ 'v8_base_without_compiler', 'v8_compiler_for_mksnapshot', -@@ -1442,6 +1445,7 @@ +@@ -1450,6 +1453,7 @@ { 'target_name': 'torque', 'type': 'executable', @@ -59,7 +59,7 @@ 'dependencies': [ 'torque_base', # "build/win:default_exe_manifest", -@@ -1480,6 +1484,7 @@ +@@ -1488,6 +1492,7 @@ { 'target_name': 'torque-language-server', 'type': 'executable', @@ -67,7 +67,7 @@ 'conditions': [ ['want_separate_host_toolset', { 'toolsets': ['host'], -@@ -1507,6 +1512,8 @@ +@@ -1515,6 +1520,8 @@ { 'target_name': 'gen-regexp-special-case', 'type': 'executable', diff --git a/lang/node/patches/991-v8_zlib_support.patch b/lang/node/patches/991-v8_zlib_support.patch index d8c478b8f..cc400a36e 100644 --- a/lang/node/patches/991-v8_zlib_support.patch +++ b/lang/node/patches/991-v8_zlib_support.patch @@ -62,7 +62,7 @@ 'include_dirs': [ '<(V8_ROOT)/include', ], -@@ -1729,6 +1736,7 @@ +@@ -1737,6 +1744,7 @@ }], ], 'direct_dependent_settings': { @@ -70,7 +70,7 @@ 'include_dirs': [ '<(V8_ROOT)/include', ], -@@ -1909,15 +1917,19 @@ +@@ -1917,15 +1925,19 @@ }], ], 'direct_dependent_settings': { diff --git a/lang/node/patches/992-v8_add_include_dirs.patch b/lang/node/patches/992-v8_add_include_dirs.patch new file mode 100644 index 000000000..8588621d2 --- /dev/null +++ b/lang/node/patches/992-v8_add_include_dirs.patch @@ -0,0 +1,26 @@ +--- a/tools/v8_gypfiles/v8.gyp ++++ b/tools/v8_gypfiles/v8.gyp +@@ -242,6 +242,7 @@ + 'sources': [ + '<(V8_ROOT)/src/init/setup-isolate-full.cc', + ], ++ 'include_dirs': [ ' Date: Mon, 20 Mar 2023 19:34:08 +0200 Subject: [PATCH 7/7] netbird: update to 0.14.4 Bug fixes & refactor Fix: send remote agents updates when peer re-authenticates Signed-off-by: Oskari Rauta --- net/netbird/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netbird/Makefile b/net/netbird/Makefile index 2820be2bc..d5a628bb7 100644 --- a/net/netbird/Makefile +++ b/net/netbird/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=netbird -PKG_VERSION:=0.14.3 +PKG_VERSION:=0.14.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/netbirdio/netbird/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=ce56a0419cea1296f4b61d1ecb04e5f812805538e17f5211c5f05ed2b5b98dbc +PKG_HASH:=7cfad70cd0fecc2d0f7bf68a03efe05e5f6e1a3627998169dc07b7c9f8e3b8d2 PKG_MAINTAINER:=Oskari Rauta PKG_LICENSE:=BSD-3-Clause