Merge branch 'dev'

Author: vernesong

.github/workflows/compile_meta_core.yml

@@ -111,7 +111,7 @@ jobs:
       - name: Setup loongarch abi1 Go
         run: |
           wget -q https://github.com/MetaCubeX/loongarch64-golang/releases/download/1.22.4/go1.22.4.linux-amd64-abi1.tar.gz
-          sudo tar zxf go1.21.5.linux-amd64-abi1.tar.gz -C /usr/local
+          sudo tar zxf go1.22.4.linux-amd64-abi1.tar.gz -C /usr/local
           echo "/usr/local/go/bin" >> $GITHUB_PATH
 
       - name: Compile Meta loongarch abi1 Clash
@@ -127,7 +127,7 @@ jobs:
       - name: Setup loongarch abi2 Go
         run: |
           wget -q https://github.com/MetaCubeX/loongarch64-golang/releases/download/1.22.4/go1.22.4.linux-amd64-abi2.tar.gz
-          sudo tar zxf go1.21.5.linux-amd64-abi2.tar.gz -C /usr/local
+          sudo tar zxf go1.22.4.linux-amd64-abi2.tar.gz -C /usr/local
 
       - name: Compile Meta loongarch abi2 Clash
         run: |

luci-app-openclash/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-openclash
-PKG_VERSION:=0.46.031
+PKG_VERSION:=0.46.033
 PKG_RELEASE:=beta
 PKG_MAINTAINER:=vernesong <https://github.com/vernesong/OpenClash>
 

luci-app-openclash/luasrc/view/openclash/myip.htm

@@ -241,11 +241,28 @@
                     return ip;
                 })();
 
-                fetch(`https://qqwry.api.skk.moe/${anonymizedIp}`, {
+                fetch(`https://api.ip.sb/geoip/${anonymizedIp}`, {
                 referrerPolicy: 'no-referrer-when-downgrade',
                 }).then(r => r.json())
                 .then(resp => {
-                    $$.getElementById(elID).innerHTML = resp.geo;
+                    if ( resp.country && resp.country != '' && resp.isp && resp.isp != '' ) {
+                        $$.getElementById(elID).innerHTML = resp.country + ' ' + resp.isp;
+                    }
+                    else {
+                        fetch(`https://qqwry.api.skk.moe/${anonymizedIp}`, {
+                        referrerPolicy: 'no-referrer-when-downgrade',
+                        }).then(r => r.json())
+                        .then(resp => {
+                            if ( resp.geo.indexOf('skk.moe') == -1 ) {
+                                $$.getElementById(elID).innerHTML = resp.geo;
+                            }
+                            else {
+                                $$.getElementById(elID).innerHTML = 'Unknown';
+                            }
+                        })
+                    }
+                    //https://api.ip.sb/geoip/${anonymizedIp}
+                    //http://ip-api.com/json/${anonymizedIp}?lang=zh-CN
                     //$$.getElementById(elID).innerHTML = `${resp.data.country} ${resp.data.regionName} ${resp.data.city} ${resp.data.isp}`;
                 })
             },
@@ -370,7 +387,8 @@
             if (localStorage.getItem('privacy_my_ip') != 'true') {
                 $$.getElementById('ip-ipsb').innerHTML = data.ip;
             };
-            IP.parseIPIpip(data.ip, 'ip-ipsb-geo');
+            //IP.parseIPIpip(data.ip, 'ip-ipsb-geo');
+            $$.getElementById('ip-ipsb-geo').innerHTML = `${data.country} ${data.isp}`;
             addTitleOnOverflow();
         };
 
@@ -404,7 +422,7 @@
 
             var sbipScript= document.createElement("script");
             sbipScript.defer = "defer";
-            sbipScript.src=`https://api-ipv4.ip.sb/jsonip?callback=getIpsbIP&z=${random}`;
+            sbipScript.src=`https://api-ipv4.ip.sb/geoip?callback=getIpsbIP&z=${random}`;
             mypage.appendChild(sbipScript);
 
             //HTTP.runcheck();
@@ -486,6 +504,6 @@
         document.write('<script defer="defer" src="https://whois.pconline.com.cn/ipJson.jsp?callback=getPcolIP&z='+parseInt(Math.random() * 100000000)+'" type="text/javascript"><\/script>');
     </script>
     <script type="text/javascript">
-        document.write('<script defer="defer" src="https://api-ipv4.ip.sb/jsonip?callback=getIpsbIP&z='+parseInt(Math.random() * 100000000)+'" type="text/javascript"><\/script>');
+        document.write('<script defer="defer" src="https://api-ipv4.ip.sb/geoip?callback=getIpsbIP&z='+parseInt(Math.random() * 100000000)+'" type="text/javascript"><\/script>');
     </script>
 </html>

luci-app-openclash/po/zh-cn/openclash.zh-cn.po

@@ -3394,4 +3394,7 @@ msgid "ECS Override"
 msgstr "ECS 区域地址覆盖"
 
 msgid "Override the ECS Subnet Address"
-msgstr "强制覆盖 DNS 查询的子网区域地址"
+msgstr "强制覆盖 DNS 查询的子网区域地址"
+
+msgid "Tip: Respect-rules Option Need Proxy-server-nameserver Option Must Be Setted, Auto Set to"
+msgstr "提示：使用 Respect-rules 功能时 Proxy-server-nameserver 必须配置，插件将默认将其设置为"

luci-app-openclash/root/etc/init.d/openclash

@@ -1596,6 +1596,9 @@ if [ -n "$FW4" ]; then
       elif [ "$enable_redirect_dns" -eq 1 ]; then
          nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv4} tcp dport 53 counter accept comment \"OpenClash TCP DNS Hijack\"
       fi
+      if [ "$router_self_proxy" = 1 ]; then
+         nft insert rule inet fw4 nat_output position 0 skuid != 65534 meta nfproto {ipv4} tcp dport 53 counter accept comment \"OpenClash TCP DNS Hijack\"
+      fi
 
       #TUN FORWORD
       nft insert rule inet fw4 forward position 0 meta l4proto {tcp,udp} oifname utun counter accept comment \"OpenClash TUN Forward\"
@@ -1663,14 +1666,16 @@ if [ -n "$FW4" ]; then
             fi
          fi
       fi
-      if [ "$en_mode" = "fake-ip" ] && [ "$china_ip_route" != "0" ] && [ "$enable_redirect_dns" != "2" ]; then
-         nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} tcp dport 53 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\"
-         nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} udp dport 53 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\"
-         nft 'add chain inet fw4 nat_output { type nat hook output priority -1; }'
-         nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} tcp dport 53 meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\"
-         nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} udp dport 53 meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\"
-         nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} tcp dport 12353 meta skuid != 65534 counter redirect to "$DNSPORT" comment \"OpenClash DNS Hijack\"
-         nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} udp dport 12353 meta skuid != 65534 counter redirect to "$DNSPORT" comment \"OpenClash DNS Hijack\"
+
+      if [ "$enable_redirect_dns" -eq 2 ]; then
+         local position=$(nft -a list chain inet fw4 openclash_dns_redirect |grep "DNS" |grep -v "redirect" |awk -F '# handle ' '{print$2}' |sort -rn |head -1)
+         [ -z "$position" ] && position=0
+         nft insert rule inet fw4 openclash_dns_redirect position "$position" meta nfproto {ipv6} tcp dport 53 counter accept comment \"OpenClash TCP DNS Hijack\"
+      elif [ "$enable_redirect_dns" -eq 1 ]; then
+         nft insert rule inet fw4 dstnat position 0 meta nfproto {ipv6} tcp dport 53 counter accept comment \"OpenClash TCP DNS Hijack\"
+      fi
+      if [ "$router_self_proxy" = 1 ]; then
+         nft insert rule inet fw4 nat_output position 0 skuid != 65534 meta nfproto {ipv6} tcp dport 53 counter accept comment \"OpenClash TCP DNS Hijack\"
       fi
 
       if [ "$china_ip6_route" != "0" ] || [ "$disable_udp_quic" = "1" ]; then
@@ -2378,6 +2383,9 @@ if [ -z "$FW4" ]; then
       elif [ "$enable_redirect_dns" -eq 1 ]; then
          iptables -t nat -I PREROUTING -m comment --comment "OpenClash TCP DNS Hijack" -p tcp --dport 53 -j ACCEPT
       fi
+      if [ "$router_self_proxy" = 1 ]; then
+         iptables -t nat -I OUTPUT -m owner ! --uid-owner 65534 -m comment --comment "OpenClash TCP DNS Hijack" -p tcp --dport 53 -j ACCEPT
+      fi
 
       #TUN FORWORD
       iptables -I FORWARD -m comment --comment "OpenClash TUN Forward" -o utun -j ACCEPT >/dev/null 2>&1
@@ -2446,15 +2454,20 @@ if [ -z "$FW4" ]; then
             fi
          fi
       fi
-      if [ "$en_mode" = "fake-ip" ] && [ "$china_ip_route" != "0" ] && [ "$enable_redirect_dns" != "2" ]; then
-         ip6tables -t nat -I PREROUTING -p udp --dport 53 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack"
-         ip6tables -t nat -I PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack"
-         ip6tables -t nat -I OUTPUT -p udp --dport 53 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack"
-         ip6tables -t nat -I OUTPUT -p tcp --dport 53 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack"
-         ip6tables -t nat -I OUTPUT -p udp --dport 12353 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$DNSPORT" -m comment --comment "OpenClash DNS Hijack"
-         ip6tables -t nat -I OUTPUT -p tcp --dport 12353 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$DNSPORT" -m comment --comment "OpenClash DNS Hijack"
-      fi
 
+      if [ "$ipv6_mode" -eq 2 ]; then
+         if [ "$enable_redirect_dns" -eq 2 ]; then
+            local position=$(ip6tables -nvL openclash_dns_redirect -t nat |grep "DNS" |grep -v "REDIRECT" |wc -l)
+            let position++
+            ip6tables -t nat -I openclash_dns_redirect "$position" -m comment --comment "OpenClash TCP DNS Hijack" -p tcp --dport 53 -j ACCEPT
+         elif [ "$enable_redirect_dns" -eq 1 ]; then
+            ip6tables -t nat -I PREROUTING -m comment --comment "OpenClash TCP DNS Hijack" -p tcp --dport 53 -j ACCEPT
+         fi
+         if [ "$router_self_proxy" = 1 ]; then
+            ip6tables -t nat -I OUTPUT -p tcp --dport 53 -d ::/0 -m owner ! --uid-owner 65534 -j ACCEPT -m comment --comment "OpenClash DNS Hijack"
+         fi
+      fi
+      
       if [ "$china_ip6_route" != "0" ] || [ "$disable_udp_quic" = "1" ]; then
          ipset -! flush china_ip6_route
          ipset -! restore </etc/openclash/china_ip6_route.ipset