git.openwrt.org Git - project/luci.git/blob

   1 'use strict';
   2 'require uci';
   3 'require fs';
   4 'require form';
   5 'require tools.widgets as widgets';
   6 'require shadowsocks-libev as ss';
   7
   8 var conf = 'shadowsocks-libev';
   9
  10 function src_dst_option(s /*, ... */) {
  11         var o = s.taboption.apply(s, L.varargs(arguments, 1));
  12         o.datatype = 'or(ipaddr,cidr)';
  13 }
  14
  15 return L.view.extend({
  16         load: function() {
  17                 return Promise.all([
  18                         L.resolveDefault(fs.stat('/usr/lib/iptables/libxt_recent.so'), {}),
  19                         L.resolveDefault(fs.stat('/usr/bin/ss-rules'), null),
  20                         uci.load(conf).then(function() {
  21                                 if (!uci.get_first(conf, 'ss_rules')) {
  22                                         uci.set(conf, uci.add(conf, 'ss_rules', 'ss_rules'), 'disabled', '1');
  23                                 }
  24                         })
  25                 ]);
  26         },
  27         render: function(stats) {
  28                 var m, s, o;
  29
  30                 m = new form.Map(conf, _('Redir Rules'),
  31                         _('On this page you can configure how traffics are to be \
  32                                 forwarded to ss-redir instances. \
  33                                 If enabled, packets will first have their src ip addresses checked \
  34                                 against <em>Src ip/net bypass</em>, <em>Src ip/net forward</em>, \
  35                                 <em>Src ip/net checkdst</em> and if none matches <em>Src default</em> \
  36                                 will give the default action to be taken. \
  37                                 If the prior check results in action <em>checkdst</em>, packets will continue \
  38                                 to have their dst addresses checked.'));
  39
  40                 s = m.section(form.NamedSection, 'ss_rules', 'ss_rules');
  41                 s.tab('general', _('General Settings'));
  42                 s.tab('src', _('Source Settings'));
  43                 s.tab('dst', _('Destination Settings'));
  44
  45                 s.taboption('general', form.Flag, 'disabled', _('Disable'));
  46                 if (!stats[1]) {
  47                         ss.option_install_package(s, 'general');
  48                 }
  49
  50                 o = s.taboption('general', form.ListValue, 'redir_tcp',
  51                         _('ss-redir for TCP'));
  52                 ss.values_redir(o, 'tcp');
  53                 o = s.taboption('general', form.ListValue, 'redir_udp',
  54                         _('ss-redir for UDP'));
  55                 ss.values_redir(o, 'udp');
  56
  57                 o = s.taboption('general', form.ListValue, 'local_default',
  58                         _('Local-out default'),
  59                         _('Default action for locally generated TCP packets'));
  60                 ss.values_actions(o);
  61                 o = s.taboption('general', widgets.DeviceSelect, 'ifnames',
  62                         _('Ingress interfaces'),
  63                         _('Only apply rules on packets from these network interfaces'));
  64                 o.multiple = true;
  65                 o.noaliases = true;
  66                 o.noinactive = true;
  67                 s.taboption('general', form.Value, 'ipt_args',
  68                         _('Extra arguments'),
  69                         _('Passes additional arguments to iptables. Use with care!'));
  70
  71                 src_dst_option(s, 'src', form.DynamicList, 'src_ips_bypass',
  72                         _('Src ip/net bypass'),
  73                         _('Bypass ss-redir for packets with src address in this list'));
  74                 src_dst_option(s, 'src', form.DynamicList, 'src_ips_forward',
  75                         _('Src ip/net forward'),
  76                         _('Forward through ss-redir for packets with src address in this list'));
  77                 src_dst_option(s, 'src', form.DynamicList, 'src_ips_checkdst',
  78                         _('Src ip/net checkdst'),
  79                         _('Continue to have dst address checked for packets with src address in this list'));
  80                 o = s.taboption('src', form.ListValue, 'src_default',
  81                         _('Src default'),
  82                         _('Default action for packets whose src address do not match any of the src ip/net list'));
  83                 ss.values_actions(o);
  84
  85                 src_dst_option(s, 'dst', form.DynamicList, 'dst_ips_bypass',
  86                         _('Dst ip/net bypass'),
  87                         _('Bypass ss-redir for packets with dst address in this list'));
  88                 src_dst_option(s, 'dst', form.DynamicList, 'dst_ips_forward',
  89                         _('Dst ip/net forward'),
  90                         _('Forward through ss-redir for packets with dst address in this list'));
  91
  92                 var dir = '/etc/shadowsocks-libev';
  93                 o = s.taboption('dst', form.FileUpload, 'dst_ips_bypass_file',
  94                         _('Dst ip/net bypass file'),
  95                         _('File containing ip/net for the purposes as with <em>Dst ip/net bypass</em>'));
  96                 o.root_directory = dir;
  97                 o = s.taboption('dst', form.FileUpload, 'dst_ips_forward_file',
  98                         _('Dst ip/net forward file'),
  99                         _('File containing ip/net for the purposes as with <em>Dst ip/net forward</em>'));
 100                 o.root_directory = dir;
 101                 o = s.taboption('dst', form.ListValue, 'dst_default',
 102                         _('Dst default'),
 103                         _('Default action for packets whose dst address do not match any of the dst ip list'));
 104                 ss.values_actions(o);
 105
 106                 if (stats[0].type === 'file') {
 107                         o = s.taboption('dst', form.Flag, 'dst_forward_recentrst');
 108                 } else {
 109                         uci.set(conf, 'ss_rules', 'dst_forward_recentrst', '0');
 110                         o = s.taboption('dst', form.Button, '_install');
 111                         o.inputtitle = _('Install package iptables-mod-conntrack-extra');
 112                         o.inputstyle = 'apply';
 113                         o.onclick = function() {
 114                                 window.open(L.url('admin/system/opkg') +
 115                                         '?query=iptables-mod-conntrack-extra', '_blank', 'noopener');
 116                         }
 117                 }
 118                 o.title = _('Forward recentrst');
 119                 o.description = _('Forward those packets whose dst have recently sent to us multiple tcp-rst');
 120
 121                 return m.render();
 122         },
 123 });