🐶 Sync 2025-11-02 14:26:26

nikki/files/scripts/debug.sh

@@ -0,0 +1,248 @@
+#!/bin/sh
+
+. "$IPKG_INSTROOT/etc/nikki/scripts/include.sh"
+
+enabled=`uci get nikki.config.enabled`
+
+if [ "$enabled" == "0" ]; then
+	uci set nikki.config.enabled=1
+	uci commit nikki
+	/etc/init.d/nikki restart
+fi
+
+echo \
+"
+# Nikki Debug Info
+## system
+\`\`\`shell
+`
+cat /etc/openwrt_release
+`
+\`\`\`
+## kernel
+\`\`\`
+`
+uname -a
+`
+\`\`\`
+## application
+\`\`\`
+`
+if [ -x "/bin/opkg" ]; then
+	opkg list-installed "nikki"
+	opkg list-installed "luci-app-nikki"
+elif [ -x "/usr/bin/apk" ]; then
+	apk list -I "nikki"
+	apk list -I "luci-app-nikki"
+fi
+`
+\`\`\`
+## config
+\`\`\`json
+`
+ucode -S -e '
+import { cursor } from "uci";
+
+const uci = cursor();
+
+const config = uci.get_all("nikki");
+const result = {};
+
+for (let section_id in config) {
+	const section = config[section_id];
+	const section_type = section[".type"];
+	if (result[section_type] == null) {
+		result[section_type] = [];
+	}
+	push(result[section_type], section);
+}
+for (let section_type in result) {
+	for (let section in result[section_type]) {
+		delete section[".anonymous"];
+		delete section[".type"];
+		delete section[".name"];
+		delete section[".index"];
+	}
+}
+if (exists(result, "mixin")) {
+	for (let x in result["mixin"]) {
+		if (exists(x, "api_secret")) {
+			x["api_secret"] = "*";
+		}
+	}
+}
+if (exists(result, "authentication")) {
+	for (let x in result["authentication"]) {
+		if (exists(x, "password")) {
+			x["password"] = "*";
+		}
+	}
+}
+if (exists(result, "subscription")) {
+	for (let x in result["subscription"]) {
+		if (exists(x, "url")) {
+			x["url"] = "*";
+		}
+	}
+}
+if (exists(result, "lan_access_control")) {
+	for (let x in result["lan_access_control"]) {
+		if (exists(x, "ip")) {
+			for (let i = 0; i < length(x["ip"]); i++) {
+				x["ip"][i] = "*";
+			}
+		}
+		if (exists(x, "ip6")) {
+			for (let i = 0; i < length(x["ip6"]); i++) {
+				x["ip6"][i] = "*";
+			}
+		}
+		if (exists(x, "mac")) {
+			for (let i = 0; i < length(x["mac"]); i++) {
+				x["mac"][i] = "*";
+			}
+		}
+	}
+}
+delete result["status"];
+delete result["editor"];
+delete result["log"];
+print(result);
+'
+`
+\`\`\`
+## profile
+\`\`\`json
+`
+ucode -S -e '
+import { popen } from "fs";
+
+function desensitize_proxies(proxies) {
+	for (let x in proxies) {
+		if (exists(x, "server")) {
+			x["server"] = "*";
+		}
+		if (exists(x, "servername")) {
+			x["servername"] = "*";
+		}
+		if (exists(x, "sni")) {
+			x["sni"] = "*";
+		}
+		if (exists(x, "port")) {
+			x["port"] = "*";
+		}
+		if (exists(x, "ports")) {
+			x["ports"] = "*";
+		}
+		if (exists(x, "port-range")) {
+			x["port-range"] = "*";
+		}
+		if (exists(x, "uuid")) {
+			x["uuid"] = "*";
+		}
+		if (exists(x, "private-key")) {
+			x["private-key"] = "*";
+		}
+		if (exists(x, "public-key")) {
+			x["public-key"] = "*";
+		}
+		if (exists(x, "token")) {
+			x["token"] = "*";
+		}
+		if (exists(x, "username")) {
+			x["username"] = "*";
+		}
+		if (exists(x, "password")) {
+			x["password"] = "*";
+		}
+	}
+}
+
+function desensitize_profile() {
+	let profile = {};
+	const process = popen("yq -p yaml -o json /etc/nikki/run/config.yaml");
+	if (process) {
+		profile = json(process);
+		if (exists(profile, "secret")) {
+			profile["secret"] = "*";
+		}
+		if (exists(profile, "authentication")) {
+			profile["authentication"] = [];
+		}
+		if (exists(profile, "proxy-providers")) {
+			for (let x in profile["proxy-providers"]) {
+				if (exists(profile["proxy-providers"][x], "url")) {
+					profile["proxy-providers"][x]["url"] = "*";
+				}
+				if (exists(profile["proxy-providers"][x], "payload")) {
+					desensitize_proxies(profile["proxy-providers"][x]["payload"]);
+				}
+			}
+		}
+		if (exists(profile, "proxies")) {
+			desensitize_proxies(profile["proxies"]);
+		}
+		process.close();
+	}
+	return profile;
+}
+
+print(desensitize_profile());
+'
+`
+\`\`\`
+## ip rule
+\`\`\`
+`
+ip rule list
+`
+\`\`\`
+## ip route
+\`\`\`
+TPROXY: 
+`
+ip route list table "$(uci get nikki.routing.tproxy_route_table)"
+`
+
+TUN: 
+`
+ip route list table "$(uci get nikki.routing.tun_route_table)"
+`
+\`\`\`
+## ip6 rule
+\`\`\`
+`
+ip -6 rule list
+`
+\`\`\`
+## ip6 route
+\`\`\`
+TPROXY: 
+`
+ip -6 route list table "$(uci get nikki.routing.tproxy_route_table)"
+`
+
+TUN: 
+`
+ip -6 route list table "$(uci get nikki.routing.tun_route_table)"
+`
+\`\`\`
+## nftables
+\`\`\`
+`
+nft list table inet nikki
+`
+\`\`\`
+## service
+\`\`\`json
+`
+/etc/init.d/nikki info
+`
+\`\`\`
+"
+
+if [ "$enabled" == "0" ]; then
+	uci set nikki.config.enabled=0
+	uci commit nikki
+	/etc/init.d/nikki restart
+fi

nikki/files/scripts/firewall_include.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+. "$IPKG_INSTROOT/lib/functions.sh"
+. "$IPKG_INSTROOT/etc/nikki/scripts/include.sh"
+
+config_load nikki
+config_get_bool enabled "config" "enabled" 0
+config_get_bool core_only "config" "core_only" 0
+config_get_bool proxy_enabled "proxy" "enabled" 0 
+config_get tcp_mode "proxy" "tcp_mode"
+config_get udp_mode "proxy" "udp_mode"
+
+if [ "$enabled" = 1 ] && [ "$core_only" = 0 ] && [ "$proxy_enabled" = 1 ]; then
+	if [ "$tcp_mode" = "tun" ] || [ "$udp_mode" = "tun" ]; then
+		tun_device=$(yq -M '.tun.device' "$RUN_PROFILE_PATH")
+		nft insert rule inet fw4 input iifname "$tun_device" counter accept comment "nikki"
+		nft insert rule inet fw4 forward oifname "$tun_device" counter accept comment "nikki"
+		nft insert rule inet fw4 forward iifname "$tun_device" counter accept comment "nikki"
+	fi
+fi
+
+exit 0

nikki/files/scripts/include.sh

@@ -0,0 +1,90 @@
+#!/bin/sh
+
+# paths
+HOME_DIR="/etc/nikki"
+PROFILES_DIR="$HOME_DIR/profiles"
+SUBSCRIPTIONS_DIR="$HOME_DIR/subscriptions"
+MIXIN_FILE_PATH="$HOME_DIR/mixin.yaml"
+RUN_DIR="$HOME_DIR/run"
+RUN_PROFILE_PATH="$RUN_DIR/config.yaml"
+PROVIDERS_DIR="$RUN_DIR/providers"
+RULE_PROVIDERS_DIR="$PROVIDERS_DIR/rule"
+PROXY_PROVIDERS_DIR="$PROVIDERS_DIR/proxy"
+
+# log
+LOG_DIR="/var/log/nikki"
+APP_LOG_PATH="$LOG_DIR/app.log"
+CORE_LOG_PATH="$LOG_DIR/core.log"
+
+# temp
+TEMP_DIR="/var/run/nikki"
+PID_FILE_PATH="$TEMP_DIR/nikki.pid"
+STARTED_FLAG_PATH="$TEMP_DIR/started.flag"
+BRIDGE_NF_CALL_IPTABLES_FLAG_PATH="$TEMP_DIR/bridge_nf_call_iptables.flag"
+BRIDGE_NF_CALL_IP6TABLES_FLAG_PATH="$TEMP_DIR/bridge_nf_call_ip6tables.flag"
+
+# ucode
+UCODE_DIR="$HOME_DIR/ucode"
+INCLUDE_UC="$UCODE_DIR/include.uc"
+MIXIN_UC="$UCODE_DIR/mixin.uc"
+HIJACK_UT="$UCODE_DIR/hijack.ut"
+
+# scripts
+SH_DIR="$HOME_DIR/scripts"
+INCLUDE_SH="$SH_DIR/include.sh"
+FIREWALL_INCLUDE_SH="$SH_DIR/firewall_include.sh"
+
+# nftables
+NFT_DIR="$HOME_DIR/nftables"
+GEOIP_CN_NFT="$NFT_DIR/geoip_cn.nft"
+GEOIP6_CN_NFT="$NFT_DIR/geoip6_cn.nft"
+
+# functions
+format_filesize() {
+	local b; b=1
+	local kb; kb=$((b * 1024))
+	local mb; mb=$((kb * 1024))
+	local gb; gb=$((mb * 1024))
+	local tb; tb=$((gb * 1024))
+	local pb; pb=$((tb * 1024))
+	local size; size="$1"
+	if [ -n "$size" ]; then
+		if [ "$size" -lt "$kb" ]; then
+			echo "$(awk "BEGIN {print $size / $b}") B"
+		elif [ "$size" -lt "$mb" ]; then
+			echo "$(awk "BEGIN {print $size / $kb}") KB"
+		elif [ "$size" -lt "$gb" ]; then
+			echo "$(awk "BEGIN {print $size / $mb}") MB"
+		elif [ "$size" -lt "$tb" ]; then
+			echo "$(awk "BEGIN {print $size / $gb}") GB"
+		elif [ "$size" -lt "$pb" ]; then
+			echo "$(awk "BEGIN {print $size / $tb}") TB"
+		else
+			echo "$(awk "BEGIN {print $size / $pb}") PB"
+		fi
+	fi
+}
+
+prepare_files() {
+	if [ ! -d "$LOG_DIR" ]; then
+		mkdir -p "$LOG_DIR"
+	fi
+	if [ ! -f "$APP_LOG_PATH" ]; then
+		touch "$APP_LOG_PATH"
+	fi
+	if [ ! -f "$CORE_LOG_PATH" ]; then
+		touch "$CORE_LOG_PATH"
+	fi
+	if [ ! -d "$TEMP_DIR" ]; then
+		mkdir -p "$TEMP_DIR"
+	fi
+}
+
+clear_log() {
+	echo -n > "$APP_LOG_PATH"
+	echo -n > "$CORE_LOG_PATH"
+}
+
+log() {
+	echo "[$(date "+%Y-%m-%d %H:%M:%S")] [$1] $2" >> "$APP_LOG_PATH"
+}