将iptables替换为nftables

Makefile

@@ -6,14 +6,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-kcptun
-PKG_VERSION:=1.5.3
+PKG_VERSION:=1.5.4
 PKG_RELEASE:=1
 
 PKG_LICENSE:=Apache-2.0
 PKG_MAINTAINER:=Xingwang Liao <[email protected]>
 
 LUCI_TITLE:=LuCI support for Kcptun
-LUCI_DEPENDS:=+jshn +iptables +iptables-mod-tproxy
+LUCI_DEPENDS:=+jshn
 LUCI_PKGARCH:=all
 
 define Package/$(PKG_NAME)/conffiles

README.md

@@ -2,13 +2,15 @@
 
 Luci support for kcptun
 
+该项目 fork自 https://github.com/kuoruan/luci-app-kcptun
+
 OpenWrt/LEDE 上的 Kcptun Luci 支持界面
 
-[![Release Version](https://img.shields.io/github/release/kuoruan/luci-app-kcptun.svg)](https://github.com/kuoruan/luci-app-kcptun/releases/latest) [![Latest Release Download](https://img.shields.io/github/downloads/kuoruan/luci-app-kcptun/latest/total.svg)](https://github.com/kuoruan/luci-app-kcptun/releases/latest)
+[![Release Version](https://img.shields.io/github/release/nautiluschan/luci-app-kcptun.svg)](https://github.com/nautiluschan/luci-app-kcptun/releases/latest) [![Latest Release Download](https://img.shields.io/github/downloads/nautiluschan/luci-app-kcptun/latest/total.svg)](https://github.com/nautiluschan/luci-app-kcptun/releases/latest)
 
 ## 安装说明
 
-1. 到 [release](https://github.com/kuoruan/luci-app-kcptun/releases) 页面下载最新版 luci-app-kcptun 和 luci-i18n-kcptun-zh-cn (简体中文翻译文件)
+1. 到 [release](https://github.com/nautiluschan/luci-app-kcptun/releases) 页面下载最新版 luci-app-kcptun 和 luci-i18n-kcptun-zh-cn (简体中文翻译文件)
 2. 将下载好的 ipk 文件上传到路由器任意目录下, 如 /tmp
 3. 先安装 luci-app-kcptun 再安装 luci-i18n-kcptun-zh-cn
 

root/etc/init.d/kcptun

@@ -20,6 +20,7 @@ USE_PROCD=1
 
 KCPTUN=kcptun
 CONFIG_FOLDER=/var/etc/$KCPTUN
+KCPTUN_NFT_RULES=/etc/nftables.d/S99kcptun.nft
 
 if [ -r /usr/share/libubox/jshn.sh ]; then
 	. /usr/share/libubox/jshn.sh
@@ -82,20 +83,25 @@ gen_client_config_file() {
 	json_dump -i >"$config_file"
 }
 
-add_iptables_rule() {
+add_nftables_rule() {
 	local port="$1"
-
-	iptables-restore --noflush <<-EOF 2>/dev/null
-		*nat
-		:KCPTUN -
-		-A KCPTUN -p tcp --dport $port -j ACCEPT
-		-A INPUT -p tcp -j KCPTUN
-		COMMIT
-	EOF
+	cat > "$KCPTUN_NFT_RULES" <<-EOF
+	chain INPUT {
+	                type nat hook input priority 100; policy accept;
+	                ip protocol tcp counter packets 0 bytes 0 jump KCPTUN
+	        }
+	chain KCPTUN {
+	                tcp dport "$port" counter packets 0 bytes 0 accept
+	        }
+EOF
+	fw4 reload
 }
 
-clear_iptables_rule() {
-	iptables-save --counters | grep -vi "KCPTUN" | iptables-restore --counters
+clear_nftables_rule() {
+	if [ -f "$KCPTUN_NFT_RULES" ]; then
+		rm -f "$KCPTUN_NFT_RULES"
+		fw4 reload
+	fi
 }
 
 validate_config_section() {
@@ -204,7 +210,7 @@ start_kcptun_instance() {
 		return 1
 	fi
 
-	add_iptables_rule "$listen_port"
+	add_nftables_rule "$listen_port"
 
 	procd_open_instance
 	procd_set_param command "$client_file"
@@ -236,12 +242,12 @@ service_triggers() {
 }
 
 start_service() {
-	clear_iptables_rule
+	clear_nftables_rule
 
 	config_load "$KCPTUN"
 	config_foreach start_kcptun_instance "general"
 }
 
 stop_service() {
-	clear_iptables_rule
-}
+	clear_nftables_rule
+}