passwall : optimize

Author: Lienol

lienol/luci-app-passwall/Makefile

@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=3.3
-PKG_RELEASE:=35-20200123
+PKG_RELEASE:=36-20200124
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 

lienol/luci-app-passwall/root/etc/config/passwall

@@ -22,7 +22,7 @@ config global_delay
 
 config global_forwarding
 	option udp_redir_ports '1:65535'
-	option tcp_redir_ports '80,443'
+	option tcp_redir_ports '1:65535'
 	option process '1'
 
 config global_proxy

lienol/luci-app-passwall/root/etc/config/passwall_rule/blacklist_host

@@ -1,4 +1,5 @@
 formyip.com
-myepisodecalendar.com
-subhd.com
-msi.com
+msi.com
+github.com
+github.io
+githubusercontent.com

lienol/luci-app-passwall/root/etc/config/passwall_rule/router

@@ -1,7 +1,8 @@
 google.com
 youtube.com
 github.com
-raw.githubusercontent.com
+github.io
+githubusercontent.com
 github-production-release-asset-2e65be.s3.amazonaws.com
 openwrt.proxy.ustclug.org
 easylist-downloads.adblockplus.org

lienol/luci-app-passwall/root/usr/share/passwall/app.sh

@@ -23,7 +23,7 @@ APP_PATH=/usr/share/$CONFIG
 TMP_DNSMASQ_PATH=/var/etc/dnsmasq-passwall.d
 DNSMASQ_PATH=/etc/dnsmasq.d
 RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
-lanip=$(uci get network.lan.ipaddr)
+lanip=$(uci -q get network.lan.ipaddr)
 DNS_PORT=7913
 API_GEN_V2RAY=/usr/lib/lua/luci/model/cbi/passwall/api/gen_v2ray_client_config_file.lua
 API_GEN_TROJAN=/usr/lib/lua/luci/model/cbi/passwall/api/gen_trojan_client_config_file.lua
@@ -48,14 +48,14 @@ find_bin() {
 }
 
 config_n_get() {
-	local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null)
 	echo ${ret:=$3}
 }
 
 config_t_get() {
 	local index=0
 	[ -n "$4" ] && index=$4
-	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
 	echo ${ret:=$3}
 }
 
@@ -78,10 +78,10 @@ get_host_ip() {
 	if [ -z "$isip" ]; then
 		vpsrip=""
 		if [ "$use_ipv6" == "1" ]; then
-			vpsrip=$(resolveip -6 -t 2 $host | awk 'NR==1{print}')
+			vpsrip=$(resolveip -6 -t 3 $host | awk 'NR==1{print}')
 			[ -z "$vpsrip" ] && vpsrip=$(dig @208.67.222.222 $host AAAA 2>/dev/null | grep 'IN' | awk -F ' ' '{print $5}' | grep -E "([a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7})" | head -n1)
 		else
-			vpsrip=$(resolveip -4 -t 2 $host | awk 'NR==1{print}')
+			vpsrip=$(resolveip -4 -t 3 $host | awk 'NR==1{print}')
 			[ -z "$vpsrip" ] && vpsrip=$(dig @208.67.222.222 $host 2>/dev/null | grep 'IN' | awk -F ' ' '{print $5}' | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | head -n1)
 		fi
 		ip=$vpsrip
@@ -94,11 +94,11 @@ check_port_exists() {
 	protocol=$2
 	result=
 	if [ "$protocol" = "tcp" ]; then
-		result=$(netstat -tlpn | grep "\<$port\>")
+		result=$(netstat -tln | grep -c ":$port")
 	elif [ "$protocol" = "udp" ]; then
-		result=$(netstat -ulpn | grep "\<$port\>")
+		result=$(netstat -uln | grep -c ":$port")
 	fi
-	if [ -n "$result" ]; then
+	if [ "$result" = 1 ]; then
 		echo 1
 	else
 		echo 0
@@ -805,7 +805,7 @@ add_dnsmasq() {
 	# sed -i '/except-interface/d' /etc/dnsmasq.conf >/dev/null 2>&1 &
 	# for wanname in $(cat /var/state/network |grep pppoe|awk -F '.' '{print $2}')
 	# do
-	# echo "except-interface=$(uci get network.$wanname.ifname)" >>/etc/dnsmasq.conf
+	# echo "except-interface=$(uci -q get network.$wanname.ifname)" >>/etc/dnsmasq.conf
 	# done
 	# fi
 

lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh

@@ -244,12 +244,14 @@ add_firewall_rule() {
 	$iptables_nat -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
 	$iptables_nat -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	$iptables_nat -N PSW_ACL
+	$iptables_nat -N PSW_OUTPUT
 
 	$iptables_mangle -N PSW
 	$iptables_mangle -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
 	$iptables_mangle -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
 	$iptables_mangle -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	$iptables_mangle -N PSW_ACL
+	$iptables_mangle -N PSW_OUTPUT
 
 	if [[ "$TCP_NODE_NUM" -ge 1 ]] || [[ "$UDP_NODE_NUM" -ge 1 ]]; then
 		local max_num=1
@@ -322,7 +324,7 @@ add_firewall_rule() {
 
 					# 用于本机流量转发，默认只走router
 					$iptables_mangle -A PSW -s $lan_ip -p tcp $(dst $IPSET_ROUTER) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
-					$iptables_mangle -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) $iptables_comment -j MARK --set-mark 1
+					$iptables_mangle -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
 				else
 					# 全局模式
 					$iptables_nat -A PSW_GLO$k -p tcp -j REDIRECT --to-ports $local_port
@@ -382,27 +384,27 @@ add_firewall_rule() {
 							fi
 							$iptables_nat -I PREROUTING $PR_INDEX -j PSW
 						fi
-						# 用于本机流量转发，默认只走router
-						#$iptables_nat -I OUTPUT -j PSW
-						$iptables_nat -A OUTPUT $(dst $IPSET_LANIPLIST) $iptables_comment -j RETURN
+						# 用于本机流量转发
+						$iptables_nat -A OUTPUT -j PSW_OUTPUT
+						$iptables_nat -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
 						[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
 							for dns in $DNS_FORWARD
 							do
 								local dns_ip=$(echo $dns | awk -F "#" '{print $1}')
 								local dns_port=$(echo $dns | awk -F "#" '{print $2}')
 								[ -z "$dns_port" ] && dns_port=53
-								$iptables_nat -A OUTPUT -p tcp -d $dns_ip --dport $dns_port $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
+								$iptables_nat -A PSW_OUTPUT -p tcp -d $dns_ip --dport $dns_port -j REDIRECT --to-ports $TCP_REDIR_PORT1
 							done
 						}
-						$iptables_nat -A OUTPUT $(dst $IPSET_VPSIPLIST) $iptables_comment -j RETURN
-						$iptables_nat -A OUTPUT $(dst $IPSET_WHITELIST) $iptables_comment -j RETURN
-						$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
-						$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
+						$iptables_nat -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+						$iptables_nat -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
+						$iptables_nat -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j REDIRECT --to-ports $TCP_REDIR_PORT1
+						$iptables_nat -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $TCP_REDIR_PORT1
 
-						[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
-						[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_GFW) $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
+						[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_nat -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -j REDIRECT --to-ports $TCP_REDIR_PORT1
+						[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_nat -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_GFW) -j REDIRECT --to-ports $TCP_REDIR_PORT1
 						[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
-							$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst $iptables_comment -j REDIRECT --to-ports $TCP_REDIR_PORT1
+							$iptables_nat -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j REDIRECT --to-ports $TCP_REDIR_PORT1
 						}
 					}
 					# 重定所有流量到透明代理端口
@@ -467,27 +469,28 @@ add_firewall_rule() {
 				$iptables_mangle -A PSW_GAME$k -p udp $(dst $IPSET_CHN) -j RETURN
 				$iptables_mangle -A PSW_GAME$k -p udp -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
 
-				# 用于本机流量转发，默认只走router
-				$iptables_mangle -A OUTPUT -p udp $(dst $IPSET_LANIPLIST) $iptables_comment -j RETURN
+				# 用于本机流量转发
+				$iptables_mangle -A OUTPUT -j PSW_OUTPUT
+				$iptables_mangle -A PSW_OUTPUT -p udp $(dst $IPSET_LANIPLIST) -j RETURN
 				[ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
 					for dns in $DNS_FORWARD
 					do
 						local dns_ip=$(echo $dns | awk -F "#" '{print $1}')
 						local dns_port=$(echo $dns | awk -F "#" '{print $2}')
 						[ -z "$dns_port" ] && dns_port=53
-						$iptables_mangle -A OUTPUT -p udp -d $dns_ip --dport $dns_port $iptables_comment -j MARK --set-mark 1
-						$iptables_mangle -I PSW 2 -p udp -d $dns_ip --dport $dns_port $iptables_comment -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
+						$iptables_mangle -A PSW_OUTPUT -p udp -d $dns_ip --dport $dns_port -j MARK --set-mark 1
+						$iptables_mangle -I PSW 2 -p udp -d $dns_ip --dport $dns_port -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
 					done
 				}
-				$iptables_mangle -A OUTPUT -p udp $(dst $IPSET_VPSIPLIST) $iptables_comment -j RETURN
-				$iptables_mangle -A OUTPUT -p udp $(dst $IPSET_WHITELIST) $iptables_comment -j RETURN
-				$iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_ROUTER) $iptables_comment -j MARK --set-mark 1
-				$iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) $iptables_comment -j MARK --set-mark 1
+				$iptables_mangle -A PSW_OUTPUT -p udp $(dst $IPSET_VPSIPLIST) -j RETURN
+				$iptables_mangle -A PSW_OUTPUT -p udp $(dst $IPSET_WHITELIST) -j RETURN
+				$iptables_mangle -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
+				$iptables_mangle -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1
 
-				[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $iptables_comment -j MARK --set-mark 1
-				[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) $iptables_comment -j MARK --set-mark 1
+				[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_mangle -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
+				[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_mangle -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
 				[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
-					$iptables_mangle -A OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst $iptables_comment -j MARK --set-mark 1
+					$iptables_mangle -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
 				}
 
 				echolog "IPv4 防火墙UDP转发规则加载完成！"
@@ -505,9 +508,9 @@ add_firewall_rule() {
 			local ip=$(echo $balancing_node | awk -F ":" '{print $1}')
 			local port=$(echo $balancing_node | awk -F ":" '{print $2}')
 			$iptables_nat -I PSW 2 -p tcp -d $ip --dport $port -j RETURN
-			$iptables_nat -I OUTPUT 2 -p tcp -d $ip --dport $port $iptables_comment -j RETURN
+			$iptables_nat -I PSW_OUTPUT 2 -p tcp -d $ip --dport $port -j RETURN
 			$iptables_mangle -I PSW 2 -p udp -d $ip --dport $port -j RETURN
-			$iptables_mangle -I OUTPUT 2 -p udp -d $ip --dport $port $iptables_comment -j RETURN
+			$iptables_mangle -I PSW_OUTPUT 2 -p udp -d $ip --dport $port -j RETURN
 		done
 	fi
 
@@ -534,30 +537,6 @@ add_firewall_rule() {
 
 del_firewall_rule() {
 	echolog "删除所有防火墙规则..."
-	ipv4_output_exist=$($iptables_nat -L OUTPUT 2>/dev/null | grep -c -E "PassWall")
-	[ -n "$ipv4_output_exist" ] && {
-		until [ "$ipv4_output_exist" = 0 ]; do
-			rules=$($iptables_nat -L OUTPUT --line-numbers | grep -E "PassWall" | awk '{print $1}')
-			for rule in $rules; do
-				$iptables_nat -D OUTPUT $rule 2>/dev/null
-				break
-			done
-			ipv4_output_exist=$(expr $ipv4_output_exist - 1)
-		done
-	}
-	
-	ipv4_output_exist=$($iptables_mangle -L OUTPUT 2>/dev/null | grep -c -E "PassWall")
-	[ -n "$ipv4_output_exist" ] && {
-		until [ "$ipv4_output_exist" = 0 ]; do
-			rules=$($iptables_mangle -L OUTPUT --line-numbers | grep -E "PassWall" | awk '{print $1}')
-			for rule in $rules; do
-				$iptables_mangle -D OUTPUT $rule 2>/dev/null
-				break
-			done
-			ipv4_output_exist=$(expr $ipv4_output_exist - 1)
-		done
-	}
-
 	ipv6_output_ss_exist=$($ip6tables_nat -L OUTPUT 2>/dev/null | grep -c "PSW")
 	[ -n "$ipv6_output_ss_exist" ] && {
 		until [ "$ipv6_output_ss_exist" = 0 ]; do
@@ -571,16 +550,22 @@ del_firewall_rule() {
 	}
 
 	$iptables_nat -D PREROUTING -j PSW 2>/dev/null
+	$iptables_nat -D OUTPUT -j PSW_OUTPUT 2>/dev/null
 	$iptables_nat -F PSW 2>/dev/null && $iptables_nat -X PSW 2>/dev/null
 	$iptables_nat -F PSW_ACL 2>/dev/null && $iptables_nat -X PSW_ACL 2>/dev/null
+	$iptables_nat -F PSW_OUTPUT 2>/dev/null && $iptables_nat -X PSW_OUTPUT 2>/dev/null
 
-	$iptables_mangle -D PREROUTING -j PSW$k 2>/dev/null
+	$iptables_mangle -D PREROUTING -j PSW 2>/dev/null
+	$iptables_mangle -D OUTPUT -j PSW_OUTPUT 2>/dev/null
 	$iptables_mangle -F PSW 2>/dev/null && $iptables_mangle -X PSW 2>/dev/null
 	$iptables_mangle -F PSW_ACL 2>/dev/null && $iptables_mangle -X PSW_ACL 2>/dev/null
+	$iptables_mangle -F PSW_OUTPUT 2>/dev/null && $iptables_mangle -X PSW_OUTPUT 2>/dev/null
 
 	$ip6tables_nat -D PREROUTING -j PSW 2>/dev/null
+	$ip6tables_nat -D OUTPUT -j PSW_OUTPUT 2>/dev/null
 	$ip6tables_nat -F PSW 2>/dev/null && $ip6tables_nat -X PSW 2>/dev/null
 	$ip6tables_nat -F PSW_ACL 2>/dev/null && $ip6tables_nat -X PSW_ACL 2>/dev/null
+	$ip6tables_nat -F PSW_OUTPUT 2>/dev/null && $ip6tables_nat -X PSW_OUTPUT 2>/dev/null
 
 	local max_num=5
 	if [ "$max_num" -ge 1 ]; then

lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh

@@ -4,14 +4,14 @@ CONFIG=passwall
 CONFIG_PATH=/var/etc/$CONFIG
 
 config_n_get() {
-	local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null)
 	echo ${ret:=$3}
 }
 
 config_t_get() {
 	local index=0
 	[ -n "$4" ] && index=$4
-	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
 	echo ${ret:=$3}
 }
 

lienol/luci-app-passwall/root/usr/share/passwall/rule_update.sh

@@ -15,9 +15,9 @@ if [ -n "$update" ]; then
 	[ -n "$(echo $update | grep "chnroute_update")" ] && chnroute_update=1
 	[ -n "$(echo $update | grep "chnlist_update")" ] && chnlist_update=1
 else
-	gfwlist_update=$(uci get $CONFIG.@global_rules[0].gfwlist_update)
-	chnroute_update=$(uci get $CONFIG.@global_rules[0].chnroute_update)
-	chnlist_update=$(uci get $CONFIG.@global_rules[0].chnlist_update)
+	gfwlist_update=$(uci -q get $CONFIG.@global_rules[0].gfwlist_update)
+	chnroute_update=$(uci -q get $CONFIG.@global_rules[0].chnroute_update)
+	chnlist_update=$(uci -q get $CONFIG.@global_rules[0].chnlist_update)
 fi
 
 if [ "$gfwlist_update" == 0 -a "$chnroute_update" == 0 -a "$chnlist_update" == 0 ]; then
@@ -29,7 +29,7 @@ uci_get_by_type() {
 	if [ -n $4 ]; then
 		index=$4
 	fi
-	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
 	echo ${ret:=$3}
 }
 

lienol/luci-app-passwall/root/usr/share/passwall/subscription.sh

@@ -11,7 +11,7 @@ LOG_FILE=/var/log/$CONFIG.log
 config_t_get() {
 	local index=0
 	[ -n "$3" ] && index=$3
-	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
 	#echo ${ret:=$3}
 	echo $ret
 }
@@ -413,7 +413,7 @@ del_config(){
 		[ "`cat /usr/share/${CONFIG}/sub/all_onlinenodes |grep -c "$localaddress"`" -eq 0 ] && {
 			for localindex in $(uci show $CONFIG | grep -w "$localaddress" | grep -w "address=" |cut -d '[' -f2|cut -d ']' -f1)
 			do
-				del_type=$(uci get $CONFIG.@nodes[$localindex].type)
+				del_type=$(uci -q get $CONFIG.@nodes[$localindex].type)
 				uci delete $CONFIG.@nodes[$localindex]
 				uci commit $CONFIG
 				if [ "$del_type" == "SS" ]; then
@@ -434,17 +434,20 @@ del_config(){
 del_all_config(){
 	get_node_index
 	[ "`uci show $CONFIG | grep -c 'is_sub'`" -eq 0 ] && exit 0
-	TCP_NODE_NUM=$(uci get $CONFIG.@global_other[0].tcp_node_num)
+	TCP_NODE_NUM=$(uci -q get $CONFIG.@global_other[0].tcp_node_num)
+	[ -z "$TCP_NODE_NUM" ] && TCP_NODE_NUM=1
 	for i in $(seq 1 $TCP_NODE_NUM); do
 		eval TCP_NODE$i=$(config_t_get global tcp_node$i)
 	done
 
-	UDP_NODE_NUM=$(uci get $CONFIG.@global_other[0].udp_node_num)
+	UDP_NODE_NUM=$(uci -q get $CONFIG.@global_other[0].udp_node_num)
+	[ -z "$UDP_NODE_NUM" ] && UDP_NODE_NUM=1
 	for i in $(seq 1 $UDP_NODE_NUM); do
 		eval UDP_NODE$i=$(config_t_get global udp_node$i)
 	done
 
-	SOCKS5_NODE_NUM=$(uci get $CONFIG.@global_other[0].socks5_node_num)
+	SOCKS5_NODE_NUM=$(uci -q get $CONFIG.@global_other[0].socks5_node_num)
+	[ -z "$SOCKS5_NODE_NUM" ] && SOCKS5_NODE_NUM=1
 	for i in $(seq 1 $SOCKS5_NODE_NUM); do
 		eval SOCKS5_NODE$i=$(config_t_get global socks5_node$i)
 	done

lienol/luci-app-passwall/root/usr/share/passwall/test.sh

@@ -56,7 +56,7 @@ test_auto_switch() {
 			let "failcount++"
 			[ "$failcount" -ge 5 ] && {
 				echolog "自动切换检测：检测异常，切换节点"
-				TCP_NODES=$(uci get $CONFIG.@auto_switch[0].tcp_node)
+				TCP_NODES=$(uci -q get $CONFIG.@auto_switch[0].tcp_node)
 				has_backup_server=$(echo $TCP_NODES | grep $TCP_NODES1)
 				setserver=
 				if [ -z "$has_backup_server" ]; then