From 0a65721937191e65bfa3bce60ce410db863537ca Mon Sep 17 00:00:00 2001 From: gitea-action Date: Thu, 21 Nov 2024 00:00:20 +0800 Subject: [PATCH] luci-app-passwall: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall/commit/d0e38a8e0ccd255d83a7070813bce627624442c9 --- luci-app-passwall/Makefile | 2 +- .../share/passwall/helper_chinadns_add.lua | 195 +++++++++--------- patch-luci-app-passwall.patch | 2 +- 3 files changed, 104 insertions(+), 95 deletions(-) diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index b88a877d7..3254f3cd9 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=24.11.18 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \ diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index 9622d268e..361d29bec 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -87,7 +87,7 @@ if not fs.access(TMP_ACL_PATH) then fs.mkdir(TMP_ACL_PATH, 493) end -local setflag= (NFTFLAG == "1") and "inet@passwall@" or "" +local setflag = (NFTFLAG == "1") and "inet@passwall@" or "" config_lines = { --"verbose", @@ -98,75 +98,59 @@ config_lines = { "filter-qtype 65" } ---内置组(chn/gfw)优先级在自定义组后 ---GFW列表 -if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then - tmp_lines = { - "gfwlist-file " .. RULES_PATH .. "/gfwlist", - "add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6" - } - merge_array(config_lines, tmp_lines) - if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:gfw") end - log(string.format(" - 防火墙域名表(gfwlist):%s", DNS_TRUST or "默认")) -end - ---中国列表 -if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then - if CHNLIST == "direct" then - tmp_lines = { - "chnlist-file " .. RULES_PATH .. "/chnlist", - "ipset-name4 " .. setflag .. "passwall_chnroute", - "ipset-name6 " .. setflag .. "passwall_chnroute6", - "add-tagchn-ip", - "chnlist-first" - } - merge_array(config_lines, tmp_lines) - log(string.format(" - 中国域名表(chnroute):%s", DNS_LOCAL or "默认")) - end - - --回中国模式 - if CHNLIST == "proxy" then - tmp_lines = { - "group chn_proxy", - "group-dnl " .. RULES_PATH .. "/chnlist", - "group-upstream " .. DNS_TRUST, - "group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6" - } - merge_array(config_lines, tmp_lines) - if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:chn_proxy") end - log(string.format(" - 中国域名表(chnroute):%s", DNS_TRUST or "默认")) - end +for i = 1, 6 do + table.insert(config_lines, "#--" .. i) end --自定义规则组,后声明的组具有更高优先级 ---代理(黑名单)列表 -local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" -if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 - local proxy_domain, lookup_proxy_domain = {}, {} - for line in io.lines(RULES_PATH .. "/proxy_host") do +--屏蔽列表 +local file_block_host = TMP_ACL_PATH .. "/block_host" +if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗 + local block_domain, lookup_block_domain = {}, {} + for line in io.lines(RULES_PATH .. "/block_host") do line = api.get_std_domain(line) if line ~= "" and not line:find("#") then - insert_unique(proxy_domain, line, lookup_proxy_domain) + insert_unique(block_domain, line, lookup_block_domain) end end - if #proxy_domain > 0 then - local f_out = io.open(file_proxy_host, "w") - for i = 1, #proxy_domain do - f_out:write(proxy_domain[i] .. "\n") + if #block_domain > 0 then + local f_out = io.open(file_block_host, "w") + for i = 1, #block_domain do + f_out:write(block_domain[i] .. "\n") end f_out:close() end end -if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then +if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then tmp_lines = { - "group proxylist", - "group-dnl " .. file_proxy_host, - "group-upstream " .. DNS_TRUST, - "group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6" + "group null", + "group-dnl " .. file_block_host } - merge_array(config_lines, tmp_lines) - if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:proxylist") end - log(string.format(" - 代理域名表(blacklist):%s", DNS_TRUST or "默认")) + insert_array_after(config_lines, tmp_lines, "#--5") +end + +--始终用国内DNS解析节点域名 +local file_vpslist = TMP_ACL_PATH .. "/vpslist" +if not is_file_nonzero(file_vpslist) then + local f_out = io.open(file_vpslist, "w") + uci:foreach(appname, "nodes", function(t) + local address = t.address + if address == "engage.cloudflareclient.com" then return end + if datatypes.hostname(address) then + f_out:write(address .. "\n") + end + end) + f_out:close() +end +if is_file_nonzero(file_vpslist) then + tmp_lines = { + "group vpslist", + "group-dnl " .. file_vpslist, + "group-upstream " .. DNS_LOCAL, + "group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6" + } + insert_array_after(config_lines, tmp_lines, "#--6") + log(string.format(" - 节点列表中的域名(vpslist):%s", DNS_LOCAL or "默认")) end --直连(白名单)列表 @@ -194,55 +178,78 @@ if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then "group-upstream " .. DNS_LOCAL, "group-ipset " .. setflag .. "passwall_whitelist," .. setflag .. "passwall_whitelist6" } - merge_array(config_lines, tmp_lines) + insert_array_after(config_lines, tmp_lines, "#--4") log(string.format(" - 域名白名单(whitelist):%s", DNS_LOCAL or "默认")) end ---屏蔽列表 -local file_block_host = TMP_ACL_PATH .. "/block_host" -if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗 - local block_domain, lookup_block_domain = {}, {} - for line in io.lines(RULES_PATH .. "/block_host") do +--代理(黑名单)列表 +local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" +if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 + local proxy_domain, lookup_proxy_domain = {}, {} + for line in io.lines(RULES_PATH .. "/proxy_host") do line = api.get_std_domain(line) if line ~= "" and not line:find("#") then - insert_unique(block_domain, line, lookup_block_domain) + insert_unique(proxy_domain, line, lookup_proxy_domain) end end - if #block_domain > 0 then - local f_out = io.open(file_block_host, "w") - for i = 1, #block_domain do - f_out:write(block_domain[i] .. "\n") + if #proxy_domain > 0 then + local f_out = io.open(file_proxy_host, "w") + for i = 1, #proxy_domain do + f_out:write(proxy_domain[i] .. "\n") end f_out:close() end end -if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then - table.insert(config_lines, "group null") - table.insert(config_lines, "group-dnl " .. file_block_host) +if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then + tmp_lines = { + "group proxylist", + "group-dnl " .. file_proxy_host, + "group-upstream " .. DNS_TRUST, + "group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6" + } + if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:proxylist") end + insert_array_after(config_lines, tmp_lines, "#--3") + log(string.format(" - 代理域名表(blacklist):%s", DNS_TRUST or "默认")) end ---始终用国内DNS解析节点域名 -local file_vpslist = TMP_ACL_PATH .. "/vpslist" -if not is_file_nonzero(file_vpslist) then - local f_out = io.open(file_vpslist, "w") - uci:foreach(appname, "nodes", function(t) - local address = t.address - if address == "engage.cloudflareclient.com" then return end - if datatypes.hostname(address) then - f_out:write(address .. "\n") - end - end) - f_out:close() -end -if is_file_nonzero(file_vpslist) then +--内置组(chn/gfw)优先级在自定义组后 +--GFW列表 +if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then tmp_lines = { - "group vpslist", - "group-dnl " .. file_vpslist, - "group-upstream " .. DNS_LOCAL, - "group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6" + "gfwlist-file " .. RULES_PATH .. "/gfwlist", + "add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6" } + if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:gfw") end merge_array(config_lines, tmp_lines) - log(string.format(" - 节点列表中的域名(vpslist):%s", DNS_LOCAL or "默认")) + log(string.format(" - 防火墙域名表(gfwlist):%s", DNS_TRUST or "默认")) +end + +--中国列表 +if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then + if CHNLIST == "direct" then + tmp_lines = { + "chnlist-file " .. RULES_PATH .. "/chnlist", + "ipset-name4 " .. setflag .. "passwall_chnroute", + "ipset-name6 " .. setflag .. "passwall_chnroute6", + "add-tagchn-ip", + "chnlist-first" + } + merge_array(config_lines, tmp_lines) + log(string.format(" - 中国域名表(chnroute):%s", DNS_LOCAL or "默认")) + end + + --回中国模式 + if CHNLIST == "proxy" then + tmp_lines = { + "group chn_proxy", + "group-dnl " .. RULES_PATH .. "/chnlist", + "group-upstream " .. DNS_TRUST, + "group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6" + } + if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:chn_proxy") end + insert_array_after(config_lines, tmp_lines, "#--1") + log(string.format(" - 中国域名表(chnroute):%s", DNS_TRUST or "默认")) + end end --分流规则 @@ -324,8 +331,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then "group-ipset " .. setflag .. "passwall_shuntlist," .. setflag .. "passwall_shuntlist6" } if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:shuntlist") end - -- 在 "filter-qtype 65" 后插入 tmp_lines (shuntlist在自定义组中优先级最低) - insert_array_after(config_lines, tmp_lines, "filter-qtype 65") + insert_array_after(config_lines, tmp_lines, "#--2") end end @@ -368,7 +374,10 @@ end --输出配置文件 if #config_lines > 0 then for i = 1, #config_lines do - print(config_lines[i]) + line = config_lines[i] + if line ~= "" and not line:find("^#--") then + print(line) + end end end diff --git a/patch-luci-app-passwall.patch b/patch-luci-app-passwall.patch index 6bee7222f..f44c5c21c 100644 --- a/patch-luci-app-passwall.patch +++ b/patch-luci-app-passwall.patch @@ -1,5 +1,5 @@ diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile -index 5f06c23..b88a877 100644 +index 7f75bcc..3254f3c 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -171,7 +171,6 @@ define Package/$(PKG_NAME)/conffiles