luci-app-passwall: sync upstream

last commit: d0e38a8e0c

luci-app-passwall/Makefile

@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=24.11.18
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \

luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua

@@ -87,7 +87,7 @@ if not fs.access(TMP_ACL_PATH) then
 	fs.mkdir(TMP_ACL_PATH, 493)
 end
 
-local setflag= (NFTFLAG == "1") and "inet@passwall@" or ""
+local setflag = (NFTFLAG == "1") and "inet@passwall@" or ""
 
 config_lines = {
 	--"verbose",
@@ -98,75 +98,59 @@ config_lines = {
 	"filter-qtype 65"
 }
 
---内置组(chn/gfw)优先级在自定义组后
+for i = 1, 6 do
---GFW列表
+	table.insert(config_lines, "#--" .. i)
-if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then
-	tmp_lines = {
-		"gfwlist-file " .. RULES_PATH .. "/gfwlist",
-		"add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6"
-	}
-	merge_array(config_lines, tmp_lines)
-	if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:gfw") end
-	log(string.format("  - 防火墙域名表(gfwlist)：%s", DNS_TRUST or "默认"))
-end
-
---中国列表
-if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then
-	if CHNLIST == "direct" then
-		tmp_lines = {
-			"chnlist-file " .. RULES_PATH .. "/chnlist",
-			"ipset-name4 " .. setflag .. "passwall_chnroute",
-			"ipset-name6 " .. setflag .. "passwall_chnroute6",
-			"add-tagchn-ip",
-			"chnlist-first"
-		}
-		merge_array(config_lines, tmp_lines)
-		log(string.format("  - 中国域名表(chnroute)：%s", DNS_LOCAL or "默认"))
-	end
-
-	--回中国模式
-	if CHNLIST == "proxy" then
-		tmp_lines = {
-			"group chn_proxy",
-			"group-dnl " .. RULES_PATH .. "/chnlist",
-			"group-upstream " .. DNS_TRUST,
-			"group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6"
-		}
-		merge_array(config_lines, tmp_lines)
-		if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:chn_proxy") end
-		log(string.format("  - 中国域名表(chnroute)：%s", DNS_TRUST or "默认"))
-	end
 end
 
 --自定义规则组，后声明的组具有更高优先级
---代理（黑名单）列表
+--屏蔽列表
-local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
+local file_block_host = TMP_ACL_PATH .. "/block_host"
-if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then   --对自定义列表进行清洗
+if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then   --对自定义列表进行清洗
-	local proxy_domain, lookup_proxy_domain = {}, {}
+	local block_domain, lookup_block_domain = {}, {}
-	for line in io.lines(RULES_PATH .. "/proxy_host") do
+	for line in io.lines(RULES_PATH .. "/block_host") do
 		line = api.get_std_domain(line)
 		if line ~= "" and not line:find("#") then
-			insert_unique(proxy_domain, line, lookup_proxy_domain)
+			insert_unique(block_domain, line, lookup_block_domain)
 		end
 	end
-	if #proxy_domain > 0 then
+	if #block_domain > 0 then
-		local f_out = io.open(file_proxy_host, "w")
+		local f_out = io.open(file_block_host, "w")
-		for i = 1, #proxy_domain do
+		for i = 1, #block_domain do
-			f_out:write(proxy_domain[i] .. "\n")
+			f_out:write(block_domain[i] .. "\n")
 		end
 		f_out:close()
 	end
 end
-if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
+if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
 	tmp_lines = {
-		"group proxylist",
+		"group null",
-		"group-dnl " .. file_proxy_host,
+		"group-dnl " .. file_block_host
-		"group-upstream " .. DNS_TRUST,
-		"group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6"
 	}
-	merge_array(config_lines, tmp_lines)
+	insert_array_after(config_lines, tmp_lines, "#--5")
-	if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:proxylist") end
+end
-	log(string.format("  - 代理域名表(blacklist)：%s", DNS_TRUST or "默认"))
+
+--始终用国内DNS解析节点域名
+local file_vpslist = TMP_ACL_PATH .. "/vpslist"
+if not is_file_nonzero(file_vpslist) then
+	local f_out = io.open(file_vpslist, "w")
+	uci:foreach(appname, "nodes", function(t)
+		local address = t.address
+		if address == "engage.cloudflareclient.com" then return end
+		if datatypes.hostname(address) then
+			f_out:write(address .. "\n")
+		end
+	end)
+	f_out:close()
+end
+if is_file_nonzero(file_vpslist) then
+	tmp_lines = {
+		"group vpslist",
+		"group-dnl " .. file_vpslist,
+		"group-upstream " .. DNS_LOCAL,
+		"group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6"
+	}
+	insert_array_after(config_lines, tmp_lines, "#--6")
+	log(string.format("  - 节点列表中的域名(vpslist)：%s", DNS_LOCAL or "默认"))
 end
 
 --直连（白名单）列表
@@ -194,55 +178,78 @@ if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
 		"group-upstream " .. DNS_LOCAL,
 		"group-ipset " .. setflag .. "passwall_whitelist," .. setflag .. "passwall_whitelist6"
 	}
-	merge_array(config_lines, tmp_lines)
+	insert_array_after(config_lines, tmp_lines, "#--4")
 	log(string.format("  - 域名白名单(whitelist)：%s", DNS_LOCAL or "默认"))
 end
 
---屏蔽列表
+--代理（黑名单）列表
-local file_block_host = TMP_ACL_PATH .. "/block_host"
+local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
-if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then   --对自定义列表进行清洗
+if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then   --对自定义列表进行清洗
-	local block_domain, lookup_block_domain = {}, {}
+	local proxy_domain, lookup_proxy_domain = {}, {}
-	for line in io.lines(RULES_PATH .. "/block_host") do
+	for line in io.lines(RULES_PATH .. "/proxy_host") do
 		line = api.get_std_domain(line)
 		if line ~= "" and not line:find("#") then
-			insert_unique(block_domain, line, lookup_block_domain)
+			insert_unique(proxy_domain, line, lookup_proxy_domain)
 		end
 	end
-	if #block_domain > 0 then
+	if #proxy_domain > 0 then
-		local f_out = io.open(file_block_host, "w")
+		local f_out = io.open(file_proxy_host, "w")
-		for i = 1, #block_domain do
+		for i = 1, #proxy_domain do
-			f_out:write(block_domain[i] .. "\n")
+			f_out:write(proxy_domain[i] .. "\n")
 		end
 		f_out:close()
 	end
 end
-if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
+if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
-	table.insert(config_lines, "group null")
+	tmp_lines = {
-	table.insert(config_lines, "group-dnl " .. file_block_host)
+		"group proxylist",
+		"group-dnl " .. file_proxy_host,
+		"group-upstream " .. DNS_TRUST,
+		"group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6"
+	}
+	if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:proxylist") end
+	insert_array_after(config_lines, tmp_lines, "#--3")
+	log(string.format("  - 代理域名表(blacklist)：%s", DNS_TRUST or "默认"))
 end
 
---始终用国内DNS解析节点域名
+--内置组(chn/gfw)优先级在自定义组后
-local file_vpslist = TMP_ACL_PATH .. "/vpslist"
+--GFW列表
-if not is_file_nonzero(file_vpslist) then
+if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then
-	local f_out = io.open(file_vpslist, "w")
-	uci:foreach(appname, "nodes", function(t)
-		local address = t.address
-		if address == "engage.cloudflareclient.com" then return end
-		if datatypes.hostname(address) then
-			f_out:write(address .. "\n")
-		end
-	end)
-	f_out:close()
-end
-if is_file_nonzero(file_vpslist) then
 	tmp_lines = {
-		"group vpslist",
+		"gfwlist-file " .. RULES_PATH .. "/gfwlist",
-		"group-dnl " .. file_vpslist,
+		"add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6"
-		"group-upstream " .. DNS_LOCAL,
-		"group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6"
 	}
+	if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:gfw") end
 	merge_array(config_lines, tmp_lines)
-	log(string.format("  - 节点列表中的域名(vpslist)：%s", DNS_LOCAL or "默认"))
+	log(string.format("  - 防火墙域名表(gfwlist)：%s", DNS_TRUST or "默认"))
+end
+
+--中国列表
+if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then
+	if CHNLIST == "direct" then
+		tmp_lines = {
+			"chnlist-file " .. RULES_PATH .. "/chnlist",
+			"ipset-name4 " .. setflag .. "passwall_chnroute",
+			"ipset-name6 " .. setflag .. "passwall_chnroute6",
+			"add-tagchn-ip",
+			"chnlist-first"
+		}
+		merge_array(config_lines, tmp_lines)
+		log(string.format("  - 中国域名表(chnroute)：%s", DNS_LOCAL or "默认"))
+	end
+
+	--回中国模式
+	if CHNLIST == "proxy" then
+		tmp_lines = {
+			"group chn_proxy",
+			"group-dnl " .. RULES_PATH .. "/chnlist",
+			"group-upstream " .. DNS_TRUST,
+			"group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6"
+		}
+		if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:chn_proxy") end
+		insert_array_after(config_lines, tmp_lines, "#--1")
+		log(string.format("  - 中国域名表(chnroute)：%s", DNS_TRUST or "默认"))
+	end
 end
 
 --分流规则
@@ -324,8 +331,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
 			"group-ipset " .. setflag .. "passwall_shuntlist," .. setflag .. "passwall_shuntlist6"
 		}
 		if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:shuntlist") end
-		-- 在 "filter-qtype 65" 后插入 tmp_lines (shuntlist在自定义组中优先级最低)
+		insert_array_after(config_lines, tmp_lines, "#--2")
-		insert_array_after(config_lines, tmp_lines, "filter-qtype 65")
 	end
 
 end
@@ -368,7 +374,10 @@ end
 --输出配置文件
 if #config_lines > 0 then
 	for i = 1, #config_lines do
-		print(config_lines[i])
+		line = config_lines[i]
+		if line ~= "" and not line:find("^#--") then
+			print(line)
+		end
 	end
 end
 

patch-luci-app-passwall.patch

@@ -1,5 +1,5 @@
 diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
-index 5f06c23..b88a877 100644
+index 7f75bcc..3254f3c 100644
 --- a/luci-app-passwall/Makefile
 +++ b/luci-app-passwall/Makefile
 @@ -171,7 +171,6 @@ define Package/$(PKG_NAME)/conffiles