luci: add when use chnroute mode default DNS option

luci-app-passwall/Makefile

@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=4.60
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \

luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua

@@ -295,11 +295,21 @@ o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
 o.datatype = "ipaddr"
 o:depends("v2ray_dns_mode", "doh")
 
-if has_chnlist and api.is_finded("chinadns-ng") then
-    o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
-    o.default = "0"
-    o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks"})
-    o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray"})
+if has_chnlist then
+    when_chnroute_default_dns = s:option(ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
+    when_chnroute_default_dns.default = "direct"
+    when_chnroute_default_dns:value("remote", translate("Remote DNS"))
+    when_chnroute_default_dns:value("direct", translate("Direct DNS"))
+    when_chnroute_default_dns.description = "<ul>"
+    .. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
+    .. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
+    if api.is_finded("chinadns-ng") then
+        when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
+        when_chnroute_default_dns.default = "chinadns_ng"
+    end
+    when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "</li></ul>"
+    when_chnroute_default_dns:depends("tcp_proxy_mode", "chnroute")
+    when_chnroute_default_dns:depends("udp_proxy_mode", "chnroute")
 end
 
 return m

luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua

@@ -275,14 +275,19 @@ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
 o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
 o.rmempty = false
 
-if has_chnlist and api.is_finded("chinadns-ng") then
-    o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
-    o.default = "0"
-	o:depends({dns_mode = "dns2socks"})
-	o:depends({dns_mode = "dns2tcp"})
-	o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
-	o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
-	o:depends({dns_mode = "udp"})
+if has_chnlist then
+    when_chnroute_default_dns = s:taboption("DNS", ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
+    when_chnroute_default_dns.default = "direct"
+    when_chnroute_default_dns:value("remote", translate("Remote DNS"))
+    when_chnroute_default_dns:value("direct", translate("Direct DNS"))
+    when_chnroute_default_dns.description = "<ul>"
+    .. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
+    .. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
+    if api.is_finded("chinadns-ng") then
+        when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
+        when_chnroute_default_dns.default = "chinadns_ng"
+    end
+    when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "</li></ul>"
 end
 
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))

luci-app-passwall/po/zh-cn/passwall.po

@@ -148,11 +148,14 @@ msgstr "用于 DNS 查询时通知 DNS 服务器，客户端所在的地理位
 msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
 msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet（RFC7871）。"
 
-msgid "When the accessed domain name does not exist in the rule list, the default DNS used."
-msgstr "当访问的域名不存在规则列表中，使用的默认DNS。"
+msgid "When using the chnroute list the default DNS"
+msgstr "当使用中国列表外时的默认DNS"
 
-msgid "The effect is better, but will increase the memory."
-msgstr "效果更好，但会增加内存使用。"
+msgid "Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!"
+msgstr "远程DNS可以避免更多的DNS泄露，但会导致规则列表外的某些国内域名可能会走代理！"
+
+msgid "Direct DNS Internet experience may be better, but DNS will be leaked!"
+msgstr "直连DNS上网体验可能会更佳，但是会泄露DNS！"
 
 msgid "Filter Proxy Host IPv6"
 msgstr "过滤代理域名 IPv6"

luci-app-passwall/root/usr/share/passwall/0_default_config

@@ -8,6 +8,7 @@ config global
 	option dns_mode 'dns2tcp'
 	option remote_dns '1.1.1.1'
 	option filter_proxy_ipv6 '0'
+	option when_chnroute_default_dns 'direct'
 	option tcp_proxy_mode 'chnroute'
 	option udp_proxy_mode 'chnroute'
 	option localhost_tcp_proxy_mode 'default'

luci-app-passwall/root/usr/share/passwall/app.sh

@@ -697,7 +697,6 @@ run_redir() {
 					;;
 					fakedns)
 						fakedns=1
-						CHINADNS_NG=0
 						echolog "  - 域名解析 Fake DNS..."
 					;;
 				esac
@@ -1051,16 +1050,22 @@ start_dns() {
 	[ -n "$items" ] && {
 		for item in $items; do
 			[ "$(config_n_get $item enabled)" = "1" ] || continue
-			[ "$(config_n_get $item tcp_node)" = "default" -o "$(config_n_get $item udp_node)" = "default" ] && {
+			[ "$(config_n_get $item tcp_node)" = "default" ] && [ "$TCP_NODE" != "nil" ] && {
 				local item_tcp_proxy_mode=$(config_n_get $item tcp_proxy_mode default)
-				local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
 				[ "$item_tcp_proxy_mode" = "default" ] && item_tcp_proxy_mode=$TCP_PROXY_MODE
-				[ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
-				global=$(echo "${global}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "global")
-				returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "returnhome")
-				chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "chnroute")
-				gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "gfwlist")
+				global=$(echo "${global}${item_tcp_proxy_mode}" | grep "global")
+				returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}" | grep "returnhome")
+				chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}" | grep "chnroute")
+				gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}" | grep "gfwlist")
 				ACL_TCP_PROXY_MODE=${ACL_TCP_PROXY_MODE}${item_tcp_proxy_mode}
+			}
+			[ "$(config_n_get $item udp_node)" = "default" ] && [ "$UDP_NODE" != "nil" ] && {
+				local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
+				[ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
+				global=$(echo "${global}${item_udp_proxy_mode}" | grep "global")
+				returnhome=$(echo "${returnhome}${item_udp_proxy_mode}" | grep "returnhome")
+				chnlist=$(echo "${chnlist}${item_udp_proxy_mode}" | grep "chnroute")
+				gfwlist=$(echo "${gfwlist}${item_udp_proxy_mode}" | grep "gfwlist")
 				ACL_UDP_PROXY_MODE=${ACL_UDP_PROXY_MODE}${item_udp_proxy_mode}
 			}
 		done
@@ -1128,7 +1133,7 @@ start_dns() {
 	[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 TCP 查询，如非直连地址，确保 TCP 代理打开，并且已经正确转发！"
 	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 要求代理 DNS 请求，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"
 
-	[ -n "$chnlist" ] && [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
+	[ -n "$chnlist" ] && [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
 		china_ng_listen_port=$(expr $dns_listen_port + 1)
 		china_ng_listen="127.0.0.1#${china_ng_listen_port}"
 		china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
@@ -1163,7 +1168,7 @@ start_dns() {
 		source $APP_PATH/helper_dnsmasq.sh stretch
 		lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \
 			-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
-			-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHINADNS_DNS ${china_ng_listen:-0} \
+			-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHNROUTE_MODE_DEFAULT_DNS "${WHEN_CHNROUTE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
 			-TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_IPV6:-0} -NFTFLAG ${nftflag:-0} \
 			-NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
 	}
@@ -1358,6 +1363,7 @@ acl_app() {
 			dns_mode=${dns_mode:-dns2socks}
 			remote_dns=${remote_dns:-1.1.1.1}
 			chinadns_ng=${chinadns_ng:-0}
+			when_chnroute_default_dns=${when_chnroute_default_dns:-direct}
 			[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
 				[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
 			}
@@ -1386,7 +1392,7 @@ acl_app() {
 							}
 
 							local _dnsmasq_filter_ipv6=$filter_proxy_ipv6
-							[ "$tcp_proxy_mode" = "chnroute" ] && [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
+							[ "$tcp_proxy_mode" = "chnroute" ] && [ "$when_chnroute_default_dns" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
 								chinadns_port=$(expr $chinadns_port + 1)
 								_china_ng_listen="127.0.0.1#${chinadns_port}"
 								local _china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
@@ -1439,7 +1445,7 @@ acl_app() {
 							}
 							lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \
 								-DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
-								-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHINADNS_DNS ${_china_ng_listen:-0} \
+								-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
 								-TCP_NODE $tcp_node -PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${_dnsmasq_filter_ipv6:-0} -NFTFLAG 0 \
 								-NO_LOGIC_LOG 1
 							ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
@@ -1649,7 +1655,7 @@ DNS_SHUNT="dnsmasq"
 DNS_MODE=$(config_t_get global dns_mode dns2tcp)
 DNS_CACHE=$(config_t_get global dns_cache 0)
 REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
-CHINADNS_NG=$(config_t_get global chinadns_ng 0)
+WHEN_CHNROUTE_DEFAULT_DNS=$(config_t_get global when_chnroute_default_dns direct)
 FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
 dns_listen_port=${DNS_PORT}
 

luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua

@@ -9,6 +9,7 @@ local DEFAULT_DNS = var["-DEFAULT_DNS"]
 local LOCAL_DNS = var["-LOCAL_DNS"]
 local TUN_DNS = var["-TUN_DNS"]
 local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
+local CHNROUTE_MODE_DEFAULT_DNS = var["-CHNROUTE_MODE_DEFAULT_DNS"]
 local CHINADNS_DNS = var["-CHINADNS_DNS"]
 local TCP_NODE = var["-TCP_NODE"]
 local PROXY_MODE = var["-PROXY_MODE"]
@@ -148,11 +149,9 @@ local function check_excluded_domain(domain)
     return false
 end
 
-local dnsmasq_default_dns
-
 local cache_text = ""
 local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")
-local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
+local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHNROUTE_MODE_DEFAULT_DNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
 if fs.access(CACHE_TEXT_FILE) then
     for line in io.lines(CACHE_TEXT_FILE) do
         cache_text = line
@@ -169,10 +168,18 @@ local chnlist = PROXY_MODE:find("chnroute")
 local gfwlist = PROXY_MODE:find("gfwlist")
 local only_global
 
-if CHINADNS_DNS ~= "0" then
-    dnsmasq_default_dns = CHINADNS_DNS
+local dnsmasq_default_dns
+if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and chnlist then
+    if CHNROUTE_MODE_DEFAULT_DNS == "remote" then
+        dnsmasq_default_dns = TUN_DNS
+    end
+    if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
+        dnsmasq_default_dns = CHINADNS_DNS
+    end
 end
+
 if global and (not returnhome and not chnlist and not gfwlist) then
+    --只有全局模式时
     dnsmasq_default_dns = TUN_DNS
     only_global = 1
 end
@@ -300,7 +307,7 @@ if not fs.access(CACHE_DNS_PATH) then
                     end
                     if not only_global then
                         fwd_dns = TUN_DNS
-                        if CHINADNS_DNS ~= "0" then
+                        if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
                             fwd_dns = nil
                         end
                         if REMOTE_FAKEDNS == "1" then
@@ -314,15 +321,16 @@ if not fs.access(CACHE_DNS_PATH) then
             log(string.format("  - 防火墙域名表(gfwlist)：%s", fwd_dns or "默认"))
         end
 
-        if CHINADNS_DNS ~= "0" then
-            if fs.access("/usr/share/passwall/rules/chnlist") then
-                fwd_dns = nil
-                local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
-                for line in string.gmatch(chnlist_str, "[^\r\n]+") do
-                    if line ~= "" then
-                        set_domain_dns(line, fwd_dns)
-                        set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
+        if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then
+            fwd_dns = LOCAL_DNS
+            local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+            for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+                if line ~= "" then
+                    if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
+                        fwd_dns = nil
                     end
+                    set_domain_dns(line, fwd_dns)
+                    set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
                 end
             end
             log(string.format("  - 中国域名表(chnroute)：%s", fwd_dns or "默认"))