From 42ce950fcd163280a08db410390b58f7eea3cc67 Mon Sep 17 00:00:00 2001
From: xiaorouji <60100640+xiaorouji@users.noreply.github.com>
Date: Wed, 8 Mar 2023 19:59:44 +0800
Subject: [PATCH] luci: add when use chnroute mode default DNS option
---
luci-app-passwall/Makefile | 2 +-
.../model/cbi/passwall/client/acl_config.lua | 20 ++++++++---
.../model/cbi/passwall/client/global.lua | 21 ++++++-----
luci-app-passwall/po/zh-cn/passwall.po | 11 +++---
.../root/usr/share/passwall/0_default_config | 1 +
.../root/usr/share/passwall/app.sh | 32 ++++++++++-------
.../usr/share/passwall/helper_dnsmasq_add.lua | 36 +++++++++++--------
7 files changed, 78 insertions(+), 45 deletions(-)
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index 5308b41f8..1bf087c50 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.60
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index 3c01a3dc8..159396c1e 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -295,11 +295,21 @@ o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
o.datatype = "ipaddr"
o:depends("v2ray_dns_mode", "doh")
-if has_chnlist and api.is_finded("chinadns-ng") then
- o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
- o.default = "0"
- o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks"})
- o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray"})
+if has_chnlist then
+ when_chnroute_default_dns = s:option(ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
+ when_chnroute_default_dns.default = "direct"
+ when_chnroute_default_dns:value("remote", translate("Remote DNS"))
+ when_chnroute_default_dns:value("direct", translate("Direct DNS"))
+ when_chnroute_default_dns.description = ""
+ .. "- " .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "
"
+ .. "- " .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "
"
+ if api.is_finded("chinadns-ng") then
+ when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
+ when_chnroute_default_dns.default = "chinadns_ng"
+ end
+ when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "
"
+ when_chnroute_default_dns:depends("tcp_proxy_mode", "chnroute")
+ when_chnroute_default_dns:depends("udp_proxy_mode", "chnroute")
end
return m
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index d7a0a00b3..e875d5aaa 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -275,14 +275,19 @@ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o.rmempty = false
-if has_chnlist and api.is_finded("chinadns-ng") then
- o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
- o.default = "0"
- o:depends({dns_mode = "dns2socks"})
- o:depends({dns_mode = "dns2tcp"})
- o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
- o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
- o:depends({dns_mode = "udp"})
+if has_chnlist then
+ when_chnroute_default_dns = s:taboption("DNS", ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
+ when_chnroute_default_dns.default = "direct"
+ when_chnroute_default_dns:value("remote", translate("Remote DNS"))
+ when_chnroute_default_dns:value("direct", translate("Direct DNS"))
+ when_chnroute_default_dns.description = ""
+ .. "- " .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "
"
+ .. "- " .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "
"
+ if api.is_finded("chinadns-ng") then
+ when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
+ when_chnroute_default_dns.default = "chinadns_ng"
+ end
+ when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "
"
end
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index 21e510a98..e9cc6286b 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -148,11 +148,14 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位
msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet(RFC7871)。"
-msgid "When the accessed domain name does not exist in the rule list, the default DNS used."
-msgstr "当访问的域名不存在规则列表中,使用的默认DNS。"
+msgid "When using the chnroute list the default DNS"
+msgstr "当使用中国列表外时的默认DNS"
-msgid "The effect is better, but will increase the memory."
-msgstr "效果更好,但会增加内存使用。"
+msgid "Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!"
+msgstr "远程DNS可以避免更多的DNS泄露,但会导致规则列表外的某些国内域名可能会走代理!"
+
+msgid "Direct DNS Internet experience may be better, but DNS will be leaked!"
+msgstr "直连DNS上网体验可能会更佳,但是会泄露DNS!"
msgid "Filter Proxy Host IPv6"
msgstr "过滤代理域名 IPv6"
diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config
index 78939b757..356ff0db9 100644
--- a/luci-app-passwall/root/usr/share/passwall/0_default_config
+++ b/luci-app-passwall/root/usr/share/passwall/0_default_config
@@ -8,6 +8,7 @@ config global
option dns_mode 'dns2tcp'
option remote_dns '1.1.1.1'
option filter_proxy_ipv6 '0'
+ option when_chnroute_default_dns 'direct'
option tcp_proxy_mode 'chnroute'
option udp_proxy_mode 'chnroute'
option localhost_tcp_proxy_mode 'default'
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index e6f296014..689ee5c22 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -697,7 +697,6 @@ run_redir() {
;;
fakedns)
fakedns=1
- CHINADNS_NG=0
echolog " - 域名解析 Fake DNS..."
;;
esac
@@ -1051,16 +1050,22 @@ start_dns() {
[ -n "$items" ] && {
for item in $items; do
[ "$(config_n_get $item enabled)" = "1" ] || continue
- [ "$(config_n_get $item tcp_node)" = "default" -o "$(config_n_get $item udp_node)" = "default" ] && {
+ [ "$(config_n_get $item tcp_node)" = "default" ] && [ "$TCP_NODE" != "nil" ] && {
local item_tcp_proxy_mode=$(config_n_get $item tcp_proxy_mode default)
- local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
[ "$item_tcp_proxy_mode" = "default" ] && item_tcp_proxy_mode=$TCP_PROXY_MODE
- [ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
- global=$(echo "${global}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "global")
- returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "returnhome")
- chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "chnroute")
- gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "gfwlist")
+ global=$(echo "${global}${item_tcp_proxy_mode}" | grep "global")
+ returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}" | grep "returnhome")
+ chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}" | grep "chnroute")
+ gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}" | grep "gfwlist")
ACL_TCP_PROXY_MODE=${ACL_TCP_PROXY_MODE}${item_tcp_proxy_mode}
+ }
+ [ "$(config_n_get $item udp_node)" = "default" ] && [ "$UDP_NODE" != "nil" ] && {
+ local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
+ [ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
+ global=$(echo "${global}${item_udp_proxy_mode}" | grep "global")
+ returnhome=$(echo "${returnhome}${item_udp_proxy_mode}" | grep "returnhome")
+ chnlist=$(echo "${chnlist}${item_udp_proxy_mode}" | grep "chnroute")
+ gfwlist=$(echo "${gfwlist}${item_udp_proxy_mode}" | grep "gfwlist")
ACL_UDP_PROXY_MODE=${ACL_UDP_PROXY_MODE}${item_udp_proxy_mode}
}
done
@@ -1128,7 +1133,7 @@ start_dns() {
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
- [ -n "$chnlist" ] && [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
+ [ -n "$chnlist" ] && [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
china_ng_listen_port=$(expr $dns_listen_port + 1)
china_ng_listen="127.0.0.1#${china_ng_listen_port}"
china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
@@ -1163,7 +1168,7 @@ start_dns() {
source $APP_PATH/helper_dnsmasq.sh stretch
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \
-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
- -TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHINADNS_DNS ${china_ng_listen:-0} \
+ -TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHNROUTE_MODE_DEFAULT_DNS "${WHEN_CHNROUTE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_IPV6:-0} -NFTFLAG ${nftflag:-0} \
-NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
}
@@ -1358,6 +1363,7 @@ acl_app() {
dns_mode=${dns_mode:-dns2socks}
remote_dns=${remote_dns:-1.1.1.1}
chinadns_ng=${chinadns_ng:-0}
+ when_chnroute_default_dns=${when_chnroute_default_dns:-direct}
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
}
@@ -1386,7 +1392,7 @@ acl_app() {
}
local _dnsmasq_filter_ipv6=$filter_proxy_ipv6
- [ "$tcp_proxy_mode" = "chnroute" ] && [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
+ [ "$tcp_proxy_mode" = "chnroute" ] && [ "$when_chnroute_default_dns" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
chinadns_port=$(expr $chinadns_port + 1)
_china_ng_listen="127.0.0.1#${chinadns_port}"
local _china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
@@ -1439,7 +1445,7 @@ acl_app() {
}
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \
-DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
- -TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHINADNS_DNS ${_china_ng_listen:-0} \
+ -TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
-TCP_NODE $tcp_node -PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${_dnsmasq_filter_ipv6:-0} -NFTFLAG 0 \
-NO_LOGIC_LOG 1
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
@@ -1649,7 +1655,7 @@ DNS_SHUNT="dnsmasq"
DNS_MODE=$(config_t_get global dns_mode dns2tcp)
DNS_CACHE=$(config_t_get global dns_cache 0)
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
-CHINADNS_NG=$(config_t_get global chinadns_ng 0)
+WHEN_CHNROUTE_DEFAULT_DNS=$(config_t_get global when_chnroute_default_dns direct)
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
dns_listen_port=${DNS_PORT}
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
index 9dd4e6192..e973b5799 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@@ -9,6 +9,7 @@ local DEFAULT_DNS = var["-DEFAULT_DNS"]
local LOCAL_DNS = var["-LOCAL_DNS"]
local TUN_DNS = var["-TUN_DNS"]
local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
+local CHNROUTE_MODE_DEFAULT_DNS = var["-CHNROUTE_MODE_DEFAULT_DNS"]
local CHINADNS_DNS = var["-CHINADNS_DNS"]
local TCP_NODE = var["-TCP_NODE"]
local PROXY_MODE = var["-PROXY_MODE"]
@@ -148,11 +149,9 @@ local function check_excluded_domain(domain)
return false
end
-local dnsmasq_default_dns
-
local cache_text = ""
local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")
-local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
+local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHNROUTE_MODE_DEFAULT_DNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
if fs.access(CACHE_TEXT_FILE) then
for line in io.lines(CACHE_TEXT_FILE) do
cache_text = line
@@ -169,10 +168,18 @@ local chnlist = PROXY_MODE:find("chnroute")
local gfwlist = PROXY_MODE:find("gfwlist")
local only_global
-if CHINADNS_DNS ~= "0" then
- dnsmasq_default_dns = CHINADNS_DNS
+local dnsmasq_default_dns
+if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and chnlist then
+ if CHNROUTE_MODE_DEFAULT_DNS == "remote" then
+ dnsmasq_default_dns = TUN_DNS
+ end
+ if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
+ dnsmasq_default_dns = CHINADNS_DNS
+ end
end
+
if global and (not returnhome and not chnlist and not gfwlist) then
+ --只有全局模式时
dnsmasq_default_dns = TUN_DNS
only_global = 1
end
@@ -300,7 +307,7 @@ if not fs.access(CACHE_DNS_PATH) then
end
if not only_global then
fwd_dns = TUN_DNS
- if CHINADNS_DNS ~= "0" then
+ if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
fwd_dns = nil
end
if REMOTE_FAKEDNS == "1" then
@@ -314,15 +321,16 @@ if not fs.access(CACHE_DNS_PATH) then
log(string.format(" - 防火墙域名表(gfwlist):%s", fwd_dns or "默认"))
end
- if CHINADNS_DNS ~= "0" then
- if fs.access("/usr/share/passwall/rules/chnlist") then
- fwd_dns = nil
- local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
- for line in string.gmatch(chnlist_str, "[^\r\n]+") do
- if line ~= "" then
- set_domain_dns(line, fwd_dns)
- set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
+ if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then
+ fwd_dns = LOCAL_DNS
+ local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
+ for line in string.gmatch(chnlist_str, "[^\r\n]+") do
+ if line ~= "" then
+ if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
+ fwd_dns = nil
end
+ set_domain_dns(line, fwd_dns)
+ set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
end
end
log(string.format(" - 中国域名表(chnroute):%s", fwd_dns or "默认"))