luci: add when use chnroute mode default DNS option
This commit is contained in:
xiaorouji
sbwml
parent
702b12315a
commit
42ce950fcd
@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=4.60
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
|
||||
|
||||
@ -295,11 +295,21 @@ o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
|
||||
o.datatype = "ipaddr"
|
||||
o:depends("v2ray_dns_mode", "doh")
|
||||
|
||||
if has_chnlist and api.is_finded("chinadns-ng") then
|
||||
o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
|
||||
o.default = "0"
|
||||
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks"})
|
||||
o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray"})
|
||||
if has_chnlist then
|
||||
when_chnroute_default_dns = s:option(ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
|
||||
when_chnroute_default_dns.default = "direct"
|
||||
when_chnroute_default_dns:value("remote", translate("Remote DNS"))
|
||||
when_chnroute_default_dns:value("direct", translate("Direct DNS"))
|
||||
when_chnroute_default_dns.description = "<ul>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
if api.is_finded("chinadns-ng") then
|
||||
when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
|
||||
when_chnroute_default_dns.default = "chinadns_ng"
|
||||
end
|
||||
when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "</li></ul>"
|
||||
when_chnroute_default_dns:depends("tcp_proxy_mode", "chnroute")
|
||||
when_chnroute_default_dns:depends("udp_proxy_mode", "chnroute")
|
||||
end
|
||||
|
||||
return m
|
||||
|
||||
@ -275,14 +275,19 @@ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
|
||||
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
|
||||
o.rmempty = false
|
||||
|
||||
if has_chnlist and api.is_finded("chinadns-ng") then
|
||||
o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
|
||||
o.default = "0"
|
||||
o:depends({dns_mode = "dns2socks"})
|
||||
o:depends({dns_mode = "dns2tcp"})
|
||||
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
|
||||
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
|
||||
o:depends({dns_mode = "udp"})
|
||||
if has_chnlist then
|
||||
when_chnroute_default_dns = s:taboption("DNS", ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
|
||||
when_chnroute_default_dns.default = "direct"
|
||||
when_chnroute_default_dns:value("remote", translate("Remote DNS"))
|
||||
when_chnroute_default_dns:value("direct", translate("Direct DNS"))
|
||||
when_chnroute_default_dns.description = "<ul>"
|
||||
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
|
||||
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
|
||||
if api.is_finded("chinadns-ng") then
|
||||
when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
|
||||
when_chnroute_default_dns.default = "chinadns_ng"
|
||||
end
|
||||
when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "</li></ul>"
|
||||
end
|
||||
|
||||
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
|
||||
|
||||
@ -148,11 +148,14 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位
|
||||
msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
|
||||
msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet(RFC7871)。"
|
||||
|
||||
msgid "When the accessed domain name does not exist in the rule list, the default DNS used."
|
||||
msgstr "当访问的域名不存在规则列表中,使用的默认DNS。"
|
||||
msgid "When using the chnroute list the default DNS"
|
||||
msgstr "当使用中国列表外时的默认DNS"
|
||||
|
||||
msgid "The effect is better, but will increase the memory."
|
||||
msgstr "效果更好,但会增加内存使用。"
|
||||
msgid "Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!"
|
||||
msgstr "远程DNS可以避免更多的DNS泄露,但会导致规则列表外的某些国内域名可能会走代理!"
|
||||
|
||||
msgid "Direct DNS Internet experience may be better, but DNS will be leaked!"
|
||||
msgstr "直连DNS上网体验可能会更佳,但是会泄露DNS!"
|
||||
|
||||
msgid "Filter Proxy Host IPv6"
|
||||
msgstr "过滤代理域名 IPv6"
|
||||
|
||||
@ -8,6 +8,7 @@ config global
|
||||
option dns_mode 'dns2tcp'
|
||||
option remote_dns '1.1.1.1'
|
||||
option filter_proxy_ipv6 '0'
|
||||
option when_chnroute_default_dns 'direct'
|
||||
option tcp_proxy_mode 'chnroute'
|
||||
option udp_proxy_mode 'chnroute'
|
||||
option localhost_tcp_proxy_mode 'default'
|
||||
|
||||
@ -697,7 +697,6 @@ run_redir() {
|
||||
;;
|
||||
fakedns)
|
||||
fakedns=1
|
||||
CHINADNS_NG=0
|
||||
echolog " - 域名解析 Fake DNS..."
|
||||
;;
|
||||
esac
|
||||
@ -1051,16 +1050,22 @@ start_dns() {
|
||||
[ -n "$items" ] && {
|
||||
for item in $items; do
|
||||
[ "$(config_n_get $item enabled)" = "1" ] || continue
|
||||
[ "$(config_n_get $item tcp_node)" = "default" -o "$(config_n_get $item udp_node)" = "default" ] && {
|
||||
[ "$(config_n_get $item tcp_node)" = "default" ] && [ "$TCP_NODE" != "nil" ] && {
|
||||
local item_tcp_proxy_mode=$(config_n_get $item tcp_proxy_mode default)
|
||||
local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
|
||||
[ "$item_tcp_proxy_mode" = "default" ] && item_tcp_proxy_mode=$TCP_PROXY_MODE
|
||||
[ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
|
||||
global=$(echo "${global}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "global")
|
||||
returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "returnhome")
|
||||
chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "chnroute")
|
||||
gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}${item_udp_proxy_mode}" | grep "gfwlist")
|
||||
global=$(echo "${global}${item_tcp_proxy_mode}" | grep "global")
|
||||
returnhome=$(echo "${returnhome}${item_tcp_proxy_mode}" | grep "returnhome")
|
||||
chnlist=$(echo "${chnlist}${item_tcp_proxy_mode}" | grep "chnroute")
|
||||
gfwlist=$(echo "${gfwlist}${item_tcp_proxy_mode}" | grep "gfwlist")
|
||||
ACL_TCP_PROXY_MODE=${ACL_TCP_PROXY_MODE}${item_tcp_proxy_mode}
|
||||
}
|
||||
[ "$(config_n_get $item udp_node)" = "default" ] && [ "$UDP_NODE" != "nil" ] && {
|
||||
local item_udp_proxy_mode=$(config_n_get $item udp_proxy_mode default)
|
||||
[ "$item_udp_proxy_mode" = "default" ] && item_udp_proxy_mode=$UDP_PROXY_MODE
|
||||
global=$(echo "${global}${item_udp_proxy_mode}" | grep "global")
|
||||
returnhome=$(echo "${returnhome}${item_udp_proxy_mode}" | grep "returnhome")
|
||||
chnlist=$(echo "${chnlist}${item_udp_proxy_mode}" | grep "chnroute")
|
||||
gfwlist=$(echo "${gfwlist}${item_udp_proxy_mode}" | grep "gfwlist")
|
||||
ACL_UDP_PROXY_MODE=${ACL_UDP_PROXY_MODE}${item_udp_proxy_mode}
|
||||
}
|
||||
done
|
||||
@ -1128,7 +1133,7 @@ start_dns() {
|
||||
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
|
||||
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
|
||||
|
||||
[ -n "$chnlist" ] && [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
|
||||
[ -n "$chnlist" ] && [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
|
||||
china_ng_listen_port=$(expr $dns_listen_port + 1)
|
||||
china_ng_listen="127.0.0.1#${china_ng_listen_port}"
|
||||
china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
|
||||
@ -1163,7 +1168,7 @@ start_dns() {
|
||||
source $APP_PATH/helper_dnsmasq.sh stretch
|
||||
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \
|
||||
-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
|
||||
-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHINADNS_DNS ${china_ng_listen:-0} \
|
||||
-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHNROUTE_MODE_DEFAULT_DNS "${WHEN_CHNROUTE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
|
||||
-TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_IPV6:-0} -NFTFLAG ${nftflag:-0} \
|
||||
-NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
|
||||
}
|
||||
@ -1358,6 +1363,7 @@ acl_app() {
|
||||
dns_mode=${dns_mode:-dns2socks}
|
||||
remote_dns=${remote_dns:-1.1.1.1}
|
||||
chinadns_ng=${chinadns_ng:-0}
|
||||
when_chnroute_default_dns=${when_chnroute_default_dns:-direct}
|
||||
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
|
||||
[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
|
||||
}
|
||||
@ -1386,7 +1392,7 @@ acl_app() {
|
||||
}
|
||||
|
||||
local _dnsmasq_filter_ipv6=$filter_proxy_ipv6
|
||||
[ "$tcp_proxy_mode" = "chnroute" ] && [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
|
||||
[ "$tcp_proxy_mode" = "chnroute" ] && [ "$when_chnroute_default_dns" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
|
||||
chinadns_port=$(expr $chinadns_port + 1)
|
||||
_china_ng_listen="127.0.0.1#${chinadns_port}"
|
||||
local _china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
|
||||
@ -1439,7 +1445,7 @@ acl_app() {
|
||||
}
|
||||
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \
|
||||
-DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
|
||||
-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHINADNS_DNS ${_china_ng_listen:-0} \
|
||||
-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
|
||||
-TCP_NODE $tcp_node -PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${_dnsmasq_filter_ipv6:-0} -NFTFLAG 0 \
|
||||
-NO_LOGIC_LOG 1
|
||||
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
|
||||
@ -1649,7 +1655,7 @@ DNS_SHUNT="dnsmasq"
|
||||
DNS_MODE=$(config_t_get global dns_mode dns2tcp)
|
||||
DNS_CACHE=$(config_t_get global dns_cache 0)
|
||||
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
|
||||
CHINADNS_NG=$(config_t_get global chinadns_ng 0)
|
||||
WHEN_CHNROUTE_DEFAULT_DNS=$(config_t_get global when_chnroute_default_dns direct)
|
||||
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
|
||||
dns_listen_port=${DNS_PORT}
|
||||
|
||||
|
||||
@ -9,6 +9,7 @@ local DEFAULT_DNS = var["-DEFAULT_DNS"]
|
||||
local LOCAL_DNS = var["-LOCAL_DNS"]
|
||||
local TUN_DNS = var["-TUN_DNS"]
|
||||
local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
|
||||
local CHNROUTE_MODE_DEFAULT_DNS = var["-CHNROUTE_MODE_DEFAULT_DNS"]
|
||||
local CHINADNS_DNS = var["-CHINADNS_DNS"]
|
||||
local TCP_NODE = var["-TCP_NODE"]
|
||||
local PROXY_MODE = var["-PROXY_MODE"]
|
||||
@ -148,11 +149,9 @@ local function check_excluded_domain(domain)
|
||||
return false
|
||||
end
|
||||
|
||||
local dnsmasq_default_dns
|
||||
|
||||
local cache_text = ""
|
||||
local new_rules = luci.sys.exec("echo -n $(find /usr/share/passwall/rules -type f | xargs md5sum)")
|
||||
local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
|
||||
local new_text = TMP_DNSMASQ_PATH .. DNSMASQ_CONF_FILE .. DEFAULT_DNS .. LOCAL_DNS .. TUN_DNS .. REMOTE_FAKEDNS .. CHNROUTE_MODE_DEFAULT_DNS .. CHINADNS_DNS .. PROXY_MODE .. NO_PROXY_IPV6 .. new_rules .. NFTFLAG
|
||||
if fs.access(CACHE_TEXT_FILE) then
|
||||
for line in io.lines(CACHE_TEXT_FILE) do
|
||||
cache_text = line
|
||||
@ -169,10 +168,18 @@ local chnlist = PROXY_MODE:find("chnroute")
|
||||
local gfwlist = PROXY_MODE:find("gfwlist")
|
||||
local only_global
|
||||
|
||||
if CHINADNS_DNS ~= "0" then
|
||||
local dnsmasq_default_dns
|
||||
if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and chnlist then
|
||||
if CHNROUTE_MODE_DEFAULT_DNS == "remote" then
|
||||
dnsmasq_default_dns = TUN_DNS
|
||||
end
|
||||
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
dnsmasq_default_dns = CHINADNS_DNS
|
||||
end
|
||||
end
|
||||
|
||||
if global and (not returnhome and not chnlist and not gfwlist) then
|
||||
--只有全局模式时
|
||||
dnsmasq_default_dns = TUN_DNS
|
||||
only_global = 1
|
||||
end
|
||||
@ -300,7 +307,7 @@ if not fs.access(CACHE_DNS_PATH) then
|
||||
end
|
||||
if not only_global then
|
||||
fwd_dns = TUN_DNS
|
||||
if CHINADNS_DNS ~= "0" then
|
||||
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
fwd_dns = nil
|
||||
end
|
||||
if REMOTE_FAKEDNS == "1" then
|
||||
@ -314,17 +321,18 @@ if not fs.access(CACHE_DNS_PATH) then
|
||||
log(string.format(" - 防火墙域名表(gfwlist):%s", fwd_dns or "默认"))
|
||||
end
|
||||
|
||||
if CHINADNS_DNS ~= "0" then
|
||||
if fs.access("/usr/share/passwall/rules/chnlist") then
|
||||
fwd_dns = nil
|
||||
if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then
|
||||
fwd_dns = LOCAL_DNS
|
||||
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
|
||||
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
|
||||
if line ~= "" then
|
||||
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
|
||||
fwd_dns = nil
|
||||
end
|
||||
set_domain_dns(line, fwd_dns)
|
||||
set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
|
||||
end
|
||||
end
|
||||
end
|
||||
log(string.format(" - 中国域名表(chnroute):%s", fwd_dns or "默认"))
|
||||
end
|
||||
else
|
||||
|
||||
Loading…
Reference in New Issue
Block a user