luci-app-homeproxy: sync upstream

last commit: 4afced1481
2025-01-05 21:30:17 +08:00 · 2025-01-05 21:30:17 +08:00 · 4e2387b683
commit 4e2387b683
parent 4a8618e3d7
9 changed files with 959 additions and 918 deletions
--- a/luci-app-homeproxy/Makefile
+++ b/luci-app-homeproxy/Makefile
@ -8,7 +8,6 @@ LUCI_TITLE:=The modern ImmortalWrt proxy platform for ARM64/AMD64
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:= \
 	+sing-box \
 	+chinadns-ng \
 	+firewall4 \
 	+kmod-nft-tproxy
--- a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
+++ b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
@ -156,7 +156,7 @@ return view.extend({
 		o.rmempty = false;
 		o = s.taboption('routing', form.Value, 'dns_server', _('DNS server'),
-			_('It MUST support TCP query.'));
+			_('Support UDP, TCP, DoH, DoT, DoQ. TCP protocol will be used if not specified.'));
 		o.value('wan', _('WAN DNS (read from interface)'));
 		o.value('1.1.1.1', _('CloudFlare Public DNS (1.1.1.1)'));
 		o.value('208.67.222.222', _('Cisco Public DNS (208.67.222.222)'));
@ -170,53 +170,61 @@ return view.extend({
 		o.depends({'routing_mode': 'custom', '!reverse': true});
 		o.validate = function(section_id, value) {
 			if (section_id && !['wan'].includes(value)) {
 				var ipv6_support = this.map.lookupOption('ipv6_support', section_id)[0].formvalue(section_id);
 				if (!value)
 					return _('Expecting: %s').format(_('non-empty value'));
-				else if (!stubValidator.apply((ipv6_support === '1') ? 'ipaddr' : 'ip4addr', value))
+
-					return _('Expecting: %s').format(_('valid IP address'));
+				var ipv6_support = this.map.lookupOption('ipv6_support', section_id)[0].formvalue(section_id);
 				try {
 					var url = new URL(value);
 					if (stubValidator.apply('hostname', url.hostname))
 						return true;
 					else if (stubValidator.apply('ip4addr', url.hostname))
 						return true;
 					else if ((ipv6_support === '1') && stubValidator.apply('ip6addr', url.hostname.match(/^\[(.+)\]$/)?.[1]))
 						return true;
 					else
 						return _('Expecting: %s').format(_('valid DNS server address'));
 				} catch(e) {}
 				if (!stubValidator.apply((ipv6_support === '1') ? 'ipaddr' : 'ip4addr', value))
 					return _('Expecting: %s').format(_('valid DNS server address'));
 			}
 			return true;
 		}
-		if (features.hp_has_chinadns_ng) {
+		o = s.taboption('routing', form.Value, 'china_dns_server', _('China DNS server'),
-			o = s.taboption('routing', form.DynamicList, 'china_dns_server', _('China DNS server'));
+			_('The dns server for resolving China domains. Support UDP, TCP, DoH, DoT, DoQ.'));
-			o.value('wan', _('WAN DNS (read from interface)'));
+		o.value('wan', _('WAN DNS (read from interface)'));
-			o.value('223.5.5.5', _('Aliyun Public DNS (223.5.5.5)'));
+		o.value('223.5.5.5', _('Aliyun Public DNS (223.5.5.5)'));
-			o.value('210.2.4.8', _('CNNIC Public DNS (210.2.4.8)'));
+		o.value('210.2.4.8', _('CNNIC Public DNS (210.2.4.8)'));
-			o.value('119.29.29.29', _('Tencent Public DNS (119.29.29.29)'));
+		o.value('119.29.29.29', _('Tencent Public DNS (119.29.29.29)'));
-			o.value('117.50.10.10', _('ThreatBook Public DNS (117.50.10.10)'));
+		o.value('117.50.10.10', _('ThreatBook Public DNS (117.50.10.10)'));
-			o.depends('routing_mode', 'bypass_mainland_china');
+		o.depends('routing_mode', 'bypass_mainland_china');
-			o.validate = function(section_id) {
+		o.default = '223.5.5.5';
-				if (section_id) {
+		o.rmempty = false;
-					var value = this.map.lookupOption('china_dns_server', section_id)[0].formvalue(section_id);
+		o.validate = function(section_id, value) {
-					if (value.length < 1)
+			if (section_id && !['wan'].includes(value)) {
 				if (!value)
 					return _('Expecting: %s').format(_('non-empty value'));
 				try {
 					var url = new URL(value);
 					if (stubValidator.apply('hostname', url.hostname))
 						return true;
 					else if (stubValidator.apply('ip4addr', url.hostname))
 						return true;
 					else if (stubValidator.apply('ip6addr', url.hostname.match(/^\[(.+)\]$/)?.[1]))
 						return true;
 					else
 						return _('Expecting: %s').format(_('valid DNS server address'));
 				} catch(e) {}
-					if (!features.hp_has_chinadns_ng_v2 && value.length > 2)
+				if (!stubValidator.apply('ipaddr', value))
-						return _('You can only have two servers set at maximum.');
+					return _('Expecting: %s').format(_('valid DNS server address'));
 					for (var dns of value) {
 						var ipv6_support = this.map.lookupOption('ipv6_support', section_id)[0].formvalue(section_id);
 						if (dns === 'wan') {
 							continue;
 						} else {
 							var err = _('Expecting: %s').format(_('valid address#port'));
 							dns = dns.split('#');
 							if (dns.length > 2)
 								return err;
 							if (!stubValidator.apply((ipv6_support === '1') ? 'ipaddr' : 'ip4addr', dns[0]))
 								return err;
 							if (dns[1] && !stubValidator.apply('port', dns[1]))
 								return err;
 						}
 					}
 				}
 				return true;
 			}
 			return true;
 		}
 		o = s.taboption('routing', form.ListValue, 'routing_mode', _('Routing mode'));
@ -739,12 +747,11 @@ return view.extend({
 		so = ss.option(form.Flag, 'cache_file_store_rdrc', _('Store RDRC'),
 			_('Store rejected DNS response cache.<br/>' +
 			'The check results of <code>Address filter DNS rule items</code> will be cached until expiration.'));
 		so.ucisection = 'experimental';
 		so.default = so.disabled;
 		so = ss.option(form.Value, 'cache_file_rdrc_timeout', _('RDRC timeout'),
-			_('Timeout of rejected DNS response cache. <code>7d</code> is used by default.'));
+			_('Timeout of rejected DNS response cache in seconds. <code>604800 (7d)</code> is used by default.'));
-		so.ucisection = 'experimental';
+		so.datatype = 'uinteger';
 		so.depends('cache_file_store_rdrc', '1');
 		/* DNS settings end */
@ -773,8 +780,31 @@ return view.extend({
 		so.editable = true;
 		so = ss.option(form.Value, 'address', _('Address'),
-			_('The address of the dns server. Support UDP, TCP, DoT, DoH and RCode.'));
+			_('The address of the dns server. Support UDP, TCP, DoH, DoT, DoQ and RCode.'));
 		so.rmempty = false;
 		so.validate = function(section_id, value) {
 			if (section_id) {
 				if (!value)
 					return _('Expecting: %s').format(_('non-empty value'));
 				try {
 					var url = new URL(value);
 					if (stubValidator.apply('hostname', url.hostname))
 						return true;
 					else if (stubValidator.apply('ip4addr', url.hostname))
 						return true;
 					else if (stubValidator.apply('ip6addr', url.hostname.match(/^\[(.+)\]$/)?.[1]))
 						return true;
 					else
 						return _('Expecting: %s').format(_('valid DNS server address'));
 				} catch(e) {}
 				if (!stubValidator.apply('ipaddr', value))
 					return _('Expecting: %s').format(_('valid DNS server address'));
 			}
 			return true;
 		}
 		so = ss.option(form.ListValue, 'address_resolver', _('Address resolver'),
 			_('Tag of a another server to resolve the domain name in the address. Required if address contains domain.'));
@ -818,6 +848,7 @@ return view.extend({
 			_('Default domain strategy for resolving the domain names.'));
 		for (var i in hp.dns_strategy)
 			so.value(i, hp.dns_strategy[i]);
 		so.editable = true;
 		so = ss.option(form.ListValue, 'outbound', _('Outbound'),
 			_('Tag of an outbound for connecting to the dns server.'));
@ -1070,7 +1101,7 @@ return view.extend({
 		/* Custom routing settings end */
 		/* Rule set settings start */
-		s.tab('ruleset', _('Rule set'));
+		s.tab('ruleset', _('Rule Set'));
 		o = s.taboption('ruleset', form.SectionValue, '_ruleset', form.GridSection, 'ruleset');
 		o.depends('routing_mode', 'custom');
--- a/luci-app-homeproxy/po/templates/homeproxy.pot
+++ b/luci-app-homeproxy/po/templates/homeproxy.pot
--- a/luci-app-homeproxy/po/zh_Hans/homeproxy.po
+++ b/luci-app-homeproxy/po/zh_Hans/homeproxy.po
--- a/luci-app-homeproxy/root/etc/config/homeproxy
+++ b/luci-app-homeproxy/root/etc/config/homeproxy
@ -6,7 +6,6 @@ config homeproxy 'infra'
 	option redirect_port '5331'
 	option tproxy_port '5332'
 	option dns_port '5333'
 	option china_dns_port '5334'
 	option udp_timeout ''
 	option tun_name 'singtun0'
 	option tun_addr4 '172.19.0.1/30'
--- a/luci-app-homeproxy/root/etc/homeproxy/scripts/generate_client.uc
+++ b/luci-app-homeproxy/root/etc/homeproxy/scripts/generate_client.uc
@ -30,7 +30,6 @@ uci.load(uciconfig);
 const uciinfra = 'infra',
      ucimain = 'config',
      uciexp = 'experimental',
      ucicontrol = 'control';
 const ucidnssetting = 'dns',
@ -53,8 +52,9 @@ if (!wan_dns)
 const dns_port = uci.get(uciconfig, uciinfra, 'dns_port') || '5333';
 let main_node, main_udp_node, dedicated_udp_node, default_outbound, domain_strategy, sniff_override = '1',
-    dns_server, dns_default_strategy, dns_default_server, dns_disable_cache, dns_disable_cache_expire,
+    dns_server, china_dns_server, dns_default_strategy, dns_default_server, dns_disable_cache,
-    dns_independent_cache, dns_client_subnet, direct_domain_list, proxy_domain_list;
+    dns_disable_cache_expire, dns_independent_cache, dns_client_subnet, cache_file_store_rdrc,
    cache_file_rdrc_timeout, direct_domain_list, proxy_domain_list;
 if (routing_mode !== 'custom') {
 	main_node = uci.get(uciconfig, ucimain, 'main_node') || 'nil';
@ -65,6 +65,12 @@ if (routing_mode !== 'custom') {
 	if (isEmpty(dns_server) || dns_server === 'wan')
 		dns_server = wan_dns;
 	if (routing_mode === 'bypass_mainland_china') {
 		china_dns_server = uci.get(uciconfig, ucimain, 'china_dns_server');
 		if (isEmpty(china_dns_server) || type(china_dns_server) !== 'string' || china_dns_server === 'wan')
 			china_dns_server = wan_dns;
 	}
 	direct_domain_list = trim(readfile(HP_DIR + '/resources/direct_list.txt'));
 	if (direct_domain_list)
 		direct_domain_list = split(direct_domain_list, /[\r\n]/);
@ -80,6 +86,8 @@ if (routing_mode !== 'custom') {
 	dns_disable_cache_expire = uci.get(uciconfig, ucidnssetting, 'disable_cache_expire');
 	dns_independent_cache = uci.get(uciconfig, ucidnssetting, 'independent_cache');
 	dns_client_subnet = uci.get(uciconfig, ucidnssetting, 'client_subnet');
 	cache_file_store_rdrc = uci.get(uciconfig, ucidnssetting, 'cache_file_store_rdrc'),
 	cache_file_rdrc_timeout = uci.get(uciconfig, ucidnssetting, 'cache_file_rdrc_timeout');
 	/* Routing settings */
 	default_outbound = uci.get(uciconfig, uciroutingsetting, 'default_outbound') || 'nil';
@ -91,9 +99,6 @@ const proxy_mode = uci.get(uciconfig, ucimain, 'proxy_mode') || 'redirect_tproxy
      ipv6_support = uci.get(uciconfig, ucimain, 'ipv6_support') || '0',
      default_interface = uci.get(uciconfig, ucicontrol, 'bind_interface');
 const cache_file_store_rdrc = uci.get(uciconfig, uciexp, 'cache_file_store_rdrc'),
      cache_file_rdrc_timeout = uci.get(uciconfig, uciexp, 'cache_file_rdrc_timeout');
 const mixed_port = uci.get(uciconfig, uciinfra, 'mixed_port') || '5330';
 let self_mark, redirect_port, tproxy_port,
    tun_name, tun_addr4, tun_addr6, tun_mtu, tun_gso,
@ -367,22 +372,27 @@ config.dns = {
 };
 if (!isEmpty(main_node)) {
-	/* Avoid DNS loop */
+	/* Main DNS */
-	const main_node_addr = uci.get(uciconfig, main_node, 'address');
+	let default_final_dns = 'default-dns';
-	if (validateHostname(main_node_addr))
+	if (dns_server !== wan_dns) {
-		push(config.dns.rules, {
+		push(config.dns.servers, {
-			domain: main_node_addr,
+			tag: 'main-dns',
-			server: 'default-dns'
+			address: !match(dns_server, /:\/\//) ? 'tcp://' + (validation('ip6addr', dns_server) ? `[${dns_server}]` : dns_server) : dns_server,
 			strategy: (ipv6_support !== '1') ? 'ipv4_only' : null,
 			address_resolver: 'default-dns',
 			address_strategy: (ipv6_support !== '1') ? 'ipv4_only' : null,
 			detour: 'main-out'
 		});
-	if (dedicated_udp_node) {
+		default_final_dns = 'main-dns';
 		const main_udp_node_addr = uci.get(uciconfig, main_udp_node, 'address');
 		if (validateHostname(main_udp_node_addr))
 			push(config.dns.rules, {
 				domain: main_udp_node_addr,
 				server: 'default-dns'
 			});
 	}
 	config.dns.final = default_final_dns;
 	/* Avoid DNS loop */
 	push(config.dns.rules, {
 		outbound: 'any',
 		server: 'default-dns'
 	});
 	if (direct_domain_list)
 		push(config.dns.rules, {
@ -398,23 +408,38 @@ if (!isEmpty(main_node)) {
 			server: 'block-dns'
 		});
-	if (isEmpty(config.dns.rules))
+	if (routing_mode === 'bypass_mainland_china') {
 		config.dns.rules = null;
 	let default_final_dns = 'default-dns';
 	/* Main DNS */
 	if (dns_server !== wan_dns) {
 		push(config.dns.servers, {
-			tag: 'main-dns',
+			tag: 'china-dns',
-			address: 'tcp://' + (validation('ip6addr', dns_server) ? `[${dns_server}]` : dns_server),
+			address: china_dns_server,
-			strategy: (ipv6_support !== '1') ? 'ipv4_only' : null,
+			detour: 'direct-out'
 			detour: 'main-out'
 		});
-		default_final_dns = 'main-dns';
+		if (proxy_domain_list)
-	}
+			push(config.dns.rules, {
 				domain_keyword: proxy_domain_list,
 				server: default_final_dns
 			});
-	config.dns.final = default_final_dns;
+		push(config.dns.rules, {
 			rule_set: 'geosite-cn',
 			server: 'china-dns'
 		});
 		push(config.dns.rules, {
 			type: 'logical',
 			mode: 'and',
 			rules: [
 				{
 					rule_set: 'geosite-noncn',
 					invert: true
 				},
 				{
 					rule_set: 'geoip-cn'
 				}
 			],
 			server: 'china-dns'
 		});
 	}
 } else if (!isEmpty(default_outbound)) {
 	/* DNS servers */
 	uci.foreach(uciconfig, ucidnsserver, (cfg) => {
@ -460,7 +485,6 @@ if (!isEmpty(main_node)) {
 			process_path_regex: cfg.process_path_regex,
 			user: cfg.user,
 			rule_set: get_ruleset(cfg.rule_set),
 			/* rule_set_ipcidr_match_source is deprecated in sing-box 1.10.0 */
 			rule_set_ip_cidr_match_source: (cfg.rule_set_ip_cidr_match_source  === '1') || null,
 			invert: (cfg.invert === '1') || null,
 			outbound: get_outbound(cfg.outbound),
@ -617,6 +641,7 @@ config.route = {
 			outbound: 'dns-out'
 		}
 	],
 	rule_set: [],
 	auto_detect_interface: isEmpty(default_interface) ? true : null,
 	default_interface: default_interface
 };
@ -638,6 +663,31 @@ if (!isEmpty(main_node)) {
 		});
 	config.route.final = 'main-out';
 	/* Rule set */
 	if (routing_mode === 'bypass_mainland_china') {
 		push(config.route.rule_set, {
 			type: 'remote',
 			tag: 'geoip-cn',
 			format: 'binary',
 			url: 'https://github.com/1715173329/IPCIDR-CHINA/raw/rule-set/cn.srs',
 			download_detour: 'main-out'
 		});
 		push(config.route.rule_set, {
 			type: 'remote',
 			tag: 'geosite-cn',
 			format: 'binary',
 			url: 'https://github.com/1715173329/sing-geosite/raw/rule-set-unstable/geosite-geolocation-cn.srs',
 			download_detour: 'main-out'
 		});
 		push(config.route.rule_set, {
 			type: 'remote',
 			tag: 'geosite-noncn',
 			format: 'binary',
 			url: 'https://github.com/1715173329/sing-geosite/raw/rule-set-unstable/geosite-geolocation-!cn.srs',
 			download_detour: 'main-out'
 		});
 	}
 } else if (!isEmpty(default_outbound)) {
 	uci.foreach(uciconfig, uciroutingrule, (cfg) => {
 		if (cfg.enabled !== '1')
@ -673,11 +723,8 @@ if (!isEmpty(main_node)) {
 	});
 	config.route.final = get_outbound(default_outbound);
 };
-/* Rule set */
+	/* Rule set */
 if (routing_mode === 'custom') {
 	config.route.rule_set = [];
 	uci.foreach(uciconfig, uciruleset, (cfg) => {
 		if (cfg.enabled !== '1')
 			return null;
@ -696,13 +743,13 @@ if (routing_mode === 'custom') {
 /* Routing rules end */
 /* Experimental start */
-if (routing_mode === 'custom') {
+if (routing_mode in ['bypass_mainland_china', 'custom']) {
 	config.experimental = {
 		cache_file: {
 			enabled: true,
 			path: RUN_DIR + '/cache.db',
 			store_rdrc: (cache_file_store_rdrc === '1') || null,
-			rdrc_timeout: cache_file_rdrc_timeout
+			rdrc_timeout: cache_file_rdrc_timeout ? (cache_file_rdrc_timeout + 's') : null,
 		}
 	};
 }
--- a/luci-app-homeproxy/root/etc/init.d/homeproxy
+++ b/luci-app-homeproxy/root/etc/init.d/homeproxy
@ -72,45 +72,28 @@ start_service() {
 		fi
 		# DNSMasq rules
-		local ipv6_support
+		local ipv6_support dns_port
 		config_get_bool ipv6_support "config" "ipv6_support" "0"
 		local dns_port china_dns_server china_dns_port
 		config_get dns_port "infra" "dns_port" "5333"
 		mkdir -p "$DNSMASQ_DIR"
 		echo -e "conf-dir=$DNSMASQ_DIR" > "$DNSMASQ_DIR/../dnsmasq-homeproxy.conf"
 		case "$routing_mode" in
-		"gfwlist")
+		"bypass_mainland_china"|"custom"|"global")
 			[ "$ipv6_support" -eq "0" ] || local gfw_nftset_v6=",6#inet#fw4#homeproxy_gfw_list_v6"
 			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port\nnftset=\/\1\\/4#inet#fw4#homeproxy_gfw_list_v4$gfw_nftset_v6/g" \
 				"$HP_DIR/resources/gfw_list.txt" > "$DNSMASQ_DIR/gfw_list.conf"
 			;;
 		"bypass_mainland_china")
 			config_get china_dns_server "config" "china_dns_server"
 			config_get china_dns_port "infra" "china_dns_port" "5334"
 			if [ -e "/usr/bin/chinadns-ng" ] && [ -n "$china_dns_server" ]; then
 				cat <<-EOF >> "$DNSMASQ_DIR/redirect-dns.conf"
 					no-poll
 					no-resolv
 					server=127.0.0.1#$china_dns_port
 				EOF
 			else
 				china_dns_server=""
 				sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port/g" \
 					"$HP_DIR/resources/gfw_list.txt" > "$DNSMASQ_DIR/gfw_list.conf"
 			fi
 			;;
 		"proxy_mainland_china")
 			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port/g" \
 				"$HP_DIR/resources/china_list.txt" > "$DNSMASQ_DIR/china_list.conf"
 			;;
 		"custom"|"global")
 			cat <<-EOF >> "$DNSMASQ_DIR/redirect-dns.conf"
 				no-poll
 				no-resolv
 				server=127.0.0.1#$dns_port
 			EOF
 			;;
 		"gfwlist")
 			[ "$ipv6_support" -eq "0" ] || local gfw_nftset_v6=",6#inet#fw4#homeproxy_gfw_list_v6"
 			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port\nnftset=\/\1\\/4#inet#fw4#homeproxy_gfw_list_v4$gfw_nftset_v6/g" \
 				"$HP_DIR/resources/gfw_list.txt" > "$DNSMASQ_DIR/gfw_list.conf"
 			;;
 		"proxy_mainland_china")
 			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port/g" \
 				"$HP_DIR/resources/china_list.txt" > "$DNSMASQ_DIR/china_list.conf"
 			;;
 		esac
 		if [ "$routing_mode" != "custom" ] && [ -s "$HP_DIR/resources/proxy_list.txt" ]; then
@ -167,6 +150,7 @@ start_service() {
 			procd_add_jail "sing-box-c" log procfs
 			procd_add_jail_mount "$RUN_DIR/sing-box-c.json"
 			procd_add_jail_mount_rw "$RUN_DIR/sing-box-c.log"
 			procd_add_jail_mount_rw "$RUN_DIR/cache.db"
 			procd_add_jail_mount "$HP_DIR/certs/"
 			procd_add_jail_mount "/etc/ssl/"
 			procd_add_jail_mount "/etc/localtime"
@ -183,53 +167,6 @@ start_service() {
 		procd_set_param respawn
 		procd_close_instance
 		# chinadns-ng
 		if [ -n "$china_dns_server" ]; then
 			local wandns="$(ifstatus wan | jsonfilter -e '@["dns-server"][0]' || echo "119.29.29.29")"
 			china_dns_server="${china_dns_server/wan/$wandns}"
 			china_dns_server="${china_dns_server// /,}"
 			for i in $(seq 1 "$(grep -c "processor" "/proc/cpuinfo")"); do
 				procd_open_instance "chinadns-ng-$i"
 				procd_set_param command "/usr/bin/chinadns-ng"
 				procd_append_param command --bind-port "$china_dns_port"
 				procd_append_param command --china-dns "$china_dns_server"
 				procd_append_param command --trust-dns "127.0.0.1#$dns_port"
 				procd_append_param command --ipset-name4 "inet@fw4@homeproxy_mainland_addr_v4"
 				procd_append_param command --ipset-name6 "inet@fw4@homeproxy_mainland_addr_v6"
 				procd_append_param command --chnlist-file "$HP_DIR/resources/china_list.txt"
 				procd_append_param command --gfwlist-file "$HP_DIR/resources/gfw_list.txt"
 				procd_append_param command --reuse-port
 				if chinadns-ng --version | grep -q "target:"; then
 					procd_append_param command --cache 10000
 					procd_append_param command --cache-stale 3600
 					procd_append_param command --verdict-cache 10000
 					[ "$ipv6_support" -eq "1" ] || procd_append_param command --no-ipv6=ip:non_china
 				else
 					[ "$ipv6_support" -eq "1" ] || procd_append_param command --no-ipv6=tC
 				fi
 				if [ -x "/sbin/ujail" ]; then
 					procd_add_jail "chinadns-ng" log
 					procd_add_jail_mount "$HP_DIR/resources/china_list.txt"
 					procd_add_jail_mount "$HP_DIR/resources/gfw_list.txt"
 					procd_set_param capabilities "/etc/capabilities/homeproxy.json"
 					procd_set_param no_new_privs 1
 					procd_set_param user sing-box
 					procd_set_param group sing-box
 				fi
 				procd_set_param limits core="unlimited"
 				procd_set_param limits nofile="1000000 1000000"
 				procd_set_param stderr 1
 				procd_set_param respawn
 				procd_close_instance
 			done
 		fi
 	fi
 	if [ "$server_enabled" = "1" ]; then
@ -287,17 +224,13 @@ start_service() {
 	# Update permissions for ujail
 	if [ "$outbound_node" != "nil" ]; then
 		echo > "$RUN_DIR/sing-box-c.log"
 		chown sing-box:sing-box "$RUN_DIR/sing-box-c.log"
 		chown sing-box:sing-box "$RUN_DIR/sing-box-c.json"
 		chmod 0644 "$HP_DIR/resources/gfw_list.txt"
 	fi
 	if [ "$server_enabled" = "1" ]; then
 		echo > "$RUN_DIR/sing-box-s.log"
 		chown sing-box:sing-box "$RUN_DIR/sing-box-s.log"
 		chown sing-box:sing-box "$RUN_DIR/sing-box-s.json"
 		mkdir -p "$HP_DIR/certs"
 		chown sing-box:sing-box "$HP_DIR/certs"
 	fi
 	chown -R sing-box:sing-box "$RUN_DIR"
 	# Setup firewall
 	utpl -S "$HP_DIR/scripts/firewall_pre.ut" > "$RUN_DIR/fw4_pre.nft"
--- a/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy-migration
+++ b/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy-migration
@ -3,21 +3,24 @@
 china_dns_server="$(uci -q get "homeproxy.config.china_dns_server")"
 if [ "$china_dns_server" = "wan_114" ]; then
 	uci -q delete "homeproxy.config.china_dns_server"
-	uci -q add_list "homeproxy.config.china_dns_server"="wan"
+	uci -q set "homeproxy.config.china_dns_server"="114.114.114.114"
 	uci -q add_list "homeproxy.config.china_dns_server"="114.114.114.114"
 elif echo "$china_dns_server" | grep -q ","; then
 	uci -q delete "homeproxy.config.china_dns_server"
-	for dns in ${china_dns_server//,/ }; do
+	uci -q set "homeproxy.config.china_dns_server"="${china_dns_server%%,*}"
-		uci -q add_list "homeproxy.config.china_dns_server"="$dns"
+elif echo "$china_dns_server" | grep -q " "; then
-	done
+	uci -q delete "homeproxy.config.china_dns_server"
 	uci -q set "homeproxy.config.china_dns_server"="${china_dns_server%% *}"
 fi
 if [ "$(uci -q get homeproxy.config.routing_port)" = "all" ]; then
 	uci -q delete "homeproxy.config.routing_port"
 fi
 [ -z "$(uci -q show homeproxy.experimental)" ] || uci -q delete "homeproxy.experimental"
 [ -z "$(uci -q changes "homeproxy")" ] || uci -q commit "homeproxy"
 sed -i "s/rule_set_ipcidr_match_source/rule_set_ip_cidr_match_source/g" "/etc/config/homeproxy"
 sed -i "/china_dns_port/d" "/etc/config/homeproxy"
 exit 0
--- a/luci-app-homeproxy/root/usr/share/rpcd/ucode/luci.homeproxy
+++ b/luci-app-homeproxy/root/usr/share/rpcd/ucode/luci.homeproxy
@ -173,9 +173,6 @@ const methods = {
 				fd.close();
 			}
 			features.hp_has_chinadns_ng = access('/usr/bin/chinadns-ng');
 			if (features.hp_has_chinadns_ng)
 				features.hp_has_chinadns_ng_v2 = (system('/usr/bin/chinadns-ng --version | grep -q "target:"') === 0);
 			features.hp_has_ip_full = access('/usr/libexec/ip-full');
 			features.hp_has_tcp_brutal = hasKernelModule('brutal.ko');
 			features.hp_has_tproxy = hasKernelModule('nft_tproxy.ko') || access('/etc/modules.d/nft-tproxy');