zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci: dnsmasq filtering IPv6 when chinadns-ng is enabled

Browse Source 
* dnsmasq filtering IPv6 when chinadns-ng is enabled

* fix global mode

* fix typo
This commit is contained in:
ud3v0id 2023-09-20 15:45:47 +08:00 committed by sbwml
parent 327e6f4ff6
commit 63fbd3b190
2 changed files with 60 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1214,7 +1214,6 @@ stop_crontab() {
start_dns() { start_dns() {
TUN_DNS="127.0.0.1#${dns_listen_port}" TUN_DNS="127.0.0.1#${dns_listen_port}"
DNSMASQ_FILTER_IPV6=$FILTER_PROXY_IPV6
echolog "过滤服务配置:准备接管域名解析..." echolog "过滤服务配置:准备接管域名解析..."
[ "$ENABLED_ACLS" == 1 ] && { [ "$ENABLED_ACLS" == 1 ] && {
@ -1329,7 +1328,6 @@ start_dns() {
[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && { [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && {
[ "$FILTER_PROXY_IPV6" = "1" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && {
local _no_ipv6_rules="gt" local _no_ipv6_rules="gt"
DNSMASQ_FILTER_IPV6=0
} }
local china_ng_listen_port=$(expr $dns_listen_port + 1) local china_ng_listen_port=$(expr $dns_listen_port + 1)
local china_ng_listen="127.0.0.1#${china_ng_listen_port}" local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
@ -1354,7 +1352,7 @@ start_dns() {
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \ lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \
-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \ -DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHNROUTE_MODE_DEFAULT_DNS "${WHEN_CHNROUTE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \ -TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -CHNROUTE_MODE_DEFAULT_DNS "${WHEN_CHNROUTE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_IPV6:-0} -NFTFLAG ${nftflag:-0} \ -TCP_NODE ${TCP_NODE} -PROXY_MODE "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${ACL_TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
-NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
} }
} }
@ -1482,11 +1480,9 @@ acl_app() {
eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port} eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
} }
local _dnsmasq_filter_ipv6=$filter_proxy_ipv6
[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && { [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && {
[ "$filter_proxy_ipv6" = "1" ] && { [ "$filter_proxy_ipv6" = "1" ] && {
local _no_ipv6_rules="gt" local _no_ipv6_rules="gt"
_dnsmasq_filter_ipv6=0
} }
chinadns_port=$(expr $chinadns_port + 1) chinadns_port=$(expr $chinadns_port + 1)
_china_ng_listen="127.0.0.1#${chinadns_port}" _china_ng_listen="127.0.0.1#${chinadns_port}"
@ -1532,7 +1528,7 @@ acl_app() {
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \ lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \
-DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \ -DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \ -TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
-TCP_NODE $tcp_node -PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${_dnsmasq_filter_ipv6:-0} -NFTFLAG ${nftflag:-0} \ -TCP_NODE $tcp_node -PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${filter_proxy_ipv6:-0} -NFTFLAG ${nftflag:-0} \
-NO_LOGIC_LOG 1 -NO_LOGIC_LOG 1
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port} eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
@ -1650,7 +1646,7 @@ acl_app() {
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_rules _china_ng_extra_param _dnsmasq_filter_ipv6 unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_rules _china_ng_extra_param
unset redirect_dns_port unset redirect_dns_port
done done
unset socks_port redir_port dns_port dnsmasq_port chinadns_port unset socks_port redir_port dns_port dnsmasq_port chinadns_port

104
luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
View File

@ -286,66 +286,72 @@ if not fs.access(CACHE_DNS_PATH) then
end end
end end
end) end)
elseif only_global == 1 and NO_PROXY_IPV6 == "1" then
--节点:固定节点
--代理模式:全局模式
--过滤代理域名 IPv6启用
--禁止解析所有IPv6记录
list1["#"] = {
dns = {},
ipsets = {},
address = "::"
}
end end
--如果没有使用回国模式 if not only_global then
if not returnhome then --如果没有使用回国模式
if fs.access("/usr/share/passwall/rules/gfwlist") then if not returnhome then
fwd_dns = TUN_DNS if fs.access("/usr/share/passwall/rules/gfwlist") then
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then fwd_dns = TUN_DNS
fwd_dns = nil if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
else fwd_dns = nil
local ipset_flag = setflag_4 .. "passwall_gfwlist," .. setflag_6 .. "passwall_gfwlist6" else
if NO_PROXY_IPV6 == "1" then local ipset_flag = setflag_4 .. "passwall_gfwlist," .. setflag_6 .. "passwall_gfwlist6"
ipset_flag = setflag_4 .. "passwall_gfwlist" if NO_PROXY_IPV6 == "1" then
end ipset_flag = setflag_4 .. "passwall_gfwlist"
if not only_global then end
if REMOTE_FAKEDNS == "1" then if REMOTE_FAKEDNS == "1" then
ipset_flag = nil ipset_flag = nil
end end
end local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"') for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
for line in string.gmatch(gfwlist_str, "[^\r\n]+") do if line ~= "" then
if line ~= "" then if NO_PROXY_IPV6 == "1" then
if NO_PROXY_IPV6 == "1" then set_domain_address(line, "::")
set_domain_address(line, "::") end
end
if not only_global then
set_domain_dns(line, fwd_dns) set_domain_dns(line, fwd_dns)
set_domain_ipset(line, ipset_flag) set_domain_ipset(line, ipset_flag)
end end
end end
end end
log(string.format(" - 防火墙域名表(gfwlist)%s", fwd_dns or "默认"))
end end
log(string.format(" - 防火墙域名表(gfwlist)%s", fwd_dns or "默认"))
end
if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then if chnlist and fs.access("/usr/share/passwall/rules/chnlist") and (CHNROUTE_MODE_DEFAULT_DNS == "remote" or (CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0")) then
fwd_dns = LOCAL_DNS fwd_dns = LOCAL_DNS
if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
fwd_dns = nil fwd_dns = nil
else else
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then
set_domain_dns(line, fwd_dns)
set_domain_ipset(line, setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6")
end
end
end
log(string.format(" - 中国域名表(chnroute)%s", fwd_dns or "默认"))
end
else
if fs.access("/usr/share/passwall/rules/chnlist") then
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"') local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(chnlist_str, "[^\r\n]+") do for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then if line ~= "" then
set_domain_dns(line, fwd_dns) local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
set_domain_ipset(line, setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6") if NO_PROXY_IPV6 == "1" then
end ipset_flag = setflag_4 .. "passwall_chnroute"
end set_domain_address(line, "::")
end end
log(string.format(" - 中国域名表(chnroute)%s", fwd_dns or "默认"))
end
else
if fs.access("/usr/share/passwall/rules/chnlist") then
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then
local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
if NO_PROXY_IPV6 == "1" then
ipset_flag = setflag_4 .. "passwall_chnroute"
set_domain_address(line, "::")
end
if not only_global then
set_domain_dns(line, TUN_DNS) set_domain_dns(line, TUN_DNS)
if REMOTE_FAKEDNS == "1" then if REMOTE_FAKEDNS == "1" then
ipset_flag = nil ipset_flag = nil
@ -353,8 +359,8 @@ if not fs.access(CACHE_DNS_PATH) then
set_domain_ipset(line, ipset_flag) set_domain_ipset(line, ipset_flag)
end end
end end
log(string.format(" - 中国域名表(chnroute)%s", TUN_DNS or "默认"))
end end
log(string.format(" - 中国域名表(chnroute)%s", TUN_DNS or "默认"))
end end
end end
@ -367,7 +373,11 @@ if not fs.access(CACHE_DNS_PATH) then
end end
for key, value in pairs(list1) do for key, value in pairs(list1) do
if value.address then if value.address then
address_out:write(string.format("address=/.%s/%s\n", key, value.address)) local domain = "." .. key
if key == "#" then
domain = key
end
address_out:write(string.format("address=/%s/%s\n", domain, value.address))
end end
if value.dns and #value.dns > 0 then if value.dns and #value.dns > 0 then
for i, dns in ipairs(value.dns) do for i, dns in ipairs(value.dns) do