From 741691df897db56f3bfbdb8b752bb9aeb3e4c468 Mon Sep 17 00:00:00 2001 From: gitea-action Date: Fri, 18 Apr 2025 18:01:43 +0800 Subject: [PATCH] luci-app-passwall: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall/commit/bc93d576282d852d729437ec9443cb9e99bb73aa --- .../luasrc/model/cbi/passwall/client/global.lua | 4 ++-- luci-app-passwall/root/usr/share/passwall/app.sh | 6 ++++-- patch-luci-app-passwall.patch | 6 +++--- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 7e1353c2e..5d01c8f8a 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -612,8 +612,8 @@ end o = s:taboption("DNS", Flag, "chinadns_ng_cert_verify", translate("DoT Cert verify"), translate("Verify DoT SSL cert. (May fail on some platforms!)")) o.default = "0" -o:depends({dns_shunt = "chinadns-ng", direct_dns_mode = "dot"}) -o:depends({dns_shunt = "chinadns-ng", dns_mode = "dot"}) +o:depends({direct_dns_mode = "dot"}) +o:depends({dns_mode = "dot"}) o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices.")) o.default = "0" diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index e5e0f9831..50a8dec29 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1421,12 +1421,13 @@ start_dns() { dot) if [ "$chinadns_tls" != "nil" ]; then local DIRECT_DNS=$(config_t_get global direct_dns_dot "tls://dot.pub@1.12.12.12") + local cert_verify=$([ "$(config_t_get global chinadns_ng_cert_verify 0)" = "1" ] && echo "--cert-verify") china_ng_local_dns=${DIRECT_DNS} #当全局(包括访问控制节点)开启chinadns-ng时,不启动新进程。 [ "$DNS_SHUNT" != "chinadns-ng" ] || [ "$ACL_RULE_DNSMASQ" = "1" ] && { LOCAL_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn ${cert_verify} echolog " - ChinaDNS-NG(${LOCAL_DNS}) -> ${DIRECT_DNS}" echolog " * 请确保上游直连 DNS 支持 DoT 查询。" NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1) @@ -1543,12 +1544,13 @@ start_dns() { if [ "$chinadns_tls" != "nil" ]; then local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT} local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://one.one.one.one@1.1.1.1") + local cert_verify=$([ "$(config_t_get global chinadns_ng_cert_verify 0)" = "1" ] && echo "--cert-verify") local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p') local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p') REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}" [ "$DNS_SHUNT" != "chinadns-ng" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} ${cert_verify} echolog " - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}" } else diff --git a/patch-luci-app-passwall.patch b/patch-luci-app-passwall.patch index 68058411e..dee06b057 100644 --- a/patch-luci-app-passwall.patch +++ b/patch-luci-app-passwall.patch @@ -20,7 +20,7 @@ index 485b59c..6d2ddf4 100644 define Package/$(PKG_NAME)/postrm diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua -index 7aae40f..7e1353c 100644 +index 9672c44..5d01c8f 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -506,6 +506,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)") @@ -36,8 +36,8 @@ index 7aae40f..7e1353c 100644 o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "tcp"}) o:depends({dns_mode = "udp"}) -@@ -610,7 +616,7 @@ o:depends({dns_shunt = "chinadns-ng", direct_dns_mode = "dot"}) - o:depends({dns_shunt = "chinadns-ng", dns_mode = "dot"}) +@@ -610,7 +616,7 @@ o:depends({direct_dns_mode = "dot"}) + o:depends({dns_mode = "dot"}) o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices.")) -o.default = "1"