zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci: Adjust FakeDNS logic

Browse Source
This commit is contained in:
xiaorouji 2023-09-13 15:20:06 +08:00 committed by sbwml
parent 9ce7d88ee2
commit 7d1fb1a2ca
4 changed files with 162 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -281,19 +281,8 @@ dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
o = s:taboption("DNS", ListValue, "v2ray_dns_mode", " ") o = s:taboption("DNS", ListValue, "v2ray_dns_mode", " ")
o:value("tcp", "TCP") o:value("tcp", "TCP")
o:value("doh", "DoH") o:value("doh", "DoH")
o:value("fakedns", "FakeDNS")
o:depends("dns_mode", "sing-box") o:depends("dns_mode", "sing-box")
o:depends("dns_mode", "xray") o:depends("dns_mode", "xray")
o.validate = function(self, value, t)
if value == "fakedns" then
local _dns_mode = dns_mode:formvalue(t)
local _tcp_node = tcp_node:formvalue(t)
if m:get(_tcp_node, "type"):lower() ~= _dns_mode then
return nil, translatef("TCP node must be '%s' type to use FakeDNS.", _dns_mode)
end
end
return value
end
o = s:taboption("DNS", Value, "socks_server", translate("Socks Server"), translate("Make sure socks service is available on this address.")) o = s:taboption("DNS", Value, "socks_server", translate("Socks Server"), translate("Make sure socks service is available on this address."))
for k, v in pairs(socks_table) do o:value(v.id, v.remarks) end for k, v in pairs(socks_table) do o:value(v.id, v.remarks) end
@ -345,13 +334,28 @@ o.datatype = "ipaddr"
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"}) o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"}) o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy."))
o.default = "0"
o:depends({dns_mode = "sing-box"})
o:depends({dns_mode = "xray"})
o.validate = function(self, value, t)
if value and value == "1" then
local _dns_mode = dns_mode:formvalue(t)
local _tcp_node = tcp_node:formvalue(t)
if _dns_mode and _tcp_node and _tcp_node ~= "nil" then
if m:get(_tcp_node, "type"):lower() ~= _dns_mode then
return nil, translatef("TCP node must be '%s' type to use FakeDNS.", _dns_mode)
end
end
end
return value
end
o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved")) o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
o.default = "1" o.default = "1"
o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "sing-box", v2ray_dns_mode = "tcp"}) o:depends({dns_mode = "sing-box", remote_fakedns = false})
o:depends({dns_mode = "sing-box", v2ray_dns_mode = "doh"}) o:depends({dns_mode = "xray", remote_fakedns = false})
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o.rmempty = false o.rmempty = false
if api.is_finded("chinadns-ng") then if api.is_finded("chinadns-ng") then
@ -359,10 +363,8 @@ if api.is_finded("chinadns-ng") then
o.default = "0" o.default = "0"
o:depends({dns_mode = "dns2socks"}) o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "dns2tcp"}) o:depends({dns_mode = "dns2tcp"})
o:depends({dns_mode = "sing-box", v2ray_dns_mode = "tcp"}) o:depends({dns_mode = "sing-box", remote_fakedns = false})
o:depends({dns_mode = "sing-box", v2ray_dns_mode = "doh"}) o:depends({dns_mode = "xray", remote_fakedns = false})
o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
o:depends({dns_mode = "udp"}) o:depends({dns_mode = "udp"})
end end

221
luci-app-passwall/luasrc/passwall/util_sing-box.lua
View File

@ -1100,109 +1100,104 @@ function gen_config(var)
reverse_mapping = true, --在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。 reverse_mapping = true, --在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
fakeip = nil, fakeip = nil,
} }
if true then local dns_tag = "remote"
local dns_tag = "remote"
local domain = {}
local domain = {} local domain_suffix = {}
local domain_suffix = {} local domain_keyword = {}
local domain_keyword = {} local domain_regex = {}
local domain_regex = {} local geosite = {}
local geosite = {} for index, value in ipairs(dns_remote_domains) do
for index, value in ipairs(dns_remote_domains) do if value:find("geosite:") == 1 then
if value:find("geosite:") == 1 then table.insert(geosite, value:sub(1 + #"geosite:"))
table.insert(geosite, value:sub(1 + #"geosite:")) elseif value:find("regexp:") == 1 then
elseif value:find("regexp:") == 1 then table.insert(domain_regex, value:sub(1 + #"regexp:"))
table.insert(domain_regex, value:sub(1 + #"regexp:")) elseif value:find("full:") == 1 then
elseif value:find("full:") == 1 then table.insert(domain, value:sub(1 + #"full:"))
table.insert(domain, value:sub(1 + #"full:")) elseif value:find("domain:") == 1 then
elseif value:find("domain:") == 1 then table.insert(domain_keyword, value:sub(1 + #"domain:"))
table.insert(domain_keyword, value:sub(1 + #"domain:")) else
else table.insert(domain, value)
table.insert(domain, value)
end
end end
local remote_rule = { end
server = dns_tag, local remote_rule = {
domain = #domain > 0 and domain or nil, server = dns_tag,
domain_suffix = #domain_suffix > 0 and domain_suffix or nil, domain = #domain > 0 and domain or nil,
domain_keyword = #domain_keyword > 0 and domain_keyword or nil, domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
domain_regex = #domain_regex > 0 and domain_regex or nil, domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
geosite = #geosite > 0 and geosite or nil, domain_regex = #domain_regex > 0 and domain_regex or nil,
disable_cache = true, geosite = #geosite > 0 and geosite or nil,
disable_cache = true,
}
local remote_strategy = "prefer_ipv6"
if remote_dns_query_strategy == "UseIPv4" then
remote_strategy = "ipv4_only"
elseif remote_dns_query_strategy == "UseIPv6" then
remote_strategy = "ipv6_only"
end
local server = {
tag = dns_tag,
address_strategy = "prefer_ipv4",
strategy = remote_strategy,
address_resolver = "direct",
detour = dns_outTag,
}
if remote_dns_udp_server then
local server_port = tonumber(remote_dns_port) or 53
server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
end
if remote_dns_tcp_server then
server.address = remote_dns_tcp_server
end
if remote_dns_doh_url and remote_dns_doh_host then
server.address = remote_dns_doh_url
end
if server.address then
table.insert(dns.servers, server)
end
local fakedns_tag = dns_tag .. "_fakeip"
if remote_dns_fake then
dns.fakeip = {
enabled = true,
inet4_range = "198.18.0.0/16",
inet6_range = "fc00::/18",
} }
local remote_strategy = "prefer_ipv6" table.insert(dns.servers, {
if remote_dns_query_strategy == "UseIPv4" then tag = fakedns_tag,
remote_strategy = "ipv4_only" address = "fakeip",
elseif remote_dns_query_strategy == "UseIPv6" then
remote_strategy = "ipv6_only"
end
local server = {
tag = dns_tag,
address_strategy = "prefer_ipv4",
strategy = remote_strategy, strategy = remote_strategy,
address_resolver = "direct", })
detour = dns_outTag,
} if tags and tags:find("with_clash_api") then
if not experimental then
local rule_server = dns_tag experimental = {}
end
if remote_dns_udp_server then experimental.clash_api = {
local server_port = tonumber(remote_dns_port) or 53 store_fakeip = true,
server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port cache_file = "/tmp/singbox_passwall_" .. flag .. ".db"
end
if remote_dns_tcp_server then
server.address = remote_dns_tcp_server
end
if remote_dns_doh_url and remote_dns_doh_host then
server.address = remote_dns_doh_url
end
if server.address then
table.insert(dns.servers, server)
end
if remote_dns_fake then
dns.fakeip = {
enabled = true,
inet4_range = "198.18.0.0/16",
inet6_range = "fc00::/18",
} }
local fakedns_tag = dns_tag .. "_fakeip"
if not server.address then
fakedns_tag = dns_tag
end
table.insert(dns.servers, {
tag = fakedns_tag,
address = "fakeip",
strategy = remote_strategy,
})
rule_server = fakedns_tag
if tags and tags:find("with_clash_api") then
if not experimental then
experimental = {}
end
experimental.clash_api = {
store_fakeip = true,
cache_file = "/tmp/singbox_passwall_" .. flag .. ".db"
}
end
end end
end
if remote_rule.domain or remote_rule.domain_suffix or remote_rule.domain_keyword or remote_rule.domain_regex or remote_rule.geosite then
local rule = api.clone(remote_rule) if remote_rule.domain or remote_rule.domain_suffix or remote_rule.domain_keyword or remote_rule.domain_regex or remote_rule.geosite then
rule.server = rule_server local rule = api.clone(remote_rule)
table.insert(dns.rules, rule) rule.server = dns_tag
if remote_dns_fake then
rule.query_type = {
"A", "AAAA"
}
rule.server = fakedns_tag
end end
table.insert(dns.rules, rule)
end end
if direct_dns_udp_server then if direct_dns_udp_server then
@ -1266,6 +1261,26 @@ function gen_config(var)
tag = "block", tag = "block",
address = "rcode://refused", address = "rcode://refused",
}) })
local default_dns_flag = "remote"
if node_id and (tcp_redir_port or udp_redir_port) then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
else default_dns_flag = "direct"
end
if default_dns_flag == "remote" then
if remote_dns_fake then
table.insert(dns.rules, {
query_type = { "A", "AAAA" },
server = fakedns_tag
})
end
end
dns.final = default_dns_flag
table.insert(inbounds, { table.insert(inbounds, {
type = "direct", type = "direct",
@ -1285,18 +1300,6 @@ function gen_config(var)
}, },
outbound = "dns-out" outbound = "dns-out"
}) })
local default_dns_flag = "remote"
if node_id and (tcp_redir_port or udp_redir_port) then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
else default_dns_flag = "direct"
end
dns.final = default_dns_flag
end end
if inbounds or outbounds then if inbounds or outbounds then

6
luci-app-passwall/luasrc/passwall/util_xray.lua
View File

@ -999,7 +999,6 @@ function gen_config(var)
end end
if remote_dns_fake then if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {} fakedns = {}
fakedns[#fakedns + 1] = { fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16", ipPool = "198.18.0.0/16",
@ -1014,6 +1013,11 @@ function gen_config(var)
_remote_dns.address = "fakedns" _remote_dns.address = "fakedns"
end end
if not remote_dns_server then
remote_dns_server = "1.1.1.1"
remote_dns_port = 53
end
table.insert(dns.servers, _remote_dns) table.insert(dns.servers, _remote_dns)
if dns_listen_port then if dns_listen_port then

44
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -327,7 +327,7 @@ run_ipt2socks() {
run_singbox() { run_singbox() {
local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_port direct_dns_udp_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port local dns_listen_port direct_dns_port direct_dns_udp_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
local loglevel log_file config_file local loglevel log_file config_file
local _extra_param="" local _extra_param=""
eval_set_val $@ eval_set_val $@
@ -395,10 +395,8 @@ run_singbox() {
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}" [ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}" _extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;; ;;
fakedns)
_extra_param="${_extra_param} -remote_dns_fake 1"
;;
esac esac
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way" _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
lua $UTIL_SINGBOX gen_config ${_extra_param} > $config_file lua $UTIL_SINGBOX gen_config ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" $log_file run -c "$config_file" ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" $log_file run -c "$config_file"
@ -406,7 +404,7 @@ run_singbox() {
run_xray() { run_xray() {
local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port local dns_listen_port remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_fakedns dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port
local loglevel log_file config_file local loglevel log_file config_file
local _extra_param="" local _extra_param=""
eval_set_val $@ eval_set_val $@
@ -463,10 +461,8 @@ run_xray() {
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}" [ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}" _extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;; ;;
fakedns)
_extra_param="${_extra_param} -remote_dns_fake 1"
;;
esac esac
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way" _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
_extra_param="${_extra_param} -loglevel $loglevel" _extra_param="${_extra_param} -loglevel $loglevel"
lua $UTIL_XRAY gen_config ${_extra_param} > $config_file lua $UTIL_XRAY gen_config ${_extra_param} > $config_file
@ -848,21 +844,25 @@ run_redir() {
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp) local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_args="${_args} remote_dns_protocol=${v2ray_dns_mode}" _args="${_args} remote_dns_protocol=${v2ray_dns_mode}"
_args="${_args} dns_listen_port=${dns_listen_port}" _args="${_args} dns_listen_port=${dns_listen_port}"
local logout=""
case "$v2ray_dns_mode" in case "$v2ray_dns_mode" in
tcp) tcp)
_args="${_args} remote_dns_tcp_server=${REMOTE_DNS}" _args="${_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..." logout=" - 域名解析 DNS Over TCP"
;; ;;
doh) doh)
remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query") remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
_args="${_args} remote_dns_doh=${remote_dns_doh}" _args="${_args} remote_dns_doh=${remote_dns_doh}"
echolog " - 域名解析 DNS Over HTTPS..." logout=" - 域名解析 DNS Over HTTPS"
;;
fakedns)
fakedns=1
echolog " - 域名解析 Fake DNS..."
;; ;;
esac esac
local remote_fakedns=$(config_t_get global remote_fakedns 0)
[ "${remote_fakedns}" = "1" ] && {
fakedns=1
_args="${_args} remote_fakedns=1"
logout="${logout} + FakeDNS"
}
echolog ${logout}
} }
run_singbox flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args} run_singbox flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
;; ;;
@ -896,21 +896,25 @@ run_redir() {
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp) local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_args="${_args} remote_dns_protocol=${v2ray_dns_mode}" _args="${_args} remote_dns_protocol=${v2ray_dns_mode}"
_args="${_args} dns_listen_port=${dns_listen_port}" _args="${_args} dns_listen_port=${dns_listen_port}"
local logout=""
case "$v2ray_dns_mode" in case "$v2ray_dns_mode" in
tcp) tcp)
_args="${_args} remote_dns_tcp_server=${REMOTE_DNS}" _args="${_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..." logout=" - 域名解析 DNS Over TCP"
;; ;;
doh) doh)
remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query") remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
_args="${_args} remote_dns_doh=${remote_dns_doh}" _args="${_args} remote_dns_doh=${remote_dns_doh}"
echolog " - 域名解析 DNS Over HTTPS..." logout=" - 域名解析 DNS Over HTTPS"
;;
fakedns)
fakedns=1
echolog " - 域名解析 Fake DNS..."
;; ;;
esac esac
local remote_fakedns=$(config_t_get global remote_fakedns 0)
[ "${remote_fakedns}" = "1" ] && {
fakedns=1
_args="${_args} remote_fakedns=1"
logout="${logout} + FakeDNS"
}
echolog ${logout}
} }
run_xray flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args} run_xray flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
;; ;;