luci: adjustment chinadns-ng logic

* It is now can work in the gfwlist mode. * It is now can work with when chnroute default dns option.
2023-03-28 13:33:32 +08:00 · 2023-03-28 13:33:32 +08:00 · 80408356a4
commit 80408356a4
parent 2b0f1aa628
6 changed files with 71 additions and 42 deletions
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=4.61
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@ -295,6 +295,15 @@ o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
 o.datatype = "ipaddr"
 o:depends("v2ray_dns_mode", "doh")

+if api.is_finded("chinadns-ng") then
+	o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
+	o.default = "0"
+	o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "dns2socks"})
+	o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "xray"})
+	o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks"})
+	o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray"})
+end
+
 if has_chnlist then
 	when_chnroute_default_dns = s:option(ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
 	when_chnroute_default_dns.default = "direct"
@ -303,13 +312,8 @@ if has_chnlist then
 	when_chnroute_default_dns.description = "<ul>"
 	.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
 	.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
-	if api.is_finded("chinadns-ng") then
-		when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
-		when_chnroute_default_dns.default = "chinadns_ng"
-	end
-	when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "</li></ul>"
+	.. "</ul>"
 	when_chnroute_default_dns:depends("tcp_proxy_mode", "chnroute")
-	when_chnroute_default_dns:depends("udp_proxy_mode", "chnroute")
 end

 return m
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@ -275,6 +275,16 @@ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
 o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
 o.rmempty = false

+if api.is_finded("chinadns-ng") then
+	o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
+	o.default = "0"
+	o:depends({dns_mode = "dns2socks"})
+	o:depends({dns_mode = "dns2tcp"})
+	o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
+	o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
+	o:depends({dns_mode = "udp"})
+end
+
 if has_chnlist then
 	when_chnroute_default_dns = s:taboption("DNS", ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS"))
 	when_chnroute_default_dns.default = "direct"
@ -283,11 +293,7 @@ if has_chnlist then
 	when_chnroute_default_dns.description = "<ul>"
 	.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
 	.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>"
-	if api.is_finded("chinadns-ng") then
-		when_chnroute_default_dns:value("chinadns_ng", translate("ChinaDNS-NG"))
-		when_chnroute_default_dns.default = "chinadns_ng"
-	end
-	when_chnroute_default_dns.description = when_chnroute_default_dns.description .. "</li></ul>"
+	.. "</ul>"
 end

 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@ -151,6 +151,9 @@ msgstr "用于 DNS 查询时通知 DNS 服务器，客户端所在的地理位
 msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
 msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet（RFC7871）。"

+msgid "The effect is better, but will increase the memory."
+msgstr "效果更好，但会增加内存使用。"
+
 msgid "When using the chnroute list the default DNS"
 msgstr "当使用中国列表外时的默认DNS"

--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -1133,35 +1133,43 @@ start_dns() {
 	[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 TCP 查询，如非直连地址，确保 TCP 代理打开，并且已经正确转发！"
 	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 要求代理 DNS 请求，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"

-	[ -n "$chnlist" ] && [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
+	[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && {
 		china_ng_listen_port=$(expr $dns_listen_port + 1)
 		china_ng_listen="127.0.0.1#${china_ng_listen_port}"
 		china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
 		china_ng_gfw="${TUN_DNS}"
 		echolog "  | - (chinadns-ng) 最高支持4级域名过滤..."

-		local gfwlist_param="${TMP_PATH}/chinadns_gfwlist"
-		[ -s "${RULES_PATH}/gfwlist" ] && cp -a "${RULES_PATH}/gfwlist" "${gfwlist_param}"
-		local chnlist_param="${TMP_PATH}/chinadns_chnlist"
-		[ -s "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${chnlist_param}"
+		local china_ng_extra_param=""
+		[ -n "$chnlist" ] && {
+			[ -s "${RULES_PATH}/chnlist" ] && {
+				local chnlist_file="${TMP_PATH}/chinadns_chnlist"
+				cp -a "${RULES_PATH}/chnlist" "${chnlist_file}"
+				china_ng_extra_param="${china_ng_extra_param} -m ${chnlist_file} -M"
+			}
+			#当使用中国列表外时的默认DNS
+			[ "$WHEN_CHNROUTE_DEFAULT_DNS" = "remote" ] && china_ng_default_tag="gfw"
+			[ "$WHEN_CHNROUTE_DEFAULT_DNS" = "direct" ] && china_ng_default_tag="chn"
+		}

-		[ -s "${RULES_PATH}/proxy_host" ] && {
-			cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${gfwlist_param}"
-			echolog "  | - [$?](chinadns-ng) 代理域名表合并到防火墙域名表"
+		([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
+			local gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
+			cp -a "${RULES_PATH}/gfwlist" "${gfwlist_file}"
+			china_ng_extra_param="${china_ng_extra_param} -g ${gfwlist_file}"
+			#当只有使用gfwlist模式时设置默认DNS为本地直连
+			[ -n "$gfwlist" ] && [ -z "$chnlist" ] && china_ng_default_tag="chn"
 		}
-		[ -s "${RULES_PATH}/direct_host" ] && {
-			cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${chnlist_param}"
-			echolog "  | - [$?](chinadns-ng) 域名白名单合并到中国域名表"
-		}
-		chnlist_param=${chnlist_param:+-m "${chnlist_param}" -M}
+		[ -n "$china_ng_default_tag" ] && china_ng_extra_param="${china_ng_extra_param} -d ${china_ng_default_tag}"
+
 		local log_path="${TMP_PATH}/chinadns-ng.log"
 		log_path="/dev/null"
 		[ "$FILTER_PROXY_IPV6" = "1" ] && {
 			noipv6="-N=gt"
 			DNSMASQ_FILTER_IPV6=0
 		}
-		ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f ${noipv6}
+		ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${china_ng_extra_param} -f ${noipv6}
 		echolog "  + 过滤服务：ChinaDNS-NG(:${china_ng_listen_port})：国内DNS：${china_ng_chn}，可信DNS：${china_ng_gfw}"
+		WHEN_CHNROUTE_DEFAULT_DNS="chinadns_ng"
 	}
 	
 	[ "$DNS_SHUNT" = "dnsmasq" ] && {
@ -1298,34 +1306,41 @@ acl_app() {
 							}

 							local _dnsmasq_filter_ipv6=$filter_proxy_ipv6
-							[ "$tcp_proxy_mode" = "chnroute" ] && [ "$when_chnroute_default_dns" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
+							[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && {
 								chinadns_port=$(expr $chinadns_port + 1)
 								_china_ng_listen="127.0.0.1#${chinadns_port}"
 								local _china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")
 								local _china_ng_gfw="127.0.0.1#${_dns_port}"

-								local _gfwlist_param="${TMP_PATH}/chinadns_gfwlist"
-								[ ! -s "${_gfwlist_param}" ] && {
-									[ -s "${RULES_PATH}/gfwlist" ] && cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_param}"
-									[ -s "${RULES_PATH}/proxy_host" ] && {
-										cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${_gfwlist_param}"
+								local _china_ng_extra_param=""
+								[ "$tcp_proxy_mode" = "chnroute" ] && {
+									[ -s "${RULES_PATH}/chnlist" ] && {
+										local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
+										cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
+										_china_ng_extra_param="${_china_ng_extra_param} -m ${_chnlist_file} -M"
 									}
+									#当使用中国列表外时的默认DNS
+									[ "$when_chnroute_default_dns" = "remote" ] && _china_ng_default_tag="gfw"
+									[ "$when_chnroute_default_dns" = "direct" ] && _china_ng_default_tag="chn"
 								}
-								local _chnlist_param="${TMP_PATH}/chinadns_chnlist"
-								[ ! -s "${_chnlist_param}" ] && {
-									[ -s "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${_chnlist_param}"
-									[ -s "${RULES_PATH}/direct_host" ] && {
-										cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${_chnlist_param}"
-									}
+
+								([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
+									local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
+									cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
+									_china_ng_extra_param="${_china_ng_extra_param} -g ${_gfwlist_file}"
+									#当使用gfwlist模式时设置默认DNS为本地直连
+									[ "$tcp_proxy_mode" = "gfwlist" ] && _china_ng_default_tag="chn"
 								}
-								_chnlist_param=${_chnlist_param:+-m "${_chnlist_param}" -M}
+								[ -n "$_china_ng_default_tag" ] && _china_ng_extra_param="${_china_ng_extra_param} -d ${_china_ng_default_tag}"
+			
 								#local _china_ng_log_file="${TMP_ACL_PATH}/${sid}/chinadns-ng.log"
 								local _china_ng_log_file="/dev/null"
 								[ "$filter_proxy_ipv6" = "1" ] && {
 									local _china_ng_noipv6="-N=gt"
 									_dnsmasq_filter_ipv6=0
 								}
-								ln_run "$(first_type chinadns-ng)" chinadns-ng "$_china_ng_log_file" -v -b 0.0.0.0 -l "${chinadns_port}" ${_china_ng_chn:+-c "${_china_ng_chn}"} ${_chnlist_param} ${_china_ng_gfw:+-t "${_china_ng_gfw}"} ${_gfwlist_param:+-g "${_gfwlist_param}"} -f ${_china_ng_noipv6}
+								ln_run "$(first_type chinadns-ng)" chinadns-ng "$_china_ng_log_file" -v -b 0.0.0.0 -l "${chinadns_port}" ${_china_ng_chn:+-c "${_china_ng_chn}"} ${_china_ng_gfw:+-t "${_china_ng_gfw}"} ${_china_ng_extra_param} -f ${_china_ng_noipv6}
+								when_chnroute_default_dns="chinadns_ng"
 							}

 							dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
@ -1467,7 +1482,7 @@ acl_app() {
 			[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
 			unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
 			unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
-			unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_param _chnlist_param _china_ng_log_file _china_ng_noipv6 _dnsmasq_filter_ipv6
+			unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _china_ng_noipv6 _china_ng_extra_param _dnsmasq_filter_ipv6
 			unset redirect_dns_port
 		done
 		unset socks_port redir_port dns_port dnsmasq_port chinadns_port
@ -1576,6 +1591,7 @@ DNS_SHUNT="dnsmasq"
 DNS_MODE=$(config_t_get global dns_mode dns2tcp)
 DNS_CACHE=$(config_t_get global dns_cache 0)
 REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
+CHINADNS_NG=$(config_t_get global chinadns_ng 0)
 WHEN_CHNROUTE_DEFAULT_DNS=$(config_t_get global when_chnroute_default_dns direct)
 FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
 dns_listen_port=${DNS_PORT}
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@ -169,7 +169,7 @@ local gfwlist = PROXY_MODE:find("gfwlist")
 local only_global

 local dnsmasq_default_dns
-if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and chnlist then
+if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and (chnlist or gfwlist) then
 	if CHNROUTE_MODE_DEFAULT_DNS == "remote" then
 		dnsmasq_default_dns = TUN_DNS
 	end