From 80408356a4148d521c14b78583bbdb2eb43cd452 Mon Sep 17 00:00:00 2001 From: xiaorouji <60100640+xiaorouji@users.noreply.github.com> Date: Tue, 28 Mar 2023 13:33:32 +0800 Subject: [PATCH] luci: adjustment chinadns-ng logic * It is now can work in the gfwlist mode. * It is now can work with when chnroute default dns option. --- luci-app-passwall/Makefile | 2 +- .../model/cbi/passwall/client/acl_config.lua | 16 ++-- .../model/cbi/passwall/client/global.lua | 16 ++-- luci-app-passwall/po/zh-cn/passwall.po | 3 + .../root/usr/share/passwall/app.sh | 74 +++++++++++-------- .../usr/share/passwall/helper_dnsmasq_add.lua | 2 +- 6 files changed, 71 insertions(+), 42 deletions(-) diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index 8eeaf490b..f3ebac1a2 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=4.61 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \ diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua index ec43df18e..d557d12f7 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua @@ -295,6 +295,15 @@ o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet")) o.datatype = "ipaddr" o:depends("v2ray_dns_mode", "doh") +if api.is_finded("chinadns-ng") then + o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory.")) + o.default = "0" + o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "dns2socks"}) + o:depends({ tcp_proxy_mode = "gfwlist", dns_mode = "xray"}) + o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "dns2socks"}) + o:depends({ tcp_proxy_mode = "chnroute", dns_mode = "xray"}) +end + if has_chnlist then when_chnroute_default_dns = s:option(ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS")) when_chnroute_default_dns.default = "direct" @@ -303,13 +312,8 @@ if has_chnlist then when_chnroute_default_dns.description = "" + .. "" when_chnroute_default_dns:depends("tcp_proxy_mode", "chnroute") - when_chnroute_default_dns:depends("udp_proxy_mode", "chnroute") end return m diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 8d067c1de..a5588576b 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -275,6 +275,16 @@ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"}) o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"}) o.rmempty = false +if api.is_finded("chinadns-ng") then + o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory.")) + o.default = "0" + o:depends({dns_mode = "dns2socks"}) + o:depends({dns_mode = "dns2tcp"}) + o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"}) + o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"}) + o:depends({dns_mode = "udp"}) +end + if has_chnlist then when_chnroute_default_dns = s:taboption("DNS", ListValue, "when_chnroute_default_dns", translate("When using the chnroute list the default DNS")) when_chnroute_default_dns.default = "direct" @@ -283,11 +293,7 @@ if has_chnlist then when_chnroute_default_dns.description = "" + .. "" end o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect.")) diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 3a28ad88e..9c7b0209e 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -151,6 +151,9 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位 msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)." msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet(RFC7871)。" +msgid "The effect is better, but will increase the memory." +msgstr "效果更好,但会增加内存使用。" + msgid "When using the chnroute list the default DNS" msgstr "当使用中国列表外时的默认DNS" diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 6bdc9a03e..da60a0bd4 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1133,35 +1133,43 @@ start_dns() { [ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!" [ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!" - [ -n "$chnlist" ] && [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && { + [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && { china_ng_listen_port=$(expr $dns_listen_port + 1) china_ng_listen="127.0.0.1#${china_ng_listen_port}" china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") china_ng_gfw="${TUN_DNS}" echolog " | - (chinadns-ng) 最高支持4级域名过滤..." - local gfwlist_param="${TMP_PATH}/chinadns_gfwlist" - [ -s "${RULES_PATH}/gfwlist" ] && cp -a "${RULES_PATH}/gfwlist" "${gfwlist_param}" - local chnlist_param="${TMP_PATH}/chinadns_chnlist" - [ -s "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${chnlist_param}" + local china_ng_extra_param="" + [ -n "$chnlist" ] && { + [ -s "${RULES_PATH}/chnlist" ] && { + local chnlist_file="${TMP_PATH}/chinadns_chnlist" + cp -a "${RULES_PATH}/chnlist" "${chnlist_file}" + china_ng_extra_param="${china_ng_extra_param} -m ${chnlist_file} -M" + } + #当使用中国列表外时的默认DNS + [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "remote" ] && china_ng_default_tag="gfw" + [ "$WHEN_CHNROUTE_DEFAULT_DNS" = "direct" ] && china_ng_default_tag="chn" + } - [ -s "${RULES_PATH}/proxy_host" ] && { - cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${gfwlist_param}" - echolog " | - [$?](chinadns-ng) 代理域名表合并到防火墙域名表" + ([ -n "$chnlist" ] || [ -n "$gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && { + local gfwlist_file="${TMP_PATH}/chinadns_gfwlist" + cp -a "${RULES_PATH}/gfwlist" "${gfwlist_file}" + china_ng_extra_param="${china_ng_extra_param} -g ${gfwlist_file}" + #当只有使用gfwlist模式时设置默认DNS为本地直连 + [ -n "$gfwlist" ] && [ -z "$chnlist" ] && china_ng_default_tag="chn" } - [ -s "${RULES_PATH}/direct_host" ] && { - cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${chnlist_param}" - echolog " | - [$?](chinadns-ng) 域名白名单合并到中国域名表" - } - chnlist_param=${chnlist_param:+-m "${chnlist_param}" -M} + [ -n "$china_ng_default_tag" ] && china_ng_extra_param="${china_ng_extra_param} -d ${china_ng_default_tag}" + local log_path="${TMP_PATH}/chinadns-ng.log" log_path="/dev/null" [ "$FILTER_PROXY_IPV6" = "1" ] && { noipv6="-N=gt" DNSMASQ_FILTER_IPV6=0 } - ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f ${noipv6} + ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${china_ng_extra_param} -f ${noipv6} echolog " + 过滤服务:ChinaDNS-NG(:${china_ng_listen_port}):国内DNS:${china_ng_chn},可信DNS:${china_ng_gfw}" + WHEN_CHNROUTE_DEFAULT_DNS="chinadns_ng" } [ "$DNS_SHUNT" = "dnsmasq" ] && { @@ -1298,34 +1306,41 @@ acl_app() { } local _dnsmasq_filter_ipv6=$filter_proxy_ipv6 - [ "$tcp_proxy_mode" = "chnroute" ] && [ "$when_chnroute_default_dns" = "chinadns_ng" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && { + [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && { chinadns_port=$(expr $chinadns_port + 1) _china_ng_listen="127.0.0.1#${chinadns_port}" local _china_ng_chn=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") local _china_ng_gfw="127.0.0.1#${_dns_port}" - local _gfwlist_param="${TMP_PATH}/chinadns_gfwlist" - [ ! -s "${_gfwlist_param}" ] && { - [ -s "${RULES_PATH}/gfwlist" ] && cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_param}" - [ -s "${RULES_PATH}/proxy_host" ] && { - cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${_gfwlist_param}" + local _china_ng_extra_param="" + [ "$tcp_proxy_mode" = "chnroute" ] && { + [ -s "${RULES_PATH}/chnlist" ] && { + local _chnlist_file="${TMP_PATH}/chinadns_chnlist" + cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}" + _china_ng_extra_param="${_china_ng_extra_param} -m ${_chnlist_file} -M" } + #当使用中国列表外时的默认DNS + [ "$when_chnroute_default_dns" = "remote" ] && _china_ng_default_tag="gfw" + [ "$when_chnroute_default_dns" = "direct" ] && _china_ng_default_tag="chn" } - local _chnlist_param="${TMP_PATH}/chinadns_chnlist" - [ ! -s "${_chnlist_param}" ] && { - [ -s "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${_chnlist_param}" - [ -s "${RULES_PATH}/direct_host" ] && { - cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u >> "${_chnlist_param}" - } + + ([ "$tcp_proxy_mode" = "chnroute" ] || [ "$tcp_proxy_mode" = "gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && { + local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist" + cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}" + _china_ng_extra_param="${_china_ng_extra_param} -g ${_gfwlist_file}" + #当使用gfwlist模式时设置默认DNS为本地直连 + [ "$tcp_proxy_mode" = "gfwlist" ] && _china_ng_default_tag="chn" } - _chnlist_param=${_chnlist_param:+-m "${_chnlist_param}" -M} + [ -n "$_china_ng_default_tag" ] && _china_ng_extra_param="${_china_ng_extra_param} -d ${_china_ng_default_tag}" + #local _china_ng_log_file="${TMP_ACL_PATH}/${sid}/chinadns-ng.log" local _china_ng_log_file="/dev/null" [ "$filter_proxy_ipv6" = "1" ] && { local _china_ng_noipv6="-N=gt" _dnsmasq_filter_ipv6=0 } - ln_run "$(first_type chinadns-ng)" chinadns-ng "$_china_ng_log_file" -v -b 0.0.0.0 -l "${chinadns_port}" ${_china_ng_chn:+-c "${_china_ng_chn}"} ${_chnlist_param} ${_china_ng_gfw:+-t "${_china_ng_gfw}"} ${_gfwlist_param:+-g "${_gfwlist_param}"} -f ${_china_ng_noipv6} + ln_run "$(first_type chinadns-ng)" chinadns-ng "$_china_ng_log_file" -v -b 0.0.0.0 -l "${chinadns_port}" ${_china_ng_chn:+-c "${_china_ng_chn}"} ${_china_ng_gfw:+-t "${_china_ng_gfw}"} ${_china_ng_extra_param} -f ${_china_ng_noipv6} + when_chnroute_default_dns="chinadns_ng" } dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1)) @@ -1467,7 +1482,7 @@ acl_app() { [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param - unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_param _chnlist_param _china_ng_log_file _china_ng_noipv6 _dnsmasq_filter_ipv6 + unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _china_ng_noipv6 _china_ng_extra_param _dnsmasq_filter_ipv6 unset redirect_dns_port done unset socks_port redir_port dns_port dnsmasq_port chinadns_port @@ -1576,6 +1591,7 @@ DNS_SHUNT="dnsmasq" DNS_MODE=$(config_t_get global dns_mode dns2tcp) DNS_CACHE=$(config_t_get global dns_cache 0) REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g') +CHINADNS_NG=$(config_t_get global chinadns_ng 0) WHEN_CHNROUTE_DEFAULT_DNS=$(config_t_get global when_chnroute_default_dns direct) FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0) dns_listen_port=${DNS_PORT} diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua index c9b3f9cb2..fe12491dc 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua @@ -169,7 +169,7 @@ local gfwlist = PROXY_MODE:find("gfwlist") local only_global local dnsmasq_default_dns -if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and chnlist then +if CHNROUTE_MODE_DEFAULT_DNS ~= "nil" and (chnlist or gfwlist) then if CHNROUTE_MODE_DEFAULT_DNS == "remote" then dnsmasq_default_dns = TUN_DNS end