From 8919e818279fd32d247e8bd20dbd9cf1456b1292 Mon Sep 17 00:00:00 2001 From: gitea-action Date: Sat, 3 May 2025 16:30:23 +0800 Subject: [PATCH] luci-app-passwall: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall/commit/b2bd36ea2d8caa022009eaea895779beab2d07e4 --- luci-app-passwall/root/usr/share/passwall/app.sh | 16 +++++++++------- .../usr/share/passwall/helper_chinadns_add.lua | 2 +- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 50a8dec29..c90d95302 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1412,7 +1412,7 @@ start_dns() { [ "$DNS_SHUNT" != "chinadns-ng" ] || [ "$ACL_RULE_DNSMASQ" = "1" ] && { LOCAL_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}" local china_ng_c_dns="tcp://$(get_first_dns DIRECT_DNS 53 | sed 's/:/#/g')" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${china_ng_c_dns} -d chn + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b :: -l ${NEXT_DNS_LISTEN_PORT} -c ${china_ng_c_dns} -d chn echolog " - ChinaDNS-NG(${LOCAL_DNS}) -> ${china_ng_c_dns}" echolog " * 请确保上游直连 DNS 支持 TCP 查询。" NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1) @@ -1427,7 +1427,7 @@ start_dns() { #当全局(包括访问控制节点)开启chinadns-ng时,不启动新进程。 [ "$DNS_SHUNT" != "chinadns-ng" ] || [ "$ACL_RULE_DNSMASQ" = "1" ] && { LOCAL_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn ${cert_verify} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b :: -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn ${cert_verify} echolog " - ChinaDNS-NG(${LOCAL_DNS}) -> ${DIRECT_DNS}" echolog " * 请确保上游直连 DNS 支持 DoT 查询。" NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1) @@ -1550,7 +1550,7 @@ start_dns() { REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}" [ "$DNS_SHUNT" != "chinadns-ng" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} ${cert_verify} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b :: -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} ${cert_verify} echolog " - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}" } else @@ -1560,7 +1560,7 @@ start_dns() { local china_ng_trust_dns="tcp://${REMOTE_DNS}" [ "$DNS_SHUNT" != "chinadns-ng" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b :: -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} echolog " - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}" } fi @@ -1572,7 +1572,7 @@ start_dns() { if [ "$DNS_SHUNT" != "chinadns-ng" ] && [ "$FILTER_PROXY_IPV6" = "1" ]; then DNSMASQ_FILTER_PROXY_IPV6=0 local no_ipv6_trust="-N" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b :: -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} echolog " - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}" else TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')" @@ -1585,7 +1585,7 @@ start_dns() { local china_ng_trust_dns="tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')" [ "$DNS_SHUNT" != "chinadns-ng" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N" - ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} + ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b :: -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw ${no_ipv6_trust} echolog " - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}" } ;; @@ -1635,6 +1635,8 @@ start_dns() { echolog " - ChinaDNS-NG(${china_ng_listen}):直连DNS:${china_ng_local_dns},可信DNS:${china_ng_trust_dns}" + china_ng_listen="${china_ng_listen},::1#${china_ng_listen_port}" + run_chinadns_ng \ _flag="default" \ _listen_port=${china_ng_listen_port} \ @@ -1876,7 +1878,7 @@ acl_app() { [ "$filter_proxy_ipv6" = "1" ] && dnsmasq_filter_proxy_ipv6=0 chinadns_port=$(expr $chinadns_port + 1) - _china_ng_listen="127.0.0.1#${chinadns_port}" + _china_ng_listen="127.0.0.1#${chinadns_port},::1#${chinadns_port}" _chinadns_local_dns=$(IFS=','; set -- $LOCAL_DNS; [ "${1%%[#:]*}" = "127.0.0.1" ] && echo "$1" || ([ -n "$2" ] && echo "$1,$2" || echo "$1")) _direct_dns_mode=$(config_t_get global direct_dns_mode "auto") diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index b4d2d1ca8..ce687a4f9 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -108,7 +108,7 @@ local only_global = (DEFAULT_MODE == "proxy" and CHNLIST == "0" and GFWLIST == " config_lines = { LOG_FILE ~= "/dev/null" and "verbose" or "", - "bind-addr 127.0.0.1", + "bind-addr ::", "bind-port " .. LISTEN_PORT, "china-dns " .. DNS_LOCAL, "trust-dns " .. DNS_TRUST,