zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source 
last commit: 14b7631d1b
This commit is contained in:
actions 2024-08-06 22:00:06 +08:00
parent d96a7aa06e
commit 90ea512d38
3 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -24,6 +24,7 @@ DNS_PORT=15353
TUN_DNS="127.0.0.1#${DNS_PORT}" TUN_DNS="127.0.0.1#${DNS_PORT}"
LOCAL_DNS=119.29.29.29,223.5.5.5 LOCAL_DNS=119.29.29.29,223.5.5.5
DEFAULT_DNS= DEFAULT_DNS=
FW_APPEND_DNS=
ENABLED_DEFAULT_ACL=0 ENABLED_DEFAULT_ACL=0
PROXY_IPV6=0 PROXY_IPV6=0
PROXY_IPV6_UDP=0 PROXY_IPV6_UDP=0
@ -1364,6 +1365,7 @@ start_dns() {
LOCAL_DNS=$(config_t_get global direct_dns_udp 223.5.5.5 | sed 's/:/#/g') LOCAL_DNS=$(config_t_get global direct_dns_udp 223.5.5.5 | sed 's/:/#/g')
china_ng_local_dns=${LOCAL_DNS} china_ng_local_dns=${LOCAL_DNS}
sing_box_local_dns="direct_dns_udp_server=${LOCAL_DNS}" sing_box_local_dns="direct_dns_udp_server=${LOCAL_DNS}"
FW_APPEND_DNS=${LOCAL_DNS}
;; ;;
tcp) tcp)
LOCAL_DNS="127.0.0.1#${dns_listen_port}" LOCAL_DNS="127.0.0.1#${dns_listen_port}"
@ -1371,6 +1373,7 @@ start_dns() {
local DIRECT_DNS=$(config_t_get global direct_dns_tcp 223.5.5.5 | sed 's/:/#/g') local DIRECT_DNS=$(config_t_get global direct_dns_tcp 223.5.5.5 | sed 's/:/#/g')
china_ng_local_dns="tcp://${DIRECT_DNS}" china_ng_local_dns="tcp://${DIRECT_DNS}"
sing_box_local_dns="direct_dns_tcp_server=${DIRECT_DNS}" sing_box_local_dns="direct_dns_tcp_server=${DIRECT_DNS}"
FW_APPEND_DNS="${LOCAL_DNS},${DIRECT_DNS}"
ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${LOCAL_DNS}" -R "$(get_first_dns DIRECT_DNS 53)" -v ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${LOCAL_DNS}" -R "$(get_first_dns DIRECT_DNS 53)" -v
echolog " - dns2tcp(${LOCAL_DNS}) -> tcp://$(get_first_dns DIRECT_DNS 53 | sed 's/#/:/g')" echolog " - dns2tcp(${LOCAL_DNS}) -> tcp://$(get_first_dns DIRECT_DNS 53 | sed 's/#/:/g')"
echolog " * 请确保上游直连 DNS 支持 TCP 查询。" echolog " * 请确保上游直连 DNS 支持 TCP 查询。"
@ -1389,6 +1392,7 @@ start_dns() {
local tmp_dot_ip=$(echo "$DIRECT_DNS" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p') local tmp_dot_ip=$(echo "$DIRECT_DNS" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
local tmp_dot_port=$(echo "$DIRECT_DNS" | sed -n 's/.*#\([0-9]\+\).*/\1/p') local tmp_dot_port=$(echo "$DIRECT_DNS" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
sing_box_local_dns="direct_dns_dot_server=$tmp_dot_ip#${tmp_dot_port:-853}" sing_box_local_dns="direct_dns_dot_server=$tmp_dot_ip#${tmp_dot_port:-853}"
FW_APPEND_DNS="${LOCAL_DNS},$tmp_dot_ip#${tmp_dot_port:-853}"
else else
echolog " - 你的ChinaDNS-NG版本不支持DoT直连DNS将使用默认地址。" echolog " - 你的ChinaDNS-NG版本不支持DoT直连DNS将使用默认地址。"
fi fi
@ -1995,6 +1999,7 @@ DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | a
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label') DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',') [ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',')
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}" LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}"
FW_APPEND_DNS=${LOCAL_DNS}
DNS_QUERY_STRATEGY="UseIP" DNS_QUERY_STRATEGY="UseIP"
[ "$FILTER_PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIPv4" [ "$FILTER_PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIPv4"

19
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -841,12 +841,19 @@ add_firewall_rule() {
$ipt_m -N PSW_OUTPUT $ipt_m -N PSW_OUTPUT
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN $ipt_m -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN $ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
[ -n "$LOCAL_DNS" ] && { [ -n "$FW_APPEND_DNS" ] && {
for local_dns in $(echo $LOCAL_DNS | tr ',' ' '); do for local_dns in $(echo $FW_APPEND_DNS | tr ',' ' '); do
local dns_address=$(echo $local_dns | awk -F '#' '{print $1}') local dns_address=$(echo "$local_dns" | sed -E 's/(@|\[)?([0-9a-fA-F:.]+)(@|#|$).*/\2/')
local dns_port=$(echo $local_dns | awk -F '#' '{print $2}') local dns_port=$(echo "$local_dns" | sed -nE 's/.*#([0-9]+)$/\1/p')
$ipt_m -A PSW_OUTPUT -p udp -d ${dns_address} --dport ${dns_port:-53} -j RETURN if echo "$dns_address" | grep -q ':'; then
echolog " - [$?]追加直连DNS到iptables${dns_address}:${dns_port:-53}" $ip6t_m -A PSW_OUTPUT -p udp -d ${dns_address} --dport ${dns_port:-53} -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -d ${dns_address} --dport ${dns_port:-53} -j RETURN
echolog " - [$?]追加直连DNS到iptables[${dns_address}]:${dns_port:-53}"
else
$ipt_m -A PSW_OUTPUT -p udp -d ${dns_address} --dport ${dns_port:-53} -j RETURN
$ipt_m -A PSW_OUTPUT -p tcp -d ${dns_address} --dport ${dns_port:-53} -j RETURN
echolog " - [$?]追加直连DNS到iptables${dns_address}:${dns_port:-53}"
fi
done done
} }
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN [ "${USE_DIRECT_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN

19
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -865,12 +865,19 @@ add_firewall_rule() {
nft "flush chain inet fw4 PSW_OUTPUT_MANGLE" nft "flush chain inet fw4 PSW_OUTPUT_MANGLE"
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return" nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return"
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return" nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
[ -n "$LOCAL_DNS" ] && { [ -n "$FW_APPEND_DNS" ] && {
for local_dns in $(echo $LOCAL_DNS | tr ',' ' '); do for local_dns in $(echo $FW_APPEND_DNS | tr ',' ' '); do
local dns_address=$(echo $local_dns | awk -F '#' '{print $1}') local dns_address=$(echo "$local_dns" | sed -E 's/(@|\[)?([0-9a-fA-F:.]+)(@|#|$).*/\2/')
local dns_port=$(echo $local_dns | awk -F '#' '{print $2}') local dns_port=$(echo "$local_dns" | sed -nE 's/.*#([0-9]+)$/\1/p')
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr ${dns_address} $(factor ${dns_port:-53} "udp dport") counter return" if echo "$dns_address" | grep -q ':'; then
echolog " - [$?]追加直连DNS到nftables${dns_address}:${dns_port:-53}" nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr ${dns_address} $(factor ${dns_port:-53} "udp dport") counter return"
nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr ${dns_address} $(factor ${dns_port:-53} "tcp dport") counter return"
echolog " - [$?]追加直连DNS到nftables[${dns_address}]:${dns_port:-53}"
else
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr ${dns_address} $(factor ${dns_port:-53} "udp dport") counter return"
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol tcp ip daddr ${dns_address} $(factor ${dns_port:-53} "tcp dport") counter return"
echolog " - [$?]追加直连DNS到nftables${dns_address}:${dns_port:-53}"
fi
done done
} }
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return" [ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return"