From 92bbdb99d44325ff6822e2c545c994bca1a7f149 Mon Sep 17 00:00:00 2001 From: sbwml Date: Sat, 7 Sep 2024 00:30:08 +0800 Subject: [PATCH] luci-app-passwall: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall/commit/57c918ef8971282292a1e58e5b35cddb98e6d2a9 --- .../root/usr/share/passwall/app.sh | 26 +++++++++++++++---- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index a1cc5bcb9..530e212cc 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -658,8 +658,11 @@ run_chinadns_ng() { ([ -z "${_default_tag}" ] || [ "${_default_tag}" = "smart" ] || [ "${_default_tag}" = "none_noip" ]) && _default_tag="none" echo "default-tag ${_default_tag}" >> ${_CONF_FILE} + echo "cache 4096" >> ${_CONF_FILE} + echo "cache-stale 3600" >> ${_CONF_FILE} + [ "${_flag}" = "default" ] && [ "${_default_tag}" = "none" ] && { - echo "verdict-cache 4096" >> ${_CONF_FILE} + echo "verdict-cache 5000" >> ${_CONF_FILE} } ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE} @@ -1379,7 +1382,6 @@ start_dns() { LOCAL_DNS=$(config_t_get global direct_dns_udp 223.5.5.5 | sed 's/:/#/g') china_ng_local_dns=${LOCAL_DNS} sing_box_local_dns="direct_dns_udp_server=${LOCAL_DNS}" - IPT_APPEND_DNS=${LOCAL_DNS} ;; tcp) LOCAL_DNS="127.0.0.1#${dns_listen_port}" @@ -1387,7 +1389,6 @@ start_dns() { local DIRECT_DNS=$(config_t_get global direct_dns_tcp 223.5.5.5 | sed 's/:/#/g') china_ng_local_dns="tcp://${DIRECT_DNS}" sing_box_local_dns="direct_dns_tcp_server=${DIRECT_DNS}" - IPT_APPEND_DNS="${LOCAL_DNS},${DIRECT_DNS}" ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${LOCAL_DNS}" -R "$(get_first_dns DIRECT_DNS 53)" -v echolog " - dns2tcp(${LOCAL_DNS}) -> tcp://$(get_first_dns DIRECT_DNS 53 | sed 's/#/:/g')" echolog " * 请确保上游直连 DNS 支持 TCP 查询。" @@ -1405,8 +1406,8 @@ start_dns() { local tmp_dot_ip=$(echo "$DIRECT_DNS" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p') local tmp_dot_port=$(echo "$DIRECT_DNS" | sed -n 's/.*#\([0-9]\+\).*/\1/p') - sing_box_local_dns="direct_dns_dot_server=$tmp_dot_ip#${tmp_dot_port:-853}" - IPT_APPEND_DNS="${LOCAL_DNS},$tmp_dot_ip#${tmp_dot_port:-853}" + DIRECT_DNS=$tmp_dot_ip#${tmp_dot_port:-853} + sing_box_local_dns="direct_dns_dot_server=${DIRECT_DNS}" else echolog " - 你的ChinaDNS-NG版本不支持DoT,直连DNS将使用默认地址。" fi @@ -1417,6 +1418,21 @@ start_dns() { ;; esac + # 追加直连DNS到iptables/nftables + [ "$(config_t_get global_haproxy balancing_enable 0)" != "1" ] && IPT_APPEND_DNS= + add_default_port() { + [ -z "$1" ] && echo "" || echo "$1" | awk -F',' '{for(i=1;i<=NF;i++){if($i !~ /#/) $i=$i"#53";} print $0;}' OFS=',' + } + LOCAL_DNS=$(add_default_port "$LOCAL_DNS") + IPT_APPEND_DNS=$(add_default_port "${IPT_APPEND_DNS:-$LOCAL_DNS}") + echo "$IPT_APPEND_DNS" | grep -q -E "(^|,)$LOCAL_DNS(,|$)" || IPT_APPEND_DNS="${IPT_APPEND_DNS:+$IPT_APPEND_DNS,}$LOCAL_DNS" + [ -n "$DIRECT_DNS" ] && { + DIRECT_DNS=$(add_default_port "$DIRECT_DNS") + echo "$IPT_APPEND_DNS" | grep -q -E "(^|,)$DIRECT_DNS(,|$)" || IPT_APPEND_DNS="${IPT_APPEND_DNS:+$IPT_APPEND_DNS,}$DIRECT_DNS" + } + # 排除127.0.0.1的条目 + IPT_APPEND_DNS=$(echo "$IPT_APPEND_DNS" | awk -F',' '{for(i=1;i<=NF;i++) if($i !~ /^127\.0\.0\.1/) printf (i>1?",":"") $i; print ""}' | sed 's/^,\|,$//g') + TUN_DNS="127.0.0.1#${dns_listen_port}" [ "${resolve_dns}" == "1" ] && TUN_DNS="127.0.0.1#${resolve_dns_port}"