diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index f423a66f0..c059c8180 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall -PKG_VERSION:=4.76-5 +PKG_VERSION:=4.77-1 PKG_RELEASE:= PKG_CONFIG_DEPENDS:= \ diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/shunt_rules.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/shunt_rules.lua index 8d1933406..ba7735e6e 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/shunt_rules.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/shunt_rules.lua @@ -118,6 +118,8 @@ domain_list.validate = function(self, value) flag = 0 elseif host:find("ext:") and host:find("ext:") == 1 then flag = 0 + elseif host:find("#") and host:find("#") == 1 then + flag = 0 end if flag == 1 then if not datatypes.hostname(tmp_host) then @@ -132,7 +134,7 @@ domain_list.description = "
" ip_list = s:option(TextValue, "ip_list", "IP") ip_list.rows = 10 @@ -143,6 +145,7 @@ ip_list.validate = function(self, value) for index, ipmask in ipairs(ipmasks) do if ipmask:find("geoip:") and ipmask:find("geoip:") == 1 then elseif ipmask:find("ext:") and ipmask:find("ext:") == 1 then + elseif ipmask:find("#") and ipmask:find("#") == 1 then else if not (datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask)) then return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!") @@ -154,7 +157,7 @@ end ip_list.description = "
" return m diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index 07969e92e..d3fc56f5d 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -1159,6 +1159,7 @@ function gen_config(var) geosite = {}, } string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end if w:find("geosite:") == 1 then table.insert(domain_table.geosite, w:sub(1 + #"geosite:")) elseif w:find("regexp:") == 1 then @@ -1187,6 +1188,7 @@ function gen_config(var) local ip_cidr = {} local geoip = {} string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end if w:find("geoip:") == 1 then table.insert(geoip, w:sub(1 + #"geoip:")) else diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua index cc03b7d42..c76ef0b63 100644 --- a/luci-app-passwall/luasrc/passwall/util_xray.lua +++ b/luci-app-passwall/luasrc/passwall/util_xray.lua @@ -944,6 +944,7 @@ function gen_config(var) if e.domain_list then domains = {} string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end table.insert(domains, w) end) end @@ -951,6 +952,7 @@ function gen_config(var) if e.ip_list then ip = {} string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end table.insert(ip, w) end) end diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 6fb0c6021..6630c5eca 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1075,8 +1075,8 @@ msgstr "完整匹配: 由'full:'开始,余下部分是一个域名。当此域 msgid "Pre-defined domain list: Begining with 'geosite:' and the rest is a name, such as geosite:google or geosite:cn." msgstr "预定义域名列表:由'geosite:'开头,余下部分是一个名称,如geosite:google或者geosite:cn。" -msgid "Domains from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geosite.dat. The tag must exist in the file." -msgstr "从文件中加载域名: 形如'ext:file:tag',必须以ext:(小写)开头,后面跟文件名和标签,文件存放在资源目录中,文件格式与geosite.dat相同,标签必须在文件中存在。" +msgid "Annotation: Begining with #" +msgstr "注释: 由 # 开头" msgid "IP: such as '127.0.0.1'." msgstr "IP: 形如'127.0.0.1'。" @@ -1087,9 +1087,6 @@ msgstr "CIDR: 形如'10.0.0.0/8'." msgid "GeoIP: such as 'geoip:cn'. It begins with geoip: (lower case) and followed by two letter of country code." msgstr "GeoIP: 形如'geoip:cn',必须以geoip:(小写)开头,后面跟双字符国家代码,支持几乎所有可以上网的国家。" -msgid "IPs from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geoip.dat. The tag must exist in the file." -msgstr "从文件中加载 IP: 形如'ext:file:tag',必须以ext:(小写)开头,后面跟文件名和标签,文件存放在资源目录中,文件格式与geoip.dat相同标签必须在文件中存在。" - msgid "Clear logs" msgstr "清空日志" diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config index 78727c1c8..c0157c269 100644 --- a/luci-app-passwall/root/usr/share/passwall/0_default_config +++ b/luci-app-passwall/root/usr/share/passwall/0_default_config @@ -5,10 +5,12 @@ config global option tcp_node 'nil' option udp_node 'nil' option tcp_node_socks_port '1070' - option filter_proxy_ipv6 '0' + option filter_proxy_ipv6 '1' option dns_mode 'dns2tcp' option remote_dns '1.1.1.1' option use_default_dns 'direct' + option chinadns_ng '1' + option chinadns_ng_default_tag 'smart' option use_direct_list '1' option use_proxy_list '1' option use_block_list '1' diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config.orig b/luci-app-passwall/root/usr/share/passwall/0_default_config.orig new file mode 100644 index 000000000..c0b26cb4f --- /dev/null +++ b/luci-app-passwall/root/usr/share/passwall/0_default_config.orig @@ -0,0 +1,212 @@ + +config global + option enabled '0' + option socks_enabled '0' + option tcp_node 'nil' + option udp_node 'nil' + option tcp_node_socks_port '1070' + option filter_proxy_ipv6 '1' + option dns_mode 'dns2tcp' + option remote_dns '1.1.1.1' + option use_default_dns 'direct' + option chinadns_ng '1' + option chinadns_ng_default_tag 'smart' + option use_direct_list '1' + option use_proxy_list '1' + option use_block_list '1' + option use_gfw_list '1' + option chn_list 'direct' + option tcp_proxy_mode 'proxy' + option udp_proxy_mode 'proxy' + option localhost_proxy '1' + option client_proxy '1' + option acl_enable '0' + option close_log_tcp '0' + option close_log_udp '0' + option loglevel 'error' + option trojan_loglevel '4' + +config global_haproxy + option balancing_enable '0' + +config global_delay + option auto_on '0' + option start_daemon '1' + option start_delay '60' + +config global_forwarding + option tcp_no_redir_ports 'disable' + option udp_no_redir_ports 'disable' + option tcp_proxy_drop_ports 'disable' + option udp_proxy_drop_ports '443' + option tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443' + option udp_redir_ports '1:65535' + option accept_icmp '0' + option use_nft '0' + option tcp_proxy_way 'redirect' + option ipv6_tproxy '0' + +config global_xray + option sniffing '1' + option route_only '0' + +config global_singbox + option sniff_override_destination '0' + option geoip_path '/usr/share/singbox/geoip.db' + option geoip_url 'https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.db' + option geosite_path '/usr/share/singbox/geosite.db' + option geosite_url 'https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.db' + +config global_other + option auto_detection_time 'tcping' + option show_node_info '0' + +config global_rules + option auto_update '0' + option chnlist_update '1' + option chnroute_update '1' + option chnroute6_update '1' + option gfwlist_update '1' + option geosite_update '0' + option geoip_update '0' + list gfwlist_url 'https://fastly.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/gfw.txt' + list chnroute_url 'https://ispip.clang.cn/all_cn.txt' + list chnroute_url 'https://fastly.jsdelivr.net/gh/gaoyifan/china-operator-ip@ip-lists/china.txt' + list chnroute6_url 'https://ispip.clang.cn/all_cn_ipv6.txt' + list chnroute6_url 'https://fastly.jsdelivr.net/gh/gaoyifan/china-operator-ip@ip-lists/china6.txt' + list chnlist_url 'https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf' + list chnlist_url 'https://fastly.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf' + option v2ray_location_asset '/usr/share/v2ray/' + +config global_app + option singbox_file '/usr/bin/sing-box' + option xray_file '/usr/bin/xray' + option hysteria_file '/usr/bin/hysteria' + option chinadns_ng '/usr/bin/chinadns-ng' + +config global_subscribe + option filter_keyword_mode '1' + list filter_discard_list '过期时间' + list filter_discard_list '剩余流量' + list filter_discard_list 'QQ群' + list filter_discard_list '官网' + +config nodes 'myshunt' + option remarks '分流总节点' + option type 'Xray' + option protocol '_shunt' + option DirectGame '_direct' + option ProxyGame '_default' + option Proxy '_default' + option Netflix '_default' + option OpenAI '_default' + option Direct '_direct' + option default_node 'nil' + option domainStrategy 'IPOnDemand' + +config shunt_rules 'DirectGame' + option remarks 'DirectGame' + option domain_list 'api.steampowered.com +regexp:\.cm.steampowered.com$ +regexp:\.steamserver.net$ +geosite:category-games@cn' + option ip_list '103.10.124.0/24 +103.10.125.0/24 +103.28.54.0/24 +146.66.152.0/24 +146.66.155.0/24 +153.254.86.0/24 +155.133.224.0/23 +155.133.226.0/24 +155.133.227.0/24 +155.133.230.0/24 +155.133.232.0/24 +155.133.233.0/24 +155.133.234.0/24 +155.133.236.0/23 +155.133.238.0/24 +155.133.239.0/24 +155.133.240.0/23 +155.133.245.0/24 +155.133.246.0/24 +155.133.248.0/24 +155.133.249.0/24 +155.133.250.0/24 +155.133.251.0/24 +155.133.252.0/24 +155.133.253.0/24 +155.133.254.0/24 +155.133.255.0/24 +162.254.192.0/24 +162.254.193.0/24 +162.254.194.0/23 +162.254.195.0/24 +162.254.196.0/24 +162.254.197.0/24 +162.254.198.0/24 +162.254.199.0/24 +185.25.182.0/24 +185.25.183.0/24 +190.217.33.0/24 +192.69.96.0/22 +205.185.194.0/24 +205.196.6.0/24 +208.64.200.0/24 +208.64.201.0/24 +208.64.202.0/24 +208.64.203.0/24 +208.78.164.0/22' + +config shunt_rules 'ProxyGame' + option remarks 'ProxyGame' + option domain_list 'geosite:category-games +domain:store.steampowered.com' + +config shunt_rules 'OpenAI' + option remarks 'OpenAI' + option domain_list 'geosite:openai' + +config shunt_rules 'Proxy' + option remarks 'Proxy' + option domain_list 'geosite:geolocation-!cn' + option ip_list '149.154.160.0/20 +91.108.4.0/22 +91.108.56.0/24 +109.239.140.0/24 +67.198.55.0/24 +8.8.4.4 +8.8.8.8 +208.67.222.222 +208.67.220.220 +1.1.1.1 +1.1.1.2 +1.0.0.1 +9.9.9.9 +149.112.112.112 +2001:67c:4e8::/48 +2001:b28:f23c::/48 +2001:b28:f23d::/48 +2001:b28:f23f::/48 +2001:b28:f242::/48 +2001:4860:4860::8888 +2001:4860:4860::8844 +2606:4700:4700::1111 +2606:4700:4700::1001' + +config shunt_rules 'Netflix' + option remarks 'Netflix' + option domain_list 'geosite:netflix' + +config shunt_rules 'Direct' + option remarks 'Direct' + option domain_list 'geosite:cn' + option ip_list '223.5.5.5/32 +223.6.6.6/32 +119.29.29.29/32 +180.76.76.76/32 +114.114.114.114/32 +114.114.115.115/32 +1.12.12.12/32 +120.53.53.53/32 +geoip:cn +geoip:private' diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index a5c5bca4c..4fafae7a1 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -480,47 +480,103 @@ run_dns2socks() { } run_chinadns_ng() { - local _listen_port _dns_china _dns_trust _chnlist _gfwlist _no_ipv6_rules _log_path _no_logic_log + local _flag _listen_port _dns_china _dns_trust _use_direct_list _use_proxy_list _chnlist _gfwlist _no_ipv6_dns _no_logic_log eval_set_val $@ - local _LOG_FILE=$LOG_FILE - [ -n "$_no_logic_log" ] && LOG_FILE="/dev/null" + [ -n "$_no_logic_log" ] && { + local ORIGIN_LOG_FILE=$LOG_FILE + LOG_FILE="/dev/null" + } + + local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf + local _LOG_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.log + _LOG_FILE="/dev/null" - echolog " | - (chinadns-ng) 最高支持4级域名过滤..." + cat <<-EOF > ${_CONF_FILE} + verbose + bind-addr 127.0.0.1 + bind-port ${_listen_port}@udp + china-dns ${_dns_china} + trust-dns ${_dns_trust} + filter-qtype 65 + + EOF + + [ "${_use_direct_list}" = "1" ] && [ -s "${RULES_PATH}/direct_host" ] && { + local whitelist4_set="passwall_whitelist" + local whitelist6_set="passwall_whitelist6" + [ "$nftflag" = "1" ] && { + whitelist4_set="inet@fw4@${whitelist4_set}" + whitelist6_set="inet@fw4@${whitelist6_set}" + } + cat <<-EOF >> ${_CONF_FILE} + group directlist + group-dnl ${RULES_PATH}/direct_host + group-upstream ${_dns_china} + group-ipset ${whitelist4_set},${whitelist6_set} + EOF + [ "${_no_ipv6_dns}" = "china" ] && echo "no-ipv6 tag:directlist" >> ${_CONF_FILE} + } + + [ "${_use_proxy_list}" = "1" ] && [ -s "${RULES_PATH}/proxy_host" ] && { + local blacklist4_set="passwall_blacklist" + local blacklist6_set="passwall_blacklist6" + [ "$nftflag" = "1" ] && { + blacklist4_set="inet@fw4@${blacklist4_set}" + blacklist6_set="inet@fw4@${blacklist6_set}" + } + cat <<-EOF >> ${_CONF_FILE} + group proxylist + group-dnl ${RULES_PATH}/proxy_host + group-upstream ${_dns_trust} + group-ipset ${blacklist4_set},${blacklist6_set} + EOF + [ "${_no_ipv6_dns}" = "trust" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE} + } local _default_tag=$(config_t_get global chinadns_ng_default_tag smart) - local _extra_param="" [ "${_chnlist}" = "direct" ] && { [ -s "${RULES_PATH}/chnlist" ] && { - local _chnlist_file="${TMP_PATH}/chinadns_chnlist" - cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}" local chnroute4_set="passwall_chnroute" local chnroute6_set="passwall_chnroute6" [ "$nftflag" = "1" ] && { - chnroute4_set="inet@fw4@passwall_chnroute" - chnroute6_set="inet@fw4@passwall_chnroute6" + chnroute4_set="inet@fw4@${chnroute4_set}" + chnroute6_set="inet@fw4@${chnroute6_set}" } - _extra_param="${_extra_param} -4 ${chnroute4_set} -6 ${chnroute6_set} -m ${_chnlist_file} -M -a" + cat <<-EOF >> ${_CONF_FILE} + chnlist-file ${RULES_PATH}/chnlist + ipset-name4 ${chnroute4_set} + ipset-name6 ${chnroute6_set} + add-tagchn-ip + chnlist-first + EOF + [ "${_no_ipv6_dns}" = "china" ] && echo "no-ipv6 tag:chn" >> ${_CONF_FILE} } } [ "${_gfwlist}" = "1" ] && { [ -s "${RULES_PATH}/gfwlist" ] && { - local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist" - cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}" - local gfwlist_set="passwall_gfwlist,passwall_gfwlist6" - [ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@passwall_gfwlist,inet@fw4@passwall_gfwlist6" - _extra_param="${_extra_param} -g ${_gfwlist_file} -A ${gfwlist_set}" + local gfwlist4_set="passwall_gfwlist" + local gfwlist6_set="passwall_gfwlist6" + [ "$nftflag" = "1" ] && { + gfwlist4_set="inet@fw4@${gfwlist4_set}" + gfwlist6_set="inet@fw4@${gfwlist6_set}" + } + cat <<-EOF >> ${_CONF_FILE} + gfwlist-file ${RULES_PATH}/gfwlist + add-taggfw-ip ${gfwlist4_set},${gfwlist6_set} + EOF + [ "${_no_ipv6_dns}" = "trust" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE} #当只有使用gfwlist模式时设置默认DNS为本地直连 - [ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn" + [ "${_chnlist}" = "0" ] && _default_tag="chn" } } - [ -n "$_default_tag" ] && [ "$_default_tag" != "smart" ] && _extra_param="${_extra_param} -d ${_default_tag}" + [ -n "$_default_tag" ] && [ "$_default_tag" != "smart" ] && echo "default-tag ${_default_tag}" >> ${_CONF_FILE} - _log_path="/dev/null" - ln_run "$(first_type chinadns-ng)" chinadns-ng "$_log_path" -v -b 127.0.0.1 -l "${_listen_port}" ${_dns_china:+-c "${_dns_china}"} ${_dns_trust:+-t "${_dns_trust}"} ${_extra_param} -f ${_no_ipv6_rules:+-N=${_no_ipv6_rules}} - echolog " + 过滤服务:ChinaDNS-NG(:${_listen_port}):国内DNS:${_dns_china},可信DNS:${_dns_trust}" - LOG_FILE=${_LOG_FILE} + ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE} + echolog " | - 过滤服务:ChinaDNS-NG(127.0.0.1#${_listen_port}):国内DNS:${_dns_china},可信DNS:${_dns_trust}" + + [ -n "${ORIGIN_LOG_FILE}" ] && LOG_FILE=${ORIGIN_LOG_FILE} } run_socks() { @@ -1256,19 +1312,21 @@ start_dns() { [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${CHN_LIST}" = "direct" ] || [ "${USE_GFW_LIST}" = "1" ]) && { [ "$FILTER_PROXY_IPV6" = "1" ] && { - local _no_ipv6_rules="tag:gfw" + local _no_ipv6_dns="trust" FILTER_PROXY_IPV6=0 } local china_ng_listen_port=$(expr $dns_listen_port + 1) local china_ng_listen="127.0.0.1#${china_ng_listen_port}" run_chinadns_ng \ + _flag="default" \ _listen_port=${china_ng_listen_port} \ _dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ _dns_trust="${TUN_DNS}" \ + _use_direct_list="${USE_DIRECT_LIST}" \ + _use_proxy_list="${USE_PROXY_LIST}" \ _chnlist="${CHN_LIST}" \ _gfwlist="${USE_GFW_LIST}" \ - _no_ipv6_rules="${_no_ipv6_rules}" \ - _log_path="${TMP_PATH}/chinadns-ng.log" + _no_ipv6_dns="${_no_ipv6_dns}" USE_DEFAULT_DNS="chinadns_ng" } @@ -1419,20 +1477,22 @@ acl_app() { [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${chn_list}" = "direct" ] || [ "${use_gfw_list}" = "1" ]) && { [ "$filter_proxy_ipv6" = "1" ] && { - local _no_ipv6_rules="tag:gfw" + local _no_ipv6_dns="trust" filter_proxy_ipv6=0 } chinadns_port=$(expr $chinadns_port + 1) _china_ng_listen="127.0.0.1#${chinadns_port}" run_chinadns_ng \ + _flag="$sid" \ _listen_port=${chinadns_port} \ _dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ _dns_trust="127.0.0.1#${_dns_port}" \ + _use_direct_list="${use_direct_list}" \ + _use_proxy_list="${use_proxy_list}" \ _chnlist=${chn_list} \ _gfwlist=${use_gfw_list} \ - _no_ipv6_rules="${_no_ipv6_rules}" \ - _log_path="${TMP_ACL_PATH}/${sid}/chinadns-ng.log" \ + _no_ipv6_dns="${_no_ipv6_dns}" \ _no_logic_log=1 use_default_dns="chinadns_ng" @@ -1573,7 +1633,7 @@ acl_app() { [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param - unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_rules _china_ng_extra_param + unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_dns _china_ng_extra_param unset redirect_dns_port done unset socks_port redir_port dns_port dnsmasq_port chinadns_port diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua index 5d1af22ef..ed31e638d 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua @@ -213,42 +213,58 @@ if not fs.access(CACHE_DNS_PATH) then end) log(string.format(" - 节点列表中的域名(vpslist):%s", LOCAL_DNS or "默认")) - --直连(白名单)列表 - if USE_DIRECT_LIST == "1" then - --始终用国内DNS解析直连(白名单)列表 - for line in io.lines("/usr/share/passwall/rules/direct_host") do - if line ~= "" and not line:find("#") then - add_excluded_domain(line) - set_domain_dns(line, LOCAL_DNS) - set_domain_ipset(line, setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6") - end - end - log(string.format(" - 域名白名单(whitelist):%s", LOCAL_DNS or "默认")) - end - local fwd_dns local ipset_flag local no_ipv6 + --直连(白名单)列表 + if USE_DIRECT_LIST == "1" then + if fs.access("/usr/share/passwall/rules/direct_host") then + fwd_dns = TUN_DNS + if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then + fwd_dns = nil + end + if fwd_dns then + --始终用国内DNS解析直连(白名单)列表 + for line in io.lines("/usr/share/passwall/rules/direct_host") do + if line ~= "" and not line:find("#") then + add_excluded_domain(line) + set_domain_dns(line, LOCAL_DNS) + set_domain_ipset(line, setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6") + end + end + end + log(string.format(" - 域名白名单(whitelist):%s", fwd_dns or "默认")) + end + end + --代理(黑名单)列表 if USE_PROXY_LIST == "1" then - --始终使用远程DNS解析代理(黑名单)列表 - for line in io.lines("/usr/share/passwall/rules/proxy_host") do - if line ~= "" and not line:find("#") then - add_excluded_domain(line) - local ipset_flag = setflag_4 .. "passwall_blacklist," .. setflag_6 .. "passwall_blacklist6" - if NO_PROXY_IPV6 == "1" then - set_domain_address(line, "::") - ipset_flag = setflag_4 .. "passwall_blacklist" - end - if REMOTE_FAKEDNS == "1" then - ipset_flag = nil - end - set_domain_dns(line, TUN_DNS) - set_domain_ipset(line, ipset_flag) + if fs.access("/usr/share/passwall/rules/proxy_host") then + fwd_dns = TUN_DNS + if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then + fwd_dns = nil end + if fwd_dns then + --始终使用远程DNS解析代理(黑名单)列表 + for line in io.lines("/usr/share/passwall/rules/proxy_host") do + if line ~= "" and not line:find("#") then + add_excluded_domain(line) + local ipset_flag = setflag_4 .. "passwall_blacklist," .. setflag_6 .. "passwall_blacklist6" + if NO_PROXY_IPV6 == "1" then + set_domain_address(line, "::") + ipset_flag = setflag_4 .. "passwall_blacklist" + end + if REMOTE_FAKEDNS == "1" then + ipset_flag = nil + end + set_domain_dns(line, TUN_DNS) + set_domain_ipset(line, ipset_flag) + end + end + end + log(string.format(" - 代理域名表(blacklist):%s", fwd_dns or "默认")) end - log(string.format(" - 代理域名表(blacklist):%s", TUN_DNS or "默认")) end --GFW列表 diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua index 7e36858ac..82af8a438 100755 --- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua +++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua @@ -227,9 +227,8 @@ do end) uci:foreach(appname, "nodes", function(node) + local node_id = node[".name"] if node.protocol and node.protocol == '_shunt' then - local node_id = node[".name"] - local rules = {} uci:foreach(appname, "shunt_rules", function(e) if e[".name"] and e.remarks then @@ -262,7 +261,6 @@ do end end elseif node.protocol and node.protocol == '_balancing' then - local node_id = node[".name"] local nodes = {} local new_nodes = {} if node.balancing_node then @@ -274,7 +272,7 @@ do remarks = node, set = function(o, server) for kk, vv in pairs(CONFIG) do - if (vv.remarks == "负载均衡节点列表" .. node_id) then + if (vv.remarks == "Xray负载均衡节点[" .. node_id .. "]列表") then table.insert(vv.new_nodes, server) end end @@ -283,13 +281,12 @@ do end end CONFIG[#CONFIG + 1] = { - remarks = "负载均衡节点列表" .. node_id, + remarks = "Xray负载均衡节点[" .. node_id .. "]列表", nodes = nodes, new_nodes = new_nodes, set = function(o) for kk, vv in pairs(CONFIG) do - if (vv.remarks == "负载均衡节点列表" .. node_id) then - --log("刷新负载均衡节点列表") + if (vv.remarks == "Xray负载均衡节点[" .. node_id .. "]列表") then uci:foreach(appname, "nodes", function(node2) if node2[".name"] == node[".name"] then local section = uci:section(appname, "nodes", node_id) @@ -300,6 +297,42 @@ do end end } + + --后备节点 + local currentNode = uci:get_all(appname, node_id) or nil + if currentNode and currentNode.fallback_node then + CONFIG[#CONFIG + 1] = { + log = true, + id = node_id, + remarks = "Xray负载均衡节点[" .. node_id .. "]后备节点", + currentNode = uci:get_all(appname, currentNode.fallback_node) or nil, + set = function(o, server) + uci:set(appname, node_id, "fallback_node", server) + o.newNodeId = server + end, + delete = function(o) + uci:delete(appname, node_id, "fallback_node") + end + } + end + else + --落地节点 + local currentNode = uci:get_all(appname, node_id) or nil + if currentNode and currentNode.to_node then + CONFIG[#CONFIG + 1] = { + log = true, + id = node_id, + remarks = "节点[" .. node_id .. "]落地节点", + currentNode = uci:get_all(appname, currentNode.to_node) or nil, + set = function(o, server) + uci:set(appname, node_id, "to_node", server) + o.newNodeId = server + end, + delete = function(o) + uci:delete(appname, node_id, "to_node") + end + } + end end end)