From afc2744208d5531afe9d37f206747a2b8017c4d5 Mon Sep 17 00:00:00 2001
From: actions <action@github.com>
Date: Sun, 28 Apr 2024 03:11:58 +0800
Subject: [PATCH] luci-app-passwall: sync upstream

last commit: https://github.com/xiaorouji/openwrt-passwall/commit/0c83ba87db1f221f324ee5d421240630dd6a3d2f
---
 .../model/cbi/passwall/client/acl_config.lua  | 42 ++++++++----------
 .../model/cbi/passwall/client/global.lua      | 44 ++++++++-----------
 .../root/usr/share/passwall/0_default_config  |  2 +-
 .../root/usr/share/passwall/app.sh            | 25 ++++++-----
 patch-luci-app-passwall.patch                 |  8 ++--
 5 files changed, 56 insertions(+), 65 deletions(-)

diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index 7ea123f40..96e49cc1f 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -259,6 +259,12 @@ o = s:option(DummyValue, "switch_mode", " ")
 o.template = appname .. "/global/proxy"
 o:depends({ tcp_node = "",  ['!reverse'] = true })
 
+---- DNS
+o = s:option(ListValue, "dns_shunt", "DNS " .. translate("Shunt"))
+o:depends({ tcp_node = "",  ['!reverse'] = true })
+o:value("dnsmasq", "Dnsmasq")
+o:value("chinadns-ng", "Dnsmasq + ChinaDNS-NG")
+
 o = s:option(Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
 o.default = "0"
 o:depends({ tcp_node = "",  ['!reverse'] = true })
@@ -361,24 +367,18 @@ if has_singbox or has_xray then
 	end
 end
 
-if api.is_finded("chinadns-ng") then
-	o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend."))
-	o.default = "0"
-	o:depends({ dns_mode = "",  ['!reverse'] = true })
-
-	o = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
-	o.default = "none"
-	o:value("none", translate("Default"))
-	o:value("gfw", translate("Remote DNS"))
-	o:value("chn", translate("Direct DNS"))
-	o.description = "<ul>"
-			.. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
-			.. "<li>" .. translate("Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result.") .. "</li>"
-			.. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
-			.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
-			.. "</ul>"
-	o:depends({chinadns_ng = true, chn_list = "direct"})
-end
+o = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
+o.default = "none"
+o:value("none", translate("Default"))
+o:value("gfw", translate("Remote DNS"))
+o:value("chn", translate("Direct DNS"))
+o.description = "<ul>"
+		.. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
+		.. "<li>" .. translate("Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result.") .. "</li>"
+		.. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
+		.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
+		.. "</ul>"
+o:depends({dns_shunt = "chinadns-ng", tcp_proxy_mode = "proxy", chn_list = "direct"})
 
 o = s:option(ListValue, "use_default_dns", translate("Default DNS"))
 o.default = "direct"
@@ -389,10 +389,6 @@ o.description = "<ul>"
 		.. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
 		.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
 		.. "</ul>"
-local _depends = {tcp_proxy_mode = "proxy"}
-if api.is_finded("chinadns-ng") then
-	_depends["chinadns_ng"] = false
-end
-o:depends(_depends)
+o:depends({dns_shunt = "dnsmasq", tcp_proxy_mode = "proxy", chn_list = "direct"})
 
 return m
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index ba3d2c097..716118715 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -260,13 +260,17 @@ end
 
 s:tab("DNS", translate("DNS"))
 
+dns_shunt = s:taboption("DNS", ListValue, "dns_shunt", "DNS " .. translate("Shunt"))
+dns_shunt:value("dnsmasq", "Dnsmasq")
+dns_shunt:value("chinadns-ng", "Dnsmasq + ChinaDNS-NG")
+
 o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
 o.default = "0"
 
 ---- DNS Forward Mode
 dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
-dns_mode:value("tcp", translatef("Requery DNS By %s", "TCP"))
 dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
+dns_mode:value("tcp", translatef("Requery DNS By %s", "TCP"))
 if api.is_finded("dns2socks") then
 	dns_mode:value("dns2socks", "dns2socks")
 end
@@ -362,7 +366,7 @@ o:depends({dns_mode = "xray"})
 
 o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy."))
 o.default = "0"
-o:depends({dns_mode = "sing-box"})
+o:depends({dns_mode = "sing-box", dns_shunt = "dnsmasq"})
 o.validate = function(self, value, t)
 	if value and value == "1" then
 		local _dns_mode = dns_mode:formvalue(t)
@@ -376,24 +380,18 @@ o.validate = function(self, value, t)
 	return value
 end
 
-if api.is_finded("chinadns-ng") then
-	o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend."))
-	o.default = "0"
-	o:depends({remote_fakedns = false})
-
-	o = s:taboption("DNS", ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
-	o.default = "none"
-	o:value("none", translate("Default"))
-	o:value("gfw", translate("Remote DNS"))
-	o:value("chn", translate("Direct DNS"))
-	o.description = "<ul>"
-			.. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
-			.. "<li>" .. translate("Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result.") .. "</li>"
-			.. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
-			.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
-			.. "</ul>"
-	o:depends({chinadns_ng = true, chn_list = "direct"})
-end
+o = s:taboption("DNS", ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
+o.default = "none"
+o:value("none", translate("Default"))
+o:value("gfw", translate("Remote DNS"))
+o:value("chn", translate("Direct DNS"))
+o.description = "<ul>"
+		.. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
+		.. "<li>" .. translate("Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result.") .. "</li>"
+		.. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
+		.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
+		.. "</ul>"
+o:depends({dns_shunt = "chinadns-ng", tcp_proxy_mode = "proxy", chn_list = "direct"})
 
 o = s:taboption("DNS", ListValue, "use_default_dns", translate("Default DNS"))
 o.default = "direct"
@@ -404,11 +402,7 @@ o.description = "<ul>"
 		.. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
 		.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
 		.. "</ul>"
-local _depends = {tcp_proxy_mode = "proxy"}
-if api.is_finded("chinadns-ng") then
-	_depends["chinadns_ng"] = false
-end
-o:depends(_depends)
+o:depends({dns_shunt = "dnsmasq", tcp_proxy_mode = "proxy", chn_list = "direct"})
 
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
 o.inputstyle = "remove"
diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config
index 0a6314722..1601d03f0 100644
--- a/luci-app-passwall/root/usr/share/passwall/0_default_config
+++ b/luci-app-passwall/root/usr/share/passwall/0_default_config
@@ -6,10 +6,10 @@ config global
 	option udp_node 'nil'
 	option tcp_node_socks_port '1070'
 	option filter_proxy_ipv6 '1'
+	option dns_shunt 'chinadns-ng'
 	option dns_mode 'tcp'
 	option remote_dns '1.1.1.1'
 	option use_default_dns 'direct'
-	option chinadns_ng '1'
 	option chinadns_ng_default_tag 'none'
 	option use_direct_list '1'
 	option use_proxy_list '1'
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 630ede1c5..f80b9f262 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -485,7 +485,7 @@ run_dns2socks() {
 run_chinadns_ng() {
 	local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag
 	eval_set_val $@
-	
+
 	local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf
 	local _LOG_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.log
 	_LOG_FILE="/dev/null"
@@ -513,7 +513,7 @@ run_chinadns_ng() {
 			group-ipset ${whitelist4_set},${whitelist6_set}
 		EOF
 	}
-	
+
 	[ "${_use_proxy_list}" = "1" ] && [ -s "${RULES_PATH}/proxy_host" ] && {
 		local blacklist4_set="passwall_blacklist"
 		local blacklist6_set="passwall_blacklist6"
@@ -529,7 +529,7 @@ run_chinadns_ng() {
 		EOF
 		[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE}
 	}
-	
+
 	[ "${_gfwlist}" = "1" ] && [ -s "${RULES_PATH}/gfwlist" ] && {
 		local gfwlist4_set="passwall_gfwlist"
 		local gfwlist6_set="passwall_gfwlist6"
@@ -543,7 +543,7 @@ run_chinadns_ng() {
 		EOF
 		[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE}
 	}
-	
+
 	[ "${_chnlist}" != "0" ] && [ -s "${RULES_PATH}/chnlist" ] && {
 		local chnroute4_set="passwall_chnroute"
 		local chnroute6_set="passwall_chnroute6"
@@ -573,7 +573,7 @@ run_chinadns_ng() {
 			[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE}
 		}
 	}
-	
+
 	#只使用gfwlist模式，GFW列表以外的域名及默认使用本地DNS
 	[ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn"
 	#回中国模式，中国列表以外的域名及默认使用本地DNS
@@ -583,7 +583,7 @@ run_chinadns_ng() {
 		_default_tag="gfw"
 		[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6" >> ${_CONF_FILE}
 	}
-	
+
 	([ -z "${_default_tag}" ] || [ "${_default_tag}" = "smart" ]) && _default_tag="none"
 	echo "default-tag ${_default_tag}" >> ${_CONF_FILE}
 
@@ -1297,7 +1297,7 @@ start_dns() {
 	;;
 	udp)
 		use_udp_node_resolve_dns=1
-		if [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ]; then
+		if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
 			local china_ng_listen_port=${dns_listen_port}
 			local china_ng_trust_dns="udp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
 		else
@@ -1307,7 +1307,7 @@ start_dns() {
 	;;
 	*)
 		use_tcp_node_resolve_dns=1
-		if [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ]; then
+		if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
 			local china_ng_listen_port=${dns_listen_port}
 			local china_ng_trust_dns="tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
 		else
@@ -1322,7 +1322,7 @@ start_dns() {
 	[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 TCP 查询，如非直连地址，确保 TCP 代理打开，并且已经正确转发！"
 	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 UDP 查询并已使用 UDP 节点，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"
 
-	[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && {
+	[ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ] && {
 		[ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0
 		[ -z "${china_ng_listen_port}" ] && local china_ng_listen_port=$(expr $dns_listen_port + 1)
 		local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
@@ -1453,9 +1453,9 @@ acl_app() {
 			udp_proxy_mode=${udp_proxy_mode:-proxy}
 			filter_proxy_ipv6=${filter_proxy_ipv6:-0}
 			dnsmasq_filter_proxy_ipv6=${filter_proxy_ipv6}
+			dns_shunt=${dns_shunt:-dnsmasq}
 			dns_mode=${dns_mode:-dns2socks}
 			remote_dns=${remote_dns:-1.1.1.1}
-			chinadns_ng=${chinadns_ng:-0}
 			use_default_dns=${use_default_dns:-direct}
 			[ "$dns_mode" = "sing-box" ] && {
 				[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
@@ -1491,7 +1491,7 @@ acl_app() {
 								eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
 							}
 
-							[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && {
+							[ "$dns_shunt" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ] && {
 								[ "$filter_proxy_ipv6" = "1" ] && dnsmasq_filter_proxy_ipv6=0
 								chinadns_port=$(expr $chinadns_port + 1)
 								_china_ng_listen="127.0.0.1#${chinadns_port}"
@@ -1766,10 +1766,11 @@ LOCALHOST_PROXY=$(config_t_get global localhost_proxy 1)
 	LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
 }
 CLIENT_PROXY=$(config_t_get global client_proxy 1)
+DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
+[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
 DNS_MODE=$(config_t_get global dns_mode tcp)
 DNS_CACHE=0
 REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
-CHINADNS_NG=$(config_t_get global chinadns_ng 0)
 USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
 FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
 dns_listen_port=${DNS_PORT}
diff --git a/patch-luci-app-passwall.patch b/patch-luci-app-passwall.patch
index 0a6fc6f1f..7869bd379 100644
--- a/patch-luci-app-passwall.patch
+++ b/patch-luci-app-passwall.patch
@@ -36,7 +36,7 @@ index c303efe..6b4319e 100644
  s = m:section(TypedSection, "global", translate("ACLs"), "<font color='red'>" .. translate("ACLs is a tools which used to designate specific IP proxy mode.") .. "</font>")
  s.anonymous = true
 diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
-index 1b89532..7ea123f 100644
+index e355bc9..96e49cc 100644
 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
 +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
 @@ -13,7 +13,6 @@ local port_validate = function(self, value, t)
@@ -60,7 +60,7 @@ index 8a59a43..9d47562 100644
  -- [[ App Settings ]]--
  s = m:section(TypedSection, "global_app", translate("App Update"),
 diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-index 7f26ed7..ba3d2c0 100644
+index d96f550..7161187 100644
 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
 +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
 @@ -9,7 +9,6 @@ local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
@@ -71,7 +71,7 @@ index 7f26ed7..ba3d2c0 100644
  
  local nodes_table = {}
  for k, e in ipairs(api.get_valid_nodes()) do
-@@ -326,6 +325,12 @@ o:value("8.8.8.8", "8.8.8.8 (Google)")
+@@ -330,6 +329,12 @@ o:value("8.8.8.8", "8.8.8.8 (Google)")
  o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
  o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
  o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
@@ -403,7 +403,7 @@ index 24662de..77b6a0b 100644
  	</div>
  </div>
 diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config
-index 67db6af..0a63147 100644
+index cfe606d..1601d03 100644
 --- a/luci-app-passwall/root/usr/share/passwall/0_default_config
 +++ b/luci-app-passwall/root/usr/share/passwall/0_default_config
 @@ -32,7 +32,7 @@ config global_haproxy