From be1b8e8c51d75019ff02c176ba9162f987d593d2 Mon Sep 17 00:00:00 2001
From: xiaorouji <60100640+xiaorouji@users.noreply.github.com>
Date: Thu, 28 Apr 2022 02:51:45 +0800
Subject: [PATCH] luci: optimize code
---
.../luasrc/controller/passwall.lua | 2 +-
.../luasrc/model/cbi/passwall/api/api.lua | 8 +
.../model/cbi/passwall/api/gen_v2ray.lua | 318 ++++++++++--------
.../model/cbi/passwall/client/acl_config.lua | 73 ++--
.../model/cbi/passwall/client/global.lua | 59 ++--
.../model/cbi/passwall/client/node_config.lua | 26 --
.../model/cbi/passwall/client/other.lua | 2 -
luci-app-passwall/po/zh-cn/passwall.po | 138 ++------
.../root/usr/share/passwall/0_default_config | 2 +-
.../root/usr/share/passwall/app.sh | 79 ++---
.../root/usr/share/passwall/iptables.sh | 26 +-
11 files changed, 344 insertions(+), 389 deletions(-)
diff --git a/luci-app-passwall/luasrc/controller/passwall.lua b/luci-app-passwall/luasrc/controller/passwall.lua
index badd747c7..f09343925 100644
--- a/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/luci-app-passwall/luasrc/controller/passwall.lua
@@ -181,7 +181,7 @@ end
function status()
-- local dns_mode = ucic:get(appname, "@global[0]", "dns_mode")
local e = {}
- e.dns_mode_status = luci.sys.call("netstat -apn | grep ':7913 ' >/dev/null") == 0
+ e.dns_mode_status = luci.sys.call("netstat -apn | grep ':15353 ' >/dev/null") == 0
e.haproxy_status = luci.sys.call(string.format("/bin/top -bn1 | grep -v grep | grep '%s/bin/' | grep haproxy >/dev/null", appname)) == 0
e["tcp_node_status"] = luci.sys.call(string.format("/bin/top -bn1 | grep -v -E 'grep|acl/|acl_' | grep '%s/bin/' | grep -i 'TCP' >/dev/null", appname)) == 0
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua b/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua
index 47d08757f..89d88f16f 100755
--- a/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua
@@ -206,6 +206,14 @@ function iprange(val)
return false
end
+function get_domain_from_url(url)
+ local domain = string.match(url, "//([^/]+)")
+ if domain then
+ return domain
+ end
+ return url
+end
+
function get_valid_nodes()
local nodes_ping = uci_get_type("global_other", "nodes_ping") or ""
local nodes = {}
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua b/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
index 02e40844b..9ad38aebd 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
@@ -19,16 +19,17 @@ local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"]
-local dns_server = var["-dns_server"]
-local dns_tcp_server = var["-dns_tcp_server"]
-local dns_cache = var["-dns_cache"]
-local doh_url = var["-doh_url"]
-local doh_host = var["-doh_host"]
-local dns_client_ip = var["-dns_client_ip"]
local dns_query_strategy = var["-dns_query_strategy"]
+local remote_dns_server = var["-remote_dns_server"]
+local remote_dns_port = var["-remote_dns_port"]
+local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
+local remote_dns_doh_url = var["-remote_dns_doh_url"]
+local remote_dns_doh_host = var["-remote_dns_doh_host"]
+local remote_dns_fake = var["-remote_dns_fake"]
+local dns_cache = var["-dns_cache"]
+local dns_client_ip = var["-dns_client_ip"]
local dns_socks_address = var["-dns_socks_address"]
local dns_socks_port = var["-dns_socks_port"]
-local dns_fakedns = var["-dns_fakedns"]
local loglevel = var["-loglevel"] or "warning"
local new_port
@@ -291,59 +292,33 @@ if node_id then
table.insert(inbounds, inbound)
end
- if tcp_redir_port then
- table.insert(inbounds, {
- port = tonumber(tcp_redir_port),
+ if tcp_redir_port or udp_redir_port then
+ local inbound = {
protocol = "dokodemo-door",
- settings = {network = "tcp", followRedirect = true},
- streamSettings = {sockopt = {tproxy = tcp_proxy_way}},
- sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
- })
- end
-
- if udp_redir_port then
- table.insert(inbounds, {
- port = tonumber(udp_redir_port),
- protocol = "dokodemo-door",
- settings = {network = "udp", followRedirect = true},
+ settings = {network = "tcp,udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = "tproxy"}},
- sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
- })
- end
+ sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (remote_dns_fake) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
+ }
+
+ if tcp_redir_port then
+ local tcp_inbound = api.clone(inbound)
+ tcp_inbound.tag = "tcp_redir"
+ tcp_inbound.settings.network = "tcp"
+ tcp_inbound.port = tonumber(tcp_redir_port)
+ tcp_inbound.streamSettings.sockopt.tproxy = tcp_proxy_way
+ table.insert(inbounds, tcp_inbound)
+ end
- local up_trust_doh = uci:get(appname, "@global[0]", "up_trust_doh")
- if up_trust_doh then
- local t = {}
- string.gsub(up_trust_doh, '[^' .. "," .. ']+', function (w)
- table.insert(t, w)
- end)
- if #t > 1 then
- local host = sys.exec("echo -n $(echo " .. t[1] .. " | sed 's/https:\\/\\///g' | awk -F ':' '{print $1}' | awk -F '/' '{print $1}')")
- dns = {
- hosts = {
- [host] = t[2]
- }
- }
+ if udp_redir_port then
+ local udp_inbound = api.clone(inbound)
+ udp_inbound.tag = "udp_redir"
+ udp_inbound.settings.network = "udp"
+ udp_inbound.port = tonumber(udp_redir_port)
+ table.insert(inbounds, udp_inbound)
end
end
if node.protocol == "_shunt" then
- table.insert(outbounds, {
- protocol = "freedom",
- tag = "direct",
- settings = {
- domainStrategy = "UseIPv4"
- },
- streamSettings = {
- sockopt = {
- mark = 255
- }
- }
- })
- table.insert(outbounds, {
- protocol = "blackhole",
- tag = "blackhole"
- })
local rules = {}
local default_node_id = node.default_node or "_direct"
@@ -545,55 +520,64 @@ if node_id then
end
end
-if dns_server or dns_fakedns then
- table.insert(outbounds, {
- protocol = "dns",
- tag = "dns-out"
- })
+if remote_dns_server or remote_dns_doh_url or remote_dns_fake then
local rules = {}
+ local _remote_dns_proto = "tcp"
+
+ if not routing then
+ routing = {
+ domainStrategy = "IPOnDemand",
+ rules = {}
+ }
+ end
dns = {
tag = "dns-in1",
+ hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false,
- servers = {
- dns_server
- },
+ disableFallback = true,
+ disableFallbackIfMatch = true,
+ servers = {},
clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil,
- queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or nil
+ queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}
- if doh_url and doh_host then
- dns.hosts = {
- [doh_host] = dns_server
- }
- if not tcp_redir_port and not dns_socks_port then
- doh_url = doh_url:gsub("https://", "https+local://")
- end
- dns.servers = {
- doh_url
- }
+
+ local _remote_dns = {
+ --_flag = "remote"
+ }
+
+ if remote_dns_tcp_server then
+ _remote_dns.address = remote_dns_tcp_server
+ _remote_dns.port = tonumber(remote_dns_port)
end
- if dns_tcp_server then
- if not tcp_redir_port and not dns_socks_port then
- dns_tcp_server = dns_tcp_server:gsub("tcp://", "tcp+local://")
+ if remote_dns_doh_url and remote_dns_doh_host then
+ if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
+ dns.hosts[remote_dns_doh_host] = remote_dns_server
end
- dns.servers = {
- dns_tcp_server
- }
+ _remote_dns.address = remote_dns_doh_url
+ _remote_dns.port = tonumber(remote_dns_port)
+ _remote_dns_proto = "doh"
end
- if dns_fakedns then
+ if remote_dns_fake then
+ remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
- dns_server = "1.1.1.1"
- dns.servers = {
- "fakedns"
- }
+ if dns_query_strategy == "UseIP" then
+ fakedns[#fakedns + 1] = {
+ ipPool = "fc00::/18",
+ poolSize = 65535
+ }
+ end
+ _remote_dns.address = "fakedns"
end
+ table.insert(dns.servers, _remote_dns)
+
if dns_listen_port then
table.insert(inbounds, {
listen = "127.0.0.1",
@@ -601,72 +585,128 @@ if dns_server or dns_fakedns then
protocol = "dokodemo-door",
tag = "dns-in",
settings = {
- address = dns_server,
- port = 53,
+ address = remote_dns_server,
+ port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
network = "tcp,udp"
}
})
- end
- table.insert(rules, {
- type = "field",
- inboundTag = {
- "dns-in"
- },
- outboundTag = "dns-out"
- })
-
- if dns_socks_address and dns_socks_port then
- table.insert(outbounds, 1, {
- tag = "out",
- protocol = "socks",
- streamSettings = {
- network = "tcp",
- security = "none"
- },
+ table.insert(outbounds, {
+ tag = "dns-out",
+ protocol = "dns",
settings = {
- servers = {
- {
- address = dns_socks_address,
- port = tonumber(dns_socks_port)
- }
- }
+ address = remote_dns_server,
+ port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
+ network = "tcp",
}
})
- local outboundTag = "out"
- table.insert(rules, {
+
+ table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
- "dns-in1"
+ "dns-in"
},
- outboundTag = outboundTag
+ outboundTag = "dns-out"
})
end
- if node_id and tcp_redir_port and not dns_fakedns then
- local outboundTag = node_id
+--[[
+ local default_dns_flag = "remote"
+ if node_id and tcp_redir_port then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
- outboundTag = "default"
+ if node.default_node == "_direct" then
+ default_dns_flag = "direct"
+ end
end
- table.insert(rules, {
- type = "field",
- inboundTag = {
- "dns-in1"
- },
- outboundTag = outboundTag
- })
end
-
- if not routing then
- routing = {
- domainStrategy = "IPOnDemand",
- rules = rules
- }
- else
- for index, value in ipairs(rules) do
- table.insert(routing.rules, 1, value)
+
+ if dns.servers and #dns.servers > 0 then
+ local dns_servers = nil
+ for index, value in ipairs(dns.servers) do
+ if not dns_servers and value["_flag"] == default_dns_flag then
+ dns_servers = {
+ _flag = "default",
+ address = value.address,
+ port = value.port
+ }
+ break
+ end
end
+ if dns_servers then
+ table.insert(dns.servers, 1, dns_servers)
+ end
+ end
+]]--
+ if true then
+ local dns_outboundTag = "direct"
+ if dns_socks_address and dns_socks_port then
+ dns_outboundTag = "out"
+ table.insert(outbounds, 1, {
+ tag = dns_outboundTag,
+ protocol = "socks",
+ streamSettings = {
+ network = "tcp",
+ security = "none"
+ },
+ settings = {
+ servers = {
+ {
+ address = dns_socks_address,
+ port = tonumber(dns_socks_port)
+ }
+ }
+ }
+ })
+ else
+ if node_id and tcp_redir_port and not remote_dns_fake then
+ dns_outboundTag = node_id
+ local node = uci:get_all(appname, node_id)
+ if node.protocol == "_shunt" then
+ dns_outboundTag = "default"
+ end
+ end
+ end
+ if dns_outboundTag == "direct" then
+ table.insert(routing.rules, {
+ type = "field",
+ ip = {
+ remote_dns_server
+ },
+ port = tonumber(remote_dns_port),
+ outboundTag = dns_outboundTag
+ })
+ else
+ table.insert(rules, {
+ type = "field",
+ ip = {
+ remote_dns_server
+ },
+ port = tonumber(remote_dns_port),
+ outboundTag = dns_outboundTag
+ })
+ end
+ end
+
+ local default_rule_index = #routing.rules > 0 and #routing.rules or 1
+ for index, value in ipairs(routing.rules) do
+ if value["_flag"] == "default" then
+ default_rule_index = index
+ break
+ end
+ end
+ for index, value in ipairs(rules) do
+ local t = rules[#rules + 1 - index]
+ table.insert(routing.rules, default_rule_index, t)
+ end
+
+ local dns_hosts_len = 0
+ for key, value in pairs(dns.hosts) do
+ dns_hosts_len = dns_hosts_len + 1
+ end
+
+ if dns_hosts_len == 0 then
+ dns.hosts = nil
end
end
@@ -704,5 +744,21 @@ if inbounds or outbounds then
-- }
}
}
+ table.insert(outbounds, {
+ protocol = "freedom",
+ tag = "direct",
+ settings = {
+ domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
+ },
+ streamSettings = {
+ sockopt = {
+ mark = 255
+ }
+ }
+ })
+ table.insert(outbounds, {
+ protocol = "blackhole",
+ tag = "blackhole"
+ })
print(jsonc.stringify(config, 1))
end
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index 52a1de489..a858d409f 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -242,51 +242,52 @@ o:depends("dns_mode", "v2ray")
o:depends("dns_mode", "xray")
---- DNS Forward
-o = s:option(Value, "dns_forward", translate("Remote DNS"))
+o = s:option(Value, "remote_dns", translate("Remote DNS"))
o.default = "1.1.1.1"
-o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)")
-o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)")
-o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
-o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
-o:value("208.67.222.222", "208.67.222.222 (Open DNS)")
-o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
+o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
+o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
+o:value("8.8.4.4", "8.8.4.4 (Google)")
+o:value("8.8.8.8", "8.8.8.8 (Google)")
+o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
+o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
+o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends("dns_mode", "dns2socks")
o:depends("v2ray_dns_mode", "tcp")
if has_v2ray or has_xray then
----- DoH
-o = s:option(Value, "dns_doh", translate("DoH request address"))
-o:value("https://cloudflare-dns.com/dns-query,1.1.1.1", "CloudFlare")
-o:value("https://security.cloudflare-dns.com/dns-query,1.1.1.2", "CloudFlare-Security")
-o:value("https://doh.opendns.com/dns-query,208.67.222.222", "OpenDNS")
-o:value("https://dns.google/dns-query,8.8.8.8", "Google")
-o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
-o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
-o:value("https://dns.quad9.net/dns-query,9.9.9.9", "Quad9-Recommended")
-o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
-o.default = "https://cloudflare-dns.com/dns-query,1.1.1.1"
-o.validate = function(self, value, t)
- if value ~= "" then
- local flag = 0
- local util = require "luci.util"
- local val = util.split(value, ",")
- local url = val[1]
- val[1] = nil
- for i = 1, #val do
- local v = val[i]
- if v then
- if not api.datatypes.ipmask4(v) then
- flag = 1
+ o = s:option(Value, "remote_dns_doh", translate("Remote DNS DoH"))
+ o:value("https://1.1.1.1/dns-query", "CloudFlare")
+ o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
+ o:value("https://8.8.4.4/dns-query", "Google 8844")
+ o:value("https://8.8.8.8/dns-query", "Google 8888")
+ o:value("https://9.9.9.9/dns-query", "Quad9-Recommended")
+ o:value("https://208.67.222.222/dns-query", "OpenDNS")
+ o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
+ o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
+ o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
+ o.default = "https://1.1.1.1/dns-query"
+ o.validate = function(self, value, t)
+ if value ~= "" then
+ local flag = 0
+ local util = require "luci.util"
+ local val = util.split(value, ",")
+ local url = val[1]
+ val[1] = nil
+ for i = 1, #val do
+ local v = val[i]
+ if v then
+ if not api.datatypes.ipmask4(v) then
+ flag = 1
+ end
end
end
+ if flag == 0 then
+ return value
+ end
end
- if flag == 0 then
- return value
- end
+ return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
end
- return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
-end
-o:depends("v2ray_dns_mode", "doh")
+ o:depends("v2ray_dns_mode", "doh")
end
o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 2b6e13eda..9f9da3e81 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -86,8 +86,6 @@ o.rmempty = false
---- TCP Node
tcp_node = s:taboption("Main", ListValue, "tcp_node", "" .. translate("TCP Node") .. "")
tcp_node.description = ""
---tcp_node.description = translate("For proxy specific list.")
---tcp_node.description = o.description .. "
"
local current_node = luci.sys.exec(string.format("[ -f '/tmp/etc/%s/id/TCP' ] && echo -n $(cat /tmp/etc/%s/id/TCP)", appname, appname))
if current_node and current_node ~= "" and current_node ~= "nil" then
local n = uci:get_all(appname, current_node)
@@ -168,7 +166,6 @@ end
udp_node = s:taboption("Main", ListValue, "udp_node", "" .. translate("UDP Node") .. "")
udp_node:value("nil", translate("Close"))
---udp_node.description = translate("For proxy game network.")
udp_node:value("tcp", translate("Same as the tcp node"))
s:tab("DNS", translate("DNS"))
@@ -182,6 +179,7 @@ if api.is_finded("smartdns") then
group_domestic.placeholder = "local"
group_domestic:depends("dns_shunt", "smartdns")
group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
+ group_domestic.description = group_domestic.description .. string.format('%s', "https://github.com/luckyyyyy/blog/issues/57", translate("Guide"))
end
o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
@@ -232,36 +230,37 @@ o.validate = function(self, value, t)
end
o:depends({dns_mode = "dns2socks"})
----- DoH
-o = s:taboption("DNS", Value, "up_trust_doh", translate("DoH request address"))
-o:value("https://cloudflare-dns.com/dns-query,1.1.1.1", "CloudFlare")
-o:value("https://security.cloudflare-dns.com/dns-query,1.1.1.2", "CloudFlare-Security")
-o:value("https://doh.opendns.com/dns-query,208.67.222.222", "OpenDNS")
-o:value("https://dns.google/dns-query,8.8.8.8", "Google")
-o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
-o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
-o:value("https://dns.quad9.net/dns-query,9.9.9.9", "Quad9-Recommended")
-o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
-o.default = "https://cloudflare-dns.com/dns-query,1.1.1.1"
-o.validate = doh_validate
-o:depends("v2ray_dns_mode", "doh")
-
---- DNS Forward
-o = s:taboption("DNS", Value, "dns_forward", translate("Remote DNS"))
---o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. " " .. translate("If you use dns2socks, only the first one is valid.")
+o = s:taboption("DNS", Value, "remote_dns", translate("Remote DNS"))
o.datatype = "or(ipaddr,ipaddrport)"
o.default = "1.1.1.1"
-o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)")
-o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)")
-o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
-o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
-o:value("208.67.222.222", "208.67.222.222 (Open DNS)")
-o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
+o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
+o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
+o:value("8.8.4.4", "8.8.4.4 (Google)")
+o:value("8.8.8.8", "8.8.8.8 (Google)")
+o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
+o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
+o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "pdnsd"})
o:depends({dns_mode = "udp"})
o:depends({v2ray_dns_mode = "tcp"})
+---- DoH
+o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
+o.default = "https://1.1.1.1/dns-query"
+o:value("https://1.1.1.1/dns-query", "CloudFlare")
+o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
+o:value("https://8.8.4.4/dns-query", "Google 8844")
+o:value("https://8.8.8.8/dns-query", "Google 8888")
+o:value("https://9.9.9.9/dns-query", "Quad9-Recommended")
+o:value("https://208.67.222.222/dns-query", "OpenDNS")
+o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
+o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
+o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
+o.validate = doh_validate
+o:depends("v2ray_dns_mode", "doh")
+
o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet"))
o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "
" ..
translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
@@ -311,8 +310,7 @@ end
s:tab("Proxy", translate("Mode"))
---- TCP Default Proxy Mode
-tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default") .. translate("Proxy Mode"))
--- o.description = translate("If not available, try clearing the cache.")
+tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default Proxy Mode"))
tcp_proxy_mode:value("disable", translate("No Proxy"))
tcp_proxy_mode:value("global", translate("Global Proxy"))
tcp_proxy_mode:value("gfwlist", translate("GFW List"))
@@ -325,7 +323,7 @@ tcp_proxy_mode.default = "chnroute"
--tcp_proxy_mode.validate = redir_mode_validate
---- UDP Default Proxy Mode
-udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default") .. translate("Proxy Mode"))
+udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default Proxy Mode"))
udp_proxy_mode:value("disable", translate("No Proxy"))
udp_proxy_mode:value("global", translate("Global Proxy"))
udp_proxy_mode:value("gfwlist", translate("GFW List"))
@@ -339,7 +337,6 @@ udp_proxy_mode.default = "chnroute"
---- Localhost TCP Proxy Mode
localhost_tcp_proxy_mode = s:taboption("Proxy", ListValue, "localhost_tcp_proxy_mode", translate("Router Localhost") .. " TCP " .. translate("Proxy Mode"))
--- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
localhost_tcp_proxy_mode:value("default", translatef("Same as the %s default proxy mode", "TCP"))
localhost_tcp_proxy_mode:value("global", translate("Global Proxy"))
localhost_tcp_proxy_mode:value("gfwlist", translate("GFW List"))
@@ -379,14 +376,14 @@ o.rmempty = false
o = s:taboption("log", Flag, "close_log_udp", translatef("%s Node Log Close", "UDP"))
o.rmempty = false
-loglevel = s:taboption("log", ListValue, "loglevel", "V2ray/Xray" .. translate("Log Level"))
+loglevel = s:taboption("log", ListValue, "loglevel", "V2ray/Xray " .. translate("Log Level"))
loglevel.default = "warning"
loglevel:value("debug")
loglevel:value("info")
loglevel:value("warning")
loglevel:value("error")
-trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan" .. translate("Log Level"))
+trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan " .. translate("Log Level"))
trojan_loglevel.default = "2"
trojan_loglevel:value("0", "all")
trojan_loglevel:value("1", "info")
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
index ac68967eb..8614efd4e 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
@@ -257,32 +257,6 @@ address:depends({ type = "Xray", protocol = "socks" })
address:depends({ type = "Xray", protocol = "shadowsocks" })
address:depends({ type = "Xray", protocol = "trojan" })
---[[
-use_ipv6 = s:option(Flag, "use_ipv6", translate("Use IPv6"))
-use_ipv6.default = 0
-use_ipv6:depends("type", "Socks")
-use_ipv6:depends("type", "SS")
-use_ipv6:depends("type", "SS-Rust")
-use_ipv6:depends("type", "SSR")
-use_ipv6:depends("type", "Brook")
-use_ipv6:depends("type", "Trojan")
-use_ipv6:depends("type", "Trojan-Plus")
-use_ipv6:depends("type", "Trojan-Go")
-use_ipv6:depends("type", "Hysteria")
-use_ipv6:depends({ type = "V2ray", protocol = "vmess" })
-use_ipv6:depends({ type = "V2ray", protocol = "vless" })
-use_ipv6:depends({ type = "V2ray", protocol = "http" })
-use_ipv6:depends({ type = "V2ray", protocol = "socks" })
-use_ipv6:depends({ type = "V2ray", protocol = "shadowsocks" })
-use_ipv6:depends({ type = "V2ray", protocol = "trojan" })
-use_ipv6:depends({ type = "Xray", protocol = "vmess" })
-use_ipv6:depends({ type = "Xray", protocol = "vless" })
-use_ipv6:depends({ type = "Xray", protocol = "http" })
-use_ipv6:depends({ type = "Xray", protocol = "socks" })
-use_ipv6:depends({ type = "Xray", protocol = "shadowsocks" })
-use_ipv6:depends({ type = "Xray", protocol = "trojan" })
---]]
-
port = s:option(Value, "port", translate("Port"))
port.datatype = "port"
port.rmempty = false
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
index 660d17478..27cbd4c59 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
@@ -88,8 +88,6 @@ o.default = "22,25,53,143,465,587,853,993,995,80,443"
o:value("1:65535", translate("All"))
o:value("22,25,53,143,465,587,853,993,995,80,443", translate("Common Use"))
o:value("80,443", translate("Only Web"))
-o:value("80:65535", "80 " .. translate("or more"))
-o:value("1:443", "443 " .. translate("or less"))
---- UDP Redir Ports
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index a12a4e97c..e7036c0fe 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -16,37 +16,12 @@ msgstr "连接正常"
msgid "Problem detected!"
msgstr "连接失败"
-msgid "Very Fast"
-msgstr "非常快"
-
-msgid "Fast"
-msgstr "很快"
-
-
-msgid "Slow"
-msgstr "很慢"
-
-msgid "Very Slow"
-msgstr "非常慢"
-
msgid "Touch Check"
msgstr "点我检测"
msgid "Kernel Unsupported"
msgstr "内核不支持"
-msgid "Use IPv6"
-msgstr "使用IPv6"
-
-msgid "Parsing IP"
-msgstr "域名解析IP"
-
-msgid "TCP Server"
-msgstr "TCP服务器"
-
-msgid "UDP Server"
-msgstr "UDP服务器"
-
msgid "Main Settings"
msgstr "节点选择"
@@ -108,19 +83,19 @@ msgid "Main switch"
msgstr "主开关"
msgid "TCP Node"
-msgstr "TCP节点"
+msgstr "TCP 节点"
msgid "UDP Node"
-msgstr "UDP节点"
+msgstr "UDP 节点"
msgid "Edit Current Node"
msgstr "编辑当前节点"
msgid "Socks Config"
-msgstr "Socks配置"
+msgstr "Socks 配置"
msgid "Socks Node"
-msgstr "Socks节点"
+msgstr "Socks 节点"
msgid "Listen Port"
msgstr "监听端口"
@@ -134,12 +109,6 @@ msgstr "与TCP节点相同"
msgid "Current node: %s"
msgstr "当前节点:%s"
-msgid "For proxy specific list."
-msgstr "用于代理特定的列表。"
-
-msgid "For proxy game network."
-msgstr "用于代理游戏等。"
-
msgid "DNS Shunt"
msgstr "DNS分流"
@@ -149,27 +118,18 @@ msgstr "国内分组名"
msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
msgstr "你只需要在SmartDNS配置好国内DNS分组,并设置重定向或作为Dnsmasq上游,此处填入国内DNS分组名。"
+msgid "Guide"
+msgstr "教程"
+
msgid "Filter Mode"
msgstr "过滤模式"
msgid "TCP node must be '%s' type to use FakeDNS."
-msgstr "TCP节点必须是 '%s' 类型才能使用 FakeDNS。"
+msgstr "TCP 节点必须是 '%s' 类型才能使用 FakeDNS。"
msgid "Remote DNS"
msgstr "远程 DNS"
-msgid "IP:Port mode acceptable, multi value split with english comma."
-msgstr "接受 IP:Port 形式的输入,多个以英文逗号分隔。"
-
-msgid "If you use dns2socks, only the first one is valid."
-msgstr "如果使用dns2socks,只有第一个生效。"
-
-msgid "Ali"
-msgstr "阿里"
-
-msgid "Baidu"
-msgstr "百度"
-
msgid "Resolver For The List Proxied"
msgstr "解析被代理的域名列表"
@@ -177,7 +137,7 @@ msgid "Requery DNS By %s"
msgstr "通过%s请求DNS"
msgid "Socks Server"
-msgstr "Socks服务器"
+msgstr "Socks 服务器"
msgid "Misconfigured"
msgstr "配置不当"
@@ -188,11 +148,8 @@ msgstr "请确保此Socks服务可用。"
msgid "Format must be:"
msgstr "格式必须为:"
-msgid "DoH request address"
-msgstr "DoH 请求地址"
-
-msgid "China list or gfwlist cannot be used together with outside China list!"
-msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
+msgid "Remote DNS DoH"
+msgstr "远程 DNS DoH"
msgid "Cache Resolved"
msgstr "缓存解析结果"
@@ -221,9 +178,6 @@ msgstr "清空 IPSET"
msgid "Try this feature if the rule modification does not take effect."
msgstr "如果修改规则后没有生效,请尝试此功能。"
-msgid "The server client can also use this rule to scientifically surf the Internet."
-msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
-
msgid "About DNS issues:"
msgstr "关于DNS问题:"
@@ -281,11 +235,8 @@ msgstr "单进程"
msgid "Proxy Mode"
msgstr "代理模式"
-msgid "%s Proxy Mode"
-msgstr "%s 代理模式"
-
-msgid "If not available, try clearing the cache."
-msgstr "如果无法使用,请尝试清除缓存。"
+msgid "Default Proxy Mode"
+msgstr "默认代理模式"
msgid "No Proxy"
msgstr "不代理"
@@ -312,10 +263,7 @@ msgid "Localhost"
msgstr "本机"
msgid "Router Localhost"
-msgstr "路由器自身"
-
-msgid "Danger"
-msgstr "危险"
+msgstr "路由器本机"
msgid "Same as the %s default proxy mode"
msgstr "与 %s 默认代理模式相同"
@@ -323,6 +271,9 @@ msgstr "与 %s 默认代理模式相同"
msgid "Want different devices to use different proxy modes/ports/nodes? Please use access control."
msgstr "希望不同设备使用不同的代理模式/端口/节点?请使用访问控制。"
+msgid "China list or gfwlist cannot be used together with outside China list!"
+msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
+
msgid "Operation"
msgstr "操作"
@@ -545,15 +496,6 @@ msgstr "组"
msgid "Auto Ping"
msgstr "自动Ping"
-msgid "This will automatically ping the node for latency"
-msgstr "选中后保存应用后即自动Ping节点"
-
-msgid "Use TCP Detection delay"
-msgstr "使用TCP检测延迟"
-
-msgid "This will use tcping replace ping detection of node"
-msgstr "选中后保存应用后即使用tcping替换ping检测节点"
-
msgid "Concise display nodes"
msgstr "简洁显示节点"
@@ -609,25 +551,25 @@ msgid "Forwarding Settings"
msgstr "转发配置"
msgid "TCP No Redir Ports"
-msgstr "TCP不转发端口"
+msgstr "TCP 不转发端口"
msgid "UDP No Redir Ports"
-msgstr "UDP不转发端口"
+msgstr "UDP 不转发端口"
msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority."
msgstr "填写你不希望被代理转发的端口,优先级最高。"
msgid "TCP Proxy Drop Ports"
-msgstr "TCP转发屏蔽端口"
+msgstr "TCP 转发屏蔽端口"
msgid "UDP Proxy Drop Ports"
-msgstr "UDP转发屏蔽端口"
+msgstr "UDP 转发屏蔽端口"
msgid "TCP Redir Ports"
-msgstr "TCP转发端口"
+msgstr "TCP 转发端口"
msgid "UDP Redir Ports"
-msgstr "UDP转发端口"
+msgstr "UDP 转发端口"
msgid "No patterns are used"
msgstr "不使用"
@@ -641,12 +583,6 @@ msgstr "常用的"
msgid "Only Web"
msgstr "仅网页"
-msgid "or more"
-msgstr "及以上"
-
-msgid "or less"
-msgstr "及以下"
-
msgid "Default"
msgstr "默认"
@@ -672,29 +608,14 @@ msgid "When enabled, the server not will resolve the domain name again."
msgstr "启用后,服务器不会再次解析域名。"
msgid "TCP Proxy Way"
-msgstr "TCP代理方式"
+msgstr "TCP 代理方式"
msgid "Proxy Settings"
msgstr "代理配置"
-msgid "TCP Redir Port"
-msgstr "TCP透明代理端口"
-
-msgid "UDP Redir Port"
-msgstr "UDP透明代理端口"
-
-msgid "Custom Dnsmasq"
-msgstr "自定义Dnsmasq设置"
-
-msgid "Setting a parameter error will cause dnsmasq fail to start."
-msgstr "参数设置错误将会导致Dnsmasq无法启动。"
-
msgid "Auto Switch"
msgstr "自动切换"
-msgid "When there is no server, an automatic reconnect scheme is used"
-msgstr "当没有服务器时,则使用自动重连方案"
-
msgid "How often to test"
msgstr "多久检测一次"
@@ -704,9 +625,6 @@ msgstr "超时秒数"
msgid "Timeout retry num"
msgstr "超时重试次数"
-msgid "Automatic switching cannot be used when this option is checked"
-msgstr "当勾选此选项时,不能使用自动切换"
-
msgid "Main node"
msgstr "主节点"
@@ -1083,7 +1001,7 @@ msgid "Local Port"
msgstr "本地端口"
msgid "TCP Fast Open"
-msgstr "TCP快速打开"
+msgstr "TCP 快速打开"
msgid "Need node support required"
msgstr "需要节点支持"
@@ -1170,7 +1088,7 @@ msgid "Auth"
msgstr "身份认证"
msgid "Socks for authentication"
-msgstr "Socks认证方式"
+msgstr "Socks 认证方式"
msgid "Socks protocol authentication, support anonymous and password."
msgstr "Socks 协议的认证方式,支持匿名方式和账号密码方式。"
@@ -1296,10 +1214,10 @@ msgid "Not enabled log"
msgstr "未启用日志"
msgid "UDP Forward"
-msgstr "UDP转发"
+msgstr "UDP 转发"
msgid "DNS Settings"
-msgstr "DNS设置"
+msgstr "DNS 设置"
msgid "Null"
msgstr "无"
diff --git a/luci-app-passwall/root/usr/share/passwall/0_default_config b/luci-app-passwall/root/usr/share/passwall/0_default_config
index 5b46c65e3..687d0ecfb 100644
--- a/luci-app-passwall/root/usr/share/passwall/0_default_config
+++ b/luci-app-passwall/root/usr/share/passwall/0_default_config
@@ -5,7 +5,7 @@ config global
option tcp_node 'nil'
option udp_node 'nil'
option dns_mode 'pdnsd'
- option dns_forward '1.1.1.1'
+ option remote_dns '1.1.1.1'
option filter_proxy_ipv6 '0'
option tcp_proxy_mode 'chnroute'
option udp_proxy_mode 'chnroute'
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 4a8a81bec..9cfdcd187 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -20,7 +20,7 @@ LOG_FILE=/tmp/log/$CONFIG.log
APP_PATH=/usr/share/$CONFIG
RULES_PATH=/usr/share/${CONFIG}/rules
DNS_N=dnsmasq
-DNS_PORT=7913
+DNS_PORT=15353
TUN_DNS="127.0.0.1#${DNS_PORT}"
LOCAL_DNS=119.29.29.29
DEFAULT_DNS=
@@ -291,7 +291,9 @@ run_ipt2socks() {
}
run_v2ray() {
- local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password dns_socks_address dns_socks_port dns_listen_port dns_proto dns_tcp_server doh dns_client_ip dns_query_strategy dns_cache loglevel log_file config_file
+ local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+ local dns_listen_port remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port
+ local loglevel log_file config_file
local _extra_param=""
eval_set_val $@
[ -z "$type" ] && {
@@ -332,22 +334,28 @@ run_v2ray() {
}
local buffer_size=$(config_t_get global_forwarding buffer_size)
[ -n "${buffer_size}" ] && _extra_param="${_extra_param} -buffer_size ${buffer_size}"
- case "$dns_proto" in
+ case "$remote_dns_protocol" in
tcp)
- local _dns_forward=$(get_first_dns dns_tcp_server 53 | sed 's/#/:/g')
- local _dns_address=$(echo ${_dns_forward} | awk -F ':' '{print $1}')
- _extra_param="${_extra_param} -dns_server ${_dns_address} -dns_tcp_server tcp://${_dns_forward}"
+ local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
+ local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
+ local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
+ _extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
;;
doh)
- local _doh_url=$(echo $doh | awk -F ',' '{print $1}')
- local _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
+ local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
+ local _doh_host_port=$(lua_api "get_domain_from_url(\"${_doh_url}\")")
+ #local _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
+ local is_ip=$(lua_api "is_ip(\"${_doh_host}\")")
local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
- local _doh_bootstrap=$(echo $doh | cut -d ',' -sf 2-)
- _extra_param="${_extra_param} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}"
+ [ -z "${_doh_port}" ] && _doh_port=443
+ local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
+ [ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
+ [ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
+ _extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;;
fakedns)
- _extra_param="${_extra_param} -dns_fakedns 1"
+ _extra_param="${_extra_param} -remote_dns_fake 1"
;;
esac
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
@@ -666,22 +674,21 @@ run_redir() {
[ -n "${_dns_client_ip}" ] && _v2ray_args="${_v2ray_args} dns_client_ip=${_dns_client_ip}"
[ "${DNS_CACHE}" == "0" ] && _v2ray_args="${_v2ray_args} dns_cache=0"
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
- _v2ray_args="${_v2ray_args} dns_proto=${v2ray_dns_mode}"
+ _v2ray_args="${_v2ray_args} remote_dns_protocol=${v2ray_dns_mode}"
_v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}"
case "$v2ray_dns_mode" in
tcp)
- _v2ray_args="${_v2ray_args} dns_tcp_server=${DNS_FORWARD}"
+ _v2ray_args="${_v2ray_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..."
;;
doh)
- up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
- _v2ray_args="${_v2ray_args} doh=${up_trust_doh}"
+ remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
+ _v2ray_args="${_v2ray_args} remote_dns_doh=${remote_dns_doh}"
echolog " - 域名解析 DNS Over HTTPS..."
;;
fakedns)
fakedns=1
CHINADNS_NG=0
- _v2ray_args="${_v2ray_args} dns_fakedns=1"
echolog " - 域名解析 Fake DNS..."
;;
esac
@@ -1078,7 +1085,7 @@ start_dns() {
case "$DNS_MODE" in
dns2socks)
local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) | sed "s/#/:/g")
- local dns2socks_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
+ local dns2socks_forward=$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')
run_dns2socks socks=$dns2socks_socks_server listen_address=127.0.0.1 listen_port=${dns_listen_port} dns=$dns2socks_forward cache=$DNS_CACHE
echolog " - 域名解析:dns2socks(127.0.0.1:${dns_listen_port}),${dns2socks_socks_server} -> ${dns2socks_forward}"
;;
@@ -1096,30 +1103,26 @@ start_dns() {
use_tcp_node_resolve_dns=1
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}"
- _v2ray_args="${_v2ray_args} dns_proto=${v2ray_dns_mode}"
+ _v2ray_args="${_v2ray_args} remote_dns_protocol=${v2ray_dns_mode}"
case "$v2ray_dns_mode" in
tcp)
- _v2ray_args="${_v2ray_args} dns_tcp_server=${DNS_FORWARD}"
+ _v2ray_args="${_v2ray_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..."
;;
doh)
- up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
- _v2ray_args="${_v2ray_args} doh=${up_trust_doh}"
+ remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
+ _v2ray_args="${_v2ray_args} remote_dns_doh=${remote_dns_doh}"
- _doh_url=$(echo $up_trust_doh | awk -F ',' '{print $1}')
- _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
- _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
- _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
- _doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-)
-
- DNS_FORWARD=""
- _doh_bootstrap_dns=$(echo $_doh_bootstrap | sed "s/,/ /g")
- for _dns in $_doh_bootstrap_dns; do
- _dns=$(echo $_dns | awk -F ':' '{print $1}'):${_doh_port:-443}
- [ -n "$DNS_FORWARD" ] && DNS_FORWARD=${DNS_FORWARD},${_dns} || DNS_FORWARD=${_dns}
- done
- unset _dns _doh_bootstrap_dns
- unset _doh_url _doh_port _doh_bootstrap
+ local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
+ local _doh_host_port=$(lua_api "get_domain_from_url(\"${_doh_url}\")")
+ local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
+ local _is_ip=$(lua_api "is_ip(\"${_doh_host}\")")
+ local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
+ [ -z "${_doh_port}" ] && _doh_port=443
+ local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
+ [ "${_is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
+ [ -n "${_doh_bootstrap}" ] && REMOTE_DNS=${_doh_bootstrap}:${_doh_port}
+ unset _doh_url _doh_host_port _doh_host _is_ip _doh_port _doh_bootstrap
echolog " - 域名解析 DNS Over HTTPS..."
;;
esac
@@ -1128,13 +1131,13 @@ start_dns() {
;;
pdnsd)
use_tcp_node_resolve_dns=1
- gen_pdnsd_config "${dns_listen_port}" "${DNS_FORWARD}" "${DNS_CACHE}"
+ gen_pdnsd_config "${dns_listen_port}" "${REMOTE_DNS}" "${DNS_CACHE}"
ln_run "$(first_type pdnsd)" pdnsd "/dev/null" --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d
echolog " - 域名解析:pdnsd + 使用(TCP节点)解析域名..."
;;
udp)
use_udp_node_resolve_dns=1
- TUN_DNS="$(echo ${DNS_FORWARD} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
+ TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
echolog " - 域名解析:使用UDP协议请求DNS($TUN_DNS)..."
;;
esac
@@ -1484,8 +1487,8 @@ gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${L
DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
DNS_MODE=$(config_t_get global dns_mode pdnsd)
-DNS_FORWARD=$(config_t_get global dns_forward 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_CACHE=$(config_t_get global dns_cache 0)
+REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
CHINADNS_NG=$(config_t_get global chinadns_ng 0)
filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0)
dns_listen_port=${DNS_PORT}
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 1dc40ea55..01ade2196 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -271,7 +271,7 @@ load_acl() {
dnsmasq_port=11400
echolog "访问控制:"
for item in $items; do
- local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip
+ local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@@ -306,9 +306,9 @@ load_acl() {
tcp_node=${tcp_node:-default}
udp_node=${udp_node:-default}
dns_mode=${dns_mode:-dns2socks}
- dns_forward=${dns_forward:-1.1.1.1}
+ remote_dns=${remote_dns:-1.1.1.1}
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
- [ "$v2ray_dns_mode" = "doh" ] && dns_forward=${dns_doh:-https://cloudflare-dns.com/dns-query,1.1.1.1}
+ [ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
}
[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
@@ -331,12 +331,12 @@ load_acl() {
dns_port=$(get_new_port $(expr $dns_port + 1))
_dns_port=$dns_port
if [ "$dns_mode" = "dns2socks" ]; then
- run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$dns_forward cache=1
+ run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$remote_dns cache=1
elif [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ]; then
config_file=$TMP_ACL_PATH/${tcp_node}_SOCKS_${socks_port}_DNS.json
- run_v2ray flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh="${dns_forward}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file
+ run_v2ray flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file
fi
- eval node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)=${_dns_port}
+ eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
}
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
@@ -349,7 +349,7 @@ load_acl() {
echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
source $APP_PATH/helper_${DNS_N}.sh add FLAG=${sid} DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
- eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
+ eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
}
if [ "$tcp_node" = "$TCP_NODE" ]; then
tcp_port=$TCP_REDIR_PORT
@@ -359,9 +359,9 @@ load_acl() {
if [ -n "${_socks_port}" ] && [ -n "${_redir_port}" ]; then
socks_port=${_socks_port}
tcp_port=${_redir_port}
- _dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)})
+ _dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)})
if [ -z "${_dnsmasq_port}" ]; then
- _dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)})
+ _dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)})
run_dns ${_dns_port}
else
redirect_dns_port=${_dnsmasq_port}
@@ -382,7 +382,7 @@ load_acl() {
config_file=$(echo $config_file | sed "s/SOCKS_${socks_port}/DNS/g")
dns_port=$(get_new_port $(expr $dns_port + 1))
_dns_port=$dns_port
- _extra_param="dns_listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh=${dns_forward} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
+ _extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
fi
config_file="$TMP_PATH/$config_file"
run_v2ray flag=$tcp_node node=$tcp_node tcp_redir_port=$redir_port ${_extra_param} config_file=$config_file
@@ -585,7 +585,7 @@ load_acl() {
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
done
- unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip
+ unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
unset ipt_tmp msg msg2
unset redirect_dns_port
@@ -1074,7 +1074,7 @@ add_firewall_rule() {
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 TCP 转发链"
}
- [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
+ [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
@@ -1175,7 +1175,7 @@ add_firewall_rule() {
$ipt_m -I PSW $(comment "本机") -p udp -i lo -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT TPROXY)
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链"
}
- [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
+ [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN