zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync upstream

Browse Source
This commit is contained in:
actions 2024-04-20 18:00:05 +08:00
parent 149bd66b4b
commit c72707a190
8 changed files with 137 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-passwall/Makefile
View File

@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.77-2 PKG_VERSION:=4.77-3
PKG_RELEASE:= PKG_RELEASE:=
PKG_CONFIG_DEPENDS:= \ PKG_CONFIG_DEPENDS:= \

26
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -362,32 +362,32 @@ if has_singbox or has_xray then
end end
if api.is_finded("chinadns-ng") then if api.is_finded("chinadns-ng") then
o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory.")) o = s:option(Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend."))
o.default = "0" o.default = "0"
o:depends({ use_gfw_list = true }) o:depends({ dns_mode = "", ['!reverse'] = true })
o:depends({ chn_list = "direct" })
o = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag")) o = s:option(ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
o.default = "smart" o.default = "none"
o:value("smart", translate("Smart DNS")) o:value("none", translate("Default"))
o:value("gfw", translate("Remote DNS")) o:value("gfw", translate("Remote DNS"))
o:value("chn", translate("Direct DNS")) o:value("chn", translate("Direct DNS"))
o.description = "<ul>" o.description = "<ul>"
.. "<li>" .. translate("Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result") .. "</li>" .. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>" .. "<li>" .. translate("Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result.") .. "</li>"
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>" .. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
.. "</ul>" .. "</ul>"
o:depends("chinadns_ng", true) o:depends({chinadns_ng = true, chn_list = "direct"})
end end
o = s:option(ListValue, "use_default_dns", translate("Default DNS")) o = s:option(ListValue, "use_default_dns", translate("Default DNS"))
o.default = "direct" o.default = "direct"
o:value("remote", translate("Remote DNS")) o:value("remote", translate("Remote DNS"))
o:value("direct", translate("Direct DNS")) o:value("direct", translate("Direct DNS"))
o.description = translate("The default DNS used when not in the domain name rules list.") o.description = "<ul>"
.. "<ul>" .. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>" .. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>" .. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
.. "</ul>" .. "</ul>"
local _depends = {tcp_proxy_mode = "proxy"} local _depends = {tcp_proxy_mode = "proxy"}
if api.is_finded("chinadns-ng") then if api.is_finded("chinadns-ng") then

32
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -388,32 +388,32 @@ o:depends({dns_mode = "xray"})
o.rmempty = false o.rmempty = false
if api.is_finded("chinadns-ng") then if api.is_finded("chinadns-ng") then
o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory.")) o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend."))
o.default = "0" o.default = "0"
o:depends({remote_fakedns = false, use_gfw_list = true}) o:depends({remote_fakedns = false})
o:depends({remote_fakedns = false, chn_list = "direct"})
o = s:taboption("DNS", ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag")) o = s:taboption("DNS", ListValue, "chinadns_ng_default_tag", translate("ChinaDNS-NG Domain Default Tag"))
o.default = "smart" o.default = "none"
o:value("smart", translate("Smart DNS")) o:value("none", translate("Default"))
o:value("gfw", translate("Remote DNS")) o:value("gfw", translate("Remote DNS"))
o:value("chn", translate("Direct DNS")) o:value("chn", translate("Direct DNS"))
o.description = "<ul>" o.description = "<ul>"
.. "<li>" .. translate("Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result") .. "</li>" .. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>" .. "<li>" .. translate("Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result.") .. "</li>"
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>" .. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
.. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
.. "</ul>" .. "</ul>"
o:depends("chinadns_ng", true) o:depends({chinadns_ng = true, chn_list = "direct"})
end end
o = s:taboption("DNS", ListValue, "use_default_dns", translate("Default DNS")) o = s:taboption("DNS", ListValue, "use_default_dns", translate("Default DNS"))
o.default = "direct" o.default = "direct"
o:value("remote", translate("Remote DNS")) o:value("remote", translate("Remote DNS"))
o:value("direct", translate("Direct DNS")) o:value("direct", translate("Direct DNS"))
o.description = translate("The default DNS used when not in the domain name rules list.") o.description = "<ul>"
.. "<ul>" .. "<li>" .. translate("When not matching any domain name list:") .. "</li>"
.. "<li>" .. translate("Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>" .. "<li>" .. translate("Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!") .. "</li>"
.. "<li>" .. translate("Direct DNS Internet experience may be better, but DNS will be leaked!") .. "</li>" .. "<li>" .. translate("Direct DNS: Internet experience may be better, but DNS will be leaked!") .. "</li>"
.. "</ul>" .. "</ul>"
local _depends = {tcp_proxy_mode = "proxy"} local _depends = {tcp_proxy_mode = "proxy"}
if api.is_finded("chinadns-ng") then if api.is_finded("chinadns-ng") then
@ -482,10 +482,12 @@ o.cfgvalue = function(t, n)
end end
s:tab("log", translate("Log")) s:tab("log", translate("Log"))
o = s:taboption("log", Flag, "close_log_tcp", translatef("%s Node Log Close", "TCP")) o = s:taboption("log", Flag, "log_tcp", translate("Enable") .. " " .. translatef("%s Node Log", "TCP"))
o.default = "1"
o.rmempty = false o.rmempty = false
o = s:taboption("log", Flag, "close_log_udp", translatef("%s Node Log Close", "UDP")) o = s:taboption("log", Flag, "log_udp", translate("Enable") .. " " .. translatef("%s Node Log", "UDP"))
o.default = "1"
o.rmempty = false o.rmempty = false
loglevel = s:taboption("log", ListValue, "loglevel", "Sing-Box/Xray " .. translate("Log Level")) loglevel = s:taboption("log", ListValue, "loglevel", "Sing-Box/Xray " .. translate("Log Level"))

23
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -157,29 +157,26 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位
msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)." msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
msgstr "此功能需要 DNS 服务器支持 EDNS Client SubnetRFC7871。" msgstr "此功能需要 DNS 服务器支持 EDNS Client SubnetRFC7871。"
msgid "The effect is better, but will increase the memory." msgid "The effect is better, recommend."
msgstr "效果更好,但会增加内存使用。" msgstr "效果更好,推荐使用。"
msgid "Default DNS" msgid "Default DNS"
msgstr "默认DNS" msgstr "默认DNS"
msgid "The default DNS used when not in the domain name rules list." msgid "When not matching any domain name list:"
msgstr "当域名不在规则列表中时使用的默认DNS。" msgstr "当不匹配任何域名列表时:"
msgid "Remote DNS can avoid more DNS leaks, but some domestic domain names maybe to proxy!" msgid "Remote DNS: Can avoid more DNS leaks, but some domestic domain names maybe to proxy!"
msgstr "远程DNS可以避免更多的DNS泄露但会导致规则列表外的某些国内域名可能会走代理" msgstr "远程DNS可以避免更多的DNS泄露但会导致规则列表外的某些国内域名可能会走代理"
msgid "Direct DNS Internet experience may be better, but DNS will be leaked!" msgid "Direct DNS: Internet experience may be better, but DNS will be leaked!"
msgstr "直连DNS上网体验可能会更佳但是会泄露DNS" msgstr "直连DNS上网体验可能会更佳但是会泄露DNS"
msgid "ChinaDNS-NG Domain Default Tag" msgid "ChinaDNS-NG Domain Default Tag"
msgstr "ChinaDNS-NG 域名默认标签" msgstr "ChinaDNS-NG 域名默认标签"
msgid "Smart DNS" msgid "Default: Forward to both direct and remote DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result."
msgstr "智能 DNS" msgstr "默认同时转发给直连和远程DNS如果直连DNS解析结果是大陆ip则使用直连结果否则使用远程结果。"
msgid "Forward to both remote and direct DNS, if the direct DNS resolution result is a mainland China ip, then use the direct result, otherwise use the remote result"
msgstr "同时转发给远程和直连DNS如果直连DNS解析结果是大陆ip则使用直连结果否则使用远程结果"
msgid "Filter Proxy Host IPv6" msgid "Filter Proxy Host IPv6"
msgstr "过滤代理域名 IPv6" msgstr "过滤代理域名 IPv6"

6
luci-app-passwall/root/usr/share/passwall/0_default_config
View File

@ -10,7 +10,7 @@ config global
option remote_dns '1.1.1.1' option remote_dns '1.1.1.1'
option use_default_dns 'direct' option use_default_dns 'direct'
option chinadns_ng '1' option chinadns_ng '1'
option chinadns_ng_default_tag 'smart' option chinadns_ng_default_tag 'none'
option use_direct_list '1' option use_direct_list '1'
option use_proxy_list '1' option use_proxy_list '1'
option use_block_list '1' option use_block_list '1'
@ -21,8 +21,8 @@ config global
option localhost_proxy '1' option localhost_proxy '1'
option client_proxy '1' option client_proxy '1'
option acl_enable '0' option acl_enable '0'
option close_log_tcp '0' option log_tcp '1'
option close_log_udp '0' option log_udp '1'
option loglevel 'error' option loglevel 'error'
option trojan_loglevel '4' option trojan_loglevel '4'

6
luci-app-passwall/root/usr/share/passwall/0_default_config.orig
View File

@ -10,7 +10,7 @@ config global
option remote_dns '1.1.1.1' option remote_dns '1.1.1.1'
option use_default_dns 'direct' option use_default_dns 'direct'
option chinadns_ng '1' option chinadns_ng '1'
option chinadns_ng_default_tag 'smart' option chinadns_ng_default_tag 'none'
option use_direct_list '1' option use_direct_list '1'
option use_proxy_list '1' option use_proxy_list '1'
option use_block_list '1' option use_block_list '1'
@ -21,8 +21,8 @@ config global
option localhost_proxy '1' option localhost_proxy '1'
option client_proxy '1' option client_proxy '1'
option acl_enable '0' option acl_enable '0'
option close_log_tcp '0' option log_tcp '1'
option close_log_udp '0' option log_udp '1'
option loglevel 'error' option loglevel 'error'
option trojan_loglevel '4' option trojan_loglevel '4'

132
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -483,7 +483,7 @@ run_dns2socks() {
} }
run_chinadns_ng() { run_chinadns_ng() {
local _flag _listen_port _dns_china _dns_trust _use_direct_list _use_proxy_list _chnlist _gfwlist _no_ipv6_dns local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag
eval_set_val $@ eval_set_val $@
local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf
@ -494,7 +494,7 @@ run_chinadns_ng() {
verbose verbose
bind-addr 127.0.0.1 bind-addr 127.0.0.1
bind-port ${_listen_port}@udp bind-port ${_listen_port}@udp
china-dns ${_dns_china} china-dns ${_dns_local}
trust-dns udp://${_dns_trust} trust-dns udp://${_dns_trust}
filter-qtype 65 filter-qtype 65
EOF EOF
@ -509,10 +509,9 @@ run_chinadns_ng() {
cat <<-EOF >> ${_CONF_FILE} cat <<-EOF >> ${_CONF_FILE}
group directlist group directlist
group-dnl ${RULES_PATH}/direct_host group-dnl ${RULES_PATH}/direct_host
group-upstream ${_dns_china} group-upstream ${_dns_local}
group-ipset ${whitelist4_set},${whitelist6_set} group-ipset ${whitelist4_set},${whitelist6_set}
EOF EOF
[ "${_no_ipv6_dns}" = "china" ] && echo "no-ipv6 tag:directlist" >> ${_CONF_FILE}
} }
[ "${_use_proxy_list}" = "1" ] && [ -s "${RULES_PATH}/proxy_host" ] && { [ "${_use_proxy_list}" = "1" ] && [ -s "${RULES_PATH}/proxy_host" ] && {
@ -528,30 +527,10 @@ run_chinadns_ng() {
group-upstream udp://${_dns_trust} group-upstream udp://${_dns_trust}
group-ipset ${blacklist4_set},${blacklist6_set} group-ipset ${blacklist4_set},${blacklist6_set}
EOF EOF
[ "${_no_ipv6_dns}" = "trust" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE} [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE}
} }
local _default_tag=$(config_t_get global chinadns_ng_default_tag smart) [ "${_gfwlist}" = "1" ] && [ -s "${RULES_PATH}/gfwlist" ] && {
[ "${_chnlist}" = "direct" ] && {
[ -s "${RULES_PATH}/chnlist" ] && {
local chnroute4_set="passwall_chnroute"
local chnroute6_set="passwall_chnroute6"
[ "$nftflag" = "1" ] && {
chnroute4_set="inet@fw4@${chnroute4_set}"
chnroute6_set="inet@fw4@${chnroute6_set}"
}
cat <<-EOF >> ${_CONF_FILE}
chnlist-file ${RULES_PATH}/chnlist
ipset-name4 ${chnroute4_set}
ipset-name6 ${chnroute6_set}
add-tagchn-ip
chnlist-first
EOF
[ "${_no_ipv6_dns}" = "china" ] && echo "no-ipv6 tag:chn" >> ${_CONF_FILE}
}
}
[ "${_gfwlist}" = "1" ] && {
[ -s "${RULES_PATH}/gfwlist" ] && {
local gfwlist4_set="passwall_gfwlist" local gfwlist4_set="passwall_gfwlist"
local gfwlist6_set="passwall_gfwlist6" local gfwlist6_set="passwall_gfwlist6"
[ "$nftflag" = "1" ] && { [ "$nftflag" = "1" ] && {
@ -562,13 +541,51 @@ run_chinadns_ng() {
gfwlist-file ${RULES_PATH}/gfwlist gfwlist-file ${RULES_PATH}/gfwlist
add-taggfw-ip ${gfwlist4_set},${gfwlist6_set} add-taggfw-ip ${gfwlist4_set},${gfwlist6_set}
EOF EOF
[ "${_no_ipv6_dns}" = "trust" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE} [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE}
#当只有使用gfwlist模式时设置默认DNS为本地直连 }
[ "${_chnlist}" = "0" ] && _default_tag="chn"
[ "${_chnlist}" != "0" ] && [ -s "${RULES_PATH}/chnlist" ] && {
local chnroute4_set="passwall_chnroute"
local chnroute6_set="passwall_chnroute6"
[ "$nftflag" = "1" ] && {
chnroute4_set="inet@fw4@${chnroute4_set}"
chnroute6_set="inet@fw4@${chnroute6_set}"
}
[ "${_chnlist}" = "direct" ] && {
cat <<-EOF >> ${_CONF_FILE}
chnlist-file ${RULES_PATH}/chnlist
ipset-name4 ${chnroute4_set}
ipset-name6 ${chnroute6_set}
add-tagchn-ip
chnlist-first
EOF
}
#回中国模式
[ "${_chnlist}" = "proxy" ] && {
cat <<-EOF >> ${_CONF_FILE}
group chn_proxy
group-dnl ${RULES_PATH}/chnlist
group-upstream udp://${_dns_trust}
group-ipset ${chnroute4_set},${chnroute6_set}
EOF
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE}
} }
} }
[ -n "$_default_tag" ] && [ "$_default_tag" != "smart" ] && echo "default-tag ${_default_tag}" >> ${_CONF_FILE} #只使用gfwlist模式GFW列表以外的域名及默认使用本地DNS
[ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn"
#回中国模式中国列表以外的域名及默认使用本地DNS
[ "${_chnlist}" = "proxy" ] && _default_tag="chn"
#全局模式默认使用远程DNS
[ "${_default_mode}" = "proxy" ] && [ "${_chnlist}" = "0" ] && [ "${_gfwlist}" = "0" ] && {
_default_tag="gfw"
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6" >> ${_CONF_FILE}
}
([ -z "${_default_tag}" ] || [ "${_default_tag}" = "smart" ]) && _default_tag="none"
echo "default-tag ${_default_tag}" >> ${_CONF_FILE}
ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE} ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE}
} }
@ -734,8 +751,8 @@ run_redir() {
local proto=$(echo $proto | tr 'A-Z' 'a-z') local proto=$(echo $proto | tr 'A-Z' 'a-z')
local PROTO=$(echo $proto | tr 'a-z' 'A-Z') local PROTO=$(echo $proto | tr 'a-z' 'A-Z')
local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z') local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
local close_log=$(config_t_get global close_log_${proto} 1) local enable_log=$(config_t_get global log_${proto} 1)
[ "$close_log" = "1" ] && log_file="/dev/null" [ "$enable_log" != "1" ] && log_file="/dev/null"
local remarks=$(config_n_get $node remarks) local remarks=$(config_n_get $node remarks)
local server_host=$(config_n_get $node address) local server_host=$(config_n_get $node address)
local port=$(config_n_get $node port) local port=$(config_n_get $node port)
@ -1303,25 +1320,25 @@ start_dns() {
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!" [ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!" [ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${CHN_LIST}" = "direct" ] || [ "${USE_GFW_LIST}" = "1" ]) && { [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && {
[ "$FILTER_PROXY_IPV6" = "1" ] && { [ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0
local _no_ipv6_dns="trust"
DNSMASQ_FILTER_PROXY_IPV6=0
}
local china_ng_listen_port=$(expr $dns_listen_port + 1) local china_ng_listen_port=$(expr $dns_listen_port + 1)
local china_ng_listen="127.0.0.1#${china_ng_listen_port}" local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
run_chinadns_ng \ run_chinadns_ng \
_flag="default" \ _flag="default" \
_listen_port=${china_ng_listen_port} \ _listen_port=${china_ng_listen_port} \
_dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ _dns_local=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
_dns_trust="${TUN_DNS}" \ _dns_trust=${TUN_DNS} \
_use_direct_list="${USE_DIRECT_LIST}" \ _no_ipv6_trust=${FILTER_PROXY_IPV6} \
_use_proxy_list="${USE_PROXY_LIST}" \ _use_direct_list=${USE_DIRECT_LIST} \
_chnlist="${CHN_LIST}" \ _use_proxy_list=${USE_PROXY_LIST} \
_gfwlist="${USE_GFW_LIST}" \ _gfwlist=${USE_GFW_LIST} \
_no_ipv6_dns="${_no_ipv6_dns}" _chnlist=${CHN_LIST} \
_default_mode=${TCP_PROXY_MODE} \
_default_tag=$(config_t_get global chinadns_ng_default_tag smart)
echolog " - ChinaDNS-NG(127.0.0.1#${china_ng_listen_port})国内DNS$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")可信DNS${TUN_DNS}" echolog " - ChinaDNS-NG(127.0.0.1#${china_ng_listen_port})直连DNS$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")可信DNS${TUN_DNS}"
USE_DEFAULT_DNS="chinadns_ng" USE_DEFAULT_DNS="chinadns_ng"
} }
@ -1335,7 +1352,7 @@ start_dns() {
-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \ -DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
-TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \ -TUN_DNS ${TUN_DNS} -REMOTE_FAKEDNS ${fakedns:-0} -USE_DEFAULT_DNS "${USE_DEFAULT_DNS:-direct}" -CHINADNS_DNS ${china_ng_listen:-0} \
-USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \ -USE_DIRECT_LIST "${USE_DIRECT_LIST}" -USE_PROXY_LIST "${USE_PROXY_LIST}" -USE_BLOCK_LIST "${USE_BLOCK_LIST}" -USE_GFW_LIST "${USE_GFW_LIST}" -CHN_LIST "${CHN_LIST}" \
-TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE "${TCP_PROXY_MODE}" -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \ -TCP_NODE ${TCP_NODE} -DEFAULT_PROXY_MODE ${TCP_PROXY_MODE} -NO_PROXY_IPV6 ${DNSMASQ_FILTER_PROXY_IPV6:-0} -NFTFLAG ${nftflag:-0} \
-NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0}
} }
@ -1471,24 +1488,23 @@ acl_app() {
eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port} eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
} }
[ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && ([ "${chn_list}" = "direct" ] || [ "${use_gfw_list}" = "1" ]) && { [ "$chinadns_ng" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && {
[ "$filter_proxy_ipv6" = "1" ] && { [ "$filter_proxy_ipv6" = "1" ] && dnsmasq_filter_proxy_ipv6=0
local _no_ipv6_dns="trust"
dnsmasq_filter_proxy_ipv6=0
}
chinadns_port=$(expr $chinadns_port + 1) chinadns_port=$(expr $chinadns_port + 1)
_china_ng_listen="127.0.0.1#${chinadns_port}" _china_ng_listen="127.0.0.1#${chinadns_port}"
run_chinadns_ng \ run_chinadns_ng \
_flag="$sid" \ _flag="$sid" \
_listen_port=${chinadns_port} \ _listen_port=${chinadns_port} \
_dns_china=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \ _dns_local=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
_dns_trust="127.0.0.1#${_dns_port}" \ _dns_trust=127.0.0.1#${_dns_port} \
_use_direct_list="${use_direct_list}" \ _no_ipv6_trust=${filter_proxy_ipv6} \
_use_proxy_list="${use_proxy_list}" \ _use_direct_list=${use_direct_list} \
_chnlist=${chn_list} \ _use_proxy_list=${use_proxy_list} \
_gfwlist=${use_gfw_list} \ _gfwlist=${use_gfw_list} \
_no_ipv6_dns="${_no_ipv6_dns}" _chnlist=${chn_list} \
_default_mode=${tcp_proxy_mode} \
_default_tag=${chinadns_ng_default_tag:-smart}
use_default_dns="chinadns_ng" use_default_dns="chinadns_ng"
} }
@ -1628,7 +1644,7 @@ acl_app() {
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_dns _china_ng_extra_param dnsmasq_filter_proxy_ipv6 unset _china_ng_listen chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6
unset redirect_dns_port unset redirect_dns_port
done done
unset socks_port redir_port dns_port dnsmasq_port chinadns_port unset socks_port redir_port dns_port dnsmasq_port chinadns_port

18
luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
View File

@ -162,8 +162,6 @@ if cache_text ~= new_text then
api.remove(CACHE_DNS_PATH .. "*") api.remove(CACHE_DNS_PATH .. "*")
end end
local only_global
local dnsmasq_default_dns local dnsmasq_default_dns
if USE_DEFAULT_DNS ~= "nil" then if USE_DEFAULT_DNS ~= "nil" then
if USE_DEFAULT_DNS == "direct" then if USE_DEFAULT_DNS == "direct" then
@ -175,16 +173,17 @@ if USE_DEFAULT_DNS ~= "nil" then
if USE_DEFAULT_DNS == "remote" and CHN_LIST == "direct" then if USE_DEFAULT_DNS == "remote" and CHN_LIST == "direct" then
dnsmasq_default_dns = TUN_DNS dnsmasq_default_dns = TUN_DNS
end end
if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" and (CHN_LIST == "direct" or USE_GFW_LIST == "1") then
dnsmasq_default_dns = CHINADNS_DNS
end
end end
local only_global
if DEFAULT_PROXY_MODE == "proxy" and CHN_LIST == "0" and USE_GFW_LIST == "0" then if DEFAULT_PROXY_MODE == "proxy" and CHN_LIST == "0" and USE_GFW_LIST == "0" then
--没有启用中国列表和GFW列表时 --没有启用中国列表和GFW列表时
dnsmasq_default_dns = TUN_DNS dnsmasq_default_dns = TUN_DNS
only_global = 1 only_global = 1
end end
if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
dnsmasq_default_dns = CHINADNS_DNS
end
local setflag_4= (NFTFLAG == "1") and "4#inet#fw4#" or "" local setflag_4= (NFTFLAG == "1") and "4#inet#fw4#" or ""
local setflag_6= (NFTFLAG == "1") and "6#inet#fw4#" or "" local setflag_6= (NFTFLAG == "1") and "6#inet#fw4#" or ""
@ -304,15 +303,16 @@ if not fs.access(CACHE_DNS_PATH) then
--中国列表 --中国列表
if CHN_LIST ~= "0" then if CHN_LIST ~= "0" then
if fs.access("/usr/share/passwall/rules/chnlist") then if fs.access("/usr/share/passwall/rules/chnlist") then
fwd_dns = LOCAL_DNS
if CHN_LIST == "direct" then
if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
fwd_dns = nil fwd_dns = nil
end if CHN_LIST == "direct" then
fwd_dns = LOCAL_DNS
end end
if CHN_LIST == "proxy" then if CHN_LIST == "proxy" then
fwd_dns = TUN_DNS fwd_dns = TUN_DNS
end end
if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
fwd_dns = nil
end
if fwd_dns then if fwd_dns then
local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6" local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
if CHN_LIST == "proxy" then if CHN_LIST == "proxy" then