luci-app-passwall: sync upstream

last commit: bb333cbe1e
2024-09-03 23:00:10 +08:00 · 2024-09-03 23:00:10 +08:00 · cd1765ab17
commit cd1765ab17
parent 7e10e34ee1
4 changed files with 80 additions and 20 deletions
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@ -7,6 +7,7 @@ local has_xray = api.finded_com("xray")
 local has_gfwlist = api.fs.access("/usr/share/passwall/rules/gfwlist")
 local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
 local has_chnroute = api.fs.access("/usr/share/passwall/rules/chnroute")
+local chinadns_tls = os.execute("chinadns-ng -V | grep -i wolfssl >/dev/null")

 m = Map(appname)

@ -63,8 +64,8 @@ uci:foreach(appname, "socks", function(s)
 end)

 local doh_validate = function(self, value, t)
+	value = value:gsub("%s+", "")
 	if value ~= "" then
-		value = api.trim(value)
 		local flag = 0
 		local util = require "luci.util"
 		local val = util.split(value, ",")
@ -103,8 +104,8 @@ local chinadns_dot_validate = function(self, value, t)
 		end
 		return true
 	end
+	value = value:gsub("%s+", "")
 	if value ~= "" then
-		value = api.trim(value)
 		if isValidDoTString(value) then
 			return value
 		end
@ -298,7 +299,7 @@ o.default = ""
 o:value("", translate("Auto"))
 o:value("udp", translatef("Requery DNS By %s", "UDP"))
 o:value("tcp", translatef("Requery DNS By %s", "TCP"))
-if os.execute("chinadns-ng -V | grep -i wolfssl >/dev/null") == 0 then
+if chinadns_tls == 0 then
 	o:value("dot", translatef("Requery DNS By %s", "DoT"))
 end
 --TO DO
@ -326,7 +327,7 @@ o:value("180.184.1.1")
 o:value("180.184.2.2")
 o:depends("direct_dns_mode", "tcp")

-o = s:taboption("DNS", Value, "direct_dns_dot", translate("Direct DNS"))
+o = s:taboption("DNS", Value, "direct_dns_dot", translate("Direct DNS DoT"))
 o.default = "tls://dot.pub@1.12.12.12"
 o:value("tls://dot.pub@1.12.12.12")
 o:value("tls://dot.pub@120.53.53.53")
@ -344,6 +345,9 @@ o.default = "0"
 dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
 dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
 dns_mode:value("tcp", translatef("Requery DNS By %s", "TCP"))
+if chinadns_tls == 0 then
+	dns_mode:value("dot", translatef("Requery DNS By %s", "DoT"))
+end
 if api.is_finded("dns2socks") then
 	dns_mode:value("dns2socks", "dns2socks")
 end
@ -399,8 +403,8 @@ o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
 o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
 o:value("8.8.4.4", "8.8.4.4 (Google)")
 o:value("8.8.8.8", "8.8.8.8 (Google)")
-o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
-o:value("149.112.112.112", "149.112.112.112 (Quad9-Recommended)")
+o:value("9.9.9.9", "9.9.9.9 (Quad9)")
+o:value("149.112.112.112", "149.112.112.112 (Quad9)")
 o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
 o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
 if nixio.fs.access("/usr/share/mosdns/mosdns.sh") then
@ -416,19 +420,35 @@ o:depends({xray_dns_mode = "tcp"})
 o:depends({xray_dns_mode = "tcp+doh"})
 o:depends({singbox_dns_mode = "tcp"})

+---- DoT
+o = s:taboption("DNS", Value, "remote_dns_dot", translate("Remote DNS DoT"))
+o.default = "tls://dns.google@8.8.4.4"
+o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.0.0.1", "1.0.0.1 (CloudFlare)")
+o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.1.1.1", "1.1.1.1 (CloudFlare)")
+o:value("tls://dns.google@8.8.4.4", "8.8.4.4 (Google)")
+o:value("tls://dns.google@8.8.8.8", "8.8.8.8 (Google)")
+o:value("tls://dns.quad9.net@9.9.9.9", "9.9.9.9 (Quad9)")
+o:value("tls://dns.quad9.net@149.112.112.112", "149.112.112.112 (Quad9)")
+o:value("tls://dns.adguard.com@94.140.14.14", "94.140.14.14 (AdGuard)")
+o:value("tls://dns.adguard.com@94.140.15.15", "94.140.15.15 (AdGuard)")
+o:value("tls://dns.opendns.com@208.67.222.222", "208.67.222.222 (OpenDNS)")
+o:value("tls://dns.opendns.com@208.67.220.220", "208.67.220.220 (OpenDNS)")
+o.validate = chinadns_dot_validate
+o:depends("dns_mode", "dot")
+
 ---- DoH
 o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
 o.default = "https://1.1.1.1/dns-query"
-o:value("https://1.1.1.1/dns-query", "CloudFlare")
-o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
-o:value("https://8.8.4.4/dns-query", "Google 8844")
-o:value("https://8.8.8.8/dns-query", "Google 8888")
-o:value("https://9.9.9.9/dns-query", "Quad9-Recommended 9.9.9.9")
-o:value("https://149.112.112.112/dns-query", "Quad9-Recommended 149.112.112.112")
-o:value("https://208.67.222.222/dns-query", "OpenDNS")
-o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
-o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
-o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
+o:value("https://1.1.1.1/dns-query", "1.1.1.1 (CloudFlare)")
+o:value("https://1.1.1.2/dns-query", "1.1.1.2 (CloudFlare-Security)")
+o:value("https://8.8.4.4/dns-query", "8.8.4.4 (Google)")
+o:value("https://8.8.8.8/dns-query", "8.8.8.8 (Google)")
+o:value("https://9.9.9.9/dns-query", "9.9.9.9 (Quad9)")
+o:value("https://149.112.112.112/dns-query", "149.112.112.112 (Quad9)")
+o:value("https://208.67.222.222/dns-query", "208.67.222.222 (OpenDNS)")
+o:value("https://dns.adguard.com/dns-query,94.140.14.14", "94.140.14.14 (AdGuard)")
+o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "116.202.176.26 (LibreDNS)")
+o:value("https://doh.libredns.gr/ads,116.202.176.26", "116.202.176.26 (LibreDNS-NoAds)")
 o.validate = doh_validate
 o:depends({xray_dns_mode = "tcp+doh"})
 o:depends({singbox_dns_mode = "doh"})
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@ -124,6 +124,9 @@ msgstr "TCP 节点必须是 '%s' 类型才能使用 FakeDNS。"
 msgid "Direct DNS"
 msgstr "直连 DNS"

+msgid "Direct DNS DoT"
+msgstr "直连 DNS DoT"
+
 msgid "Remote DNS"
 msgstr "远程 DNS"

@ -154,6 +157,9 @@ msgstr "请求协议"
 msgid "Remote DNS DoH"
 msgstr "远程 DNS DoH"

+msgid "Remote DNS DoT"
+msgstr "远程 DNS DoT"
+
 msgid "Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address)."
 msgstr "用于 DNS 查询时通知 DNS 服务器，客户端所在的地理位置（不能是私有 IP 地址）。"

--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -1370,6 +1370,7 @@ stop_crontab() {
 start_dns() {
 	echolog "DNS域名解析："

+	local chinadns_tls=$(chinadns-ng -V | grep -i wolfssl)
 	local china_ng_local_dns=$(IFS=','; set -- $LOCAL_DNS; [ "${1%%[#:]*}" = "127.0.0.1" ] && echo "$1" || ([ -n "$2" ] && echo "$1,$2" || echo "$1"))
 	local sing_box_local_dns=
 	local direct_dns_mode=$(config_t_get global direct_dns_mode "auto")
@ -1392,7 +1393,7 @@ start_dns() {
 			echolog "  * 请确保上游直连 DNS 支持 TCP 查询。"
 		;;
 		dot)
-			if [ "$(chinadns-ng -V | grep -i wolfssl)" != "nil" ]; then
+			if [ "$chinadns_tls" != "nil" ]; then
 				LOCAL_DNS="127.0.0.1#${dns_listen_port}"
 				local cdns_listen_port=${dns_listen_port}
 				dns_listen_port=$(expr $dns_listen_port + 1)
@ -1489,6 +1490,39 @@ start_dns() {
 			run_xray ${_args}
 		}
 	;;
+	dot)
+		use_tcp_node_resolve_dns=1
+		if [ "$chinadns_tls" != "nil" ]; then
+			if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
+				local china_ng_listen_port=${dns_listen_port}
+				local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4")
+				local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
+				local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
+				REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}"
+			else
+				local china_ng_listen_port=${dns_listen_port}
+				local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4")
+				ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw
+				echolog "  - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}"
+
+				local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
+				local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
+				REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}"
+			fi
+		else
+			echolog "  - 你的ChinaDNS-NG版本不支持DoT，远程DNS将默认使用tcp://1.1.1.1"
+
+			if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
+				local china_ng_listen_port=${dns_listen_port}
+				local china_ng_trust_dns="tcp://1.1.1.1"
+				REMOTE_DNS="1.1.1.1"
+			else
+				REMOTE_DNS="1.1.1.1"
+				ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${TUN_DNS}" -R "$(get_first_dns REMOTE_DNS 53)" -v
+				echolog "  - dns2tcp(${TUN_DNS}) -> tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')"
+			fi
+		fi
+	;;
 	udp)
 		use_udp_node_resolve_dns=1
 		if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
--- a/patch-luci-app-passwall.patch
+++ b/patch-luci-app-passwall.patch
@ -24,11 +24,11 @@ index 03006a6..f384bbc 100644
 	if code ~= 0 then
 		local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
 diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-index 806095f..fe5fa30 100644
+index 4f8f1b9..070ed38 100644
 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
 +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-@@ -403,6 +403,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
- o:value("149.112.112.112", "149.112.112.112 (Quad9-Recommended)")
+@@ -407,6 +407,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")
+ o:value("149.112.112.112", "149.112.112.112 (Quad9)")
 o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
 o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
 +if nixio.fs.access("/usr/share/mosdns/mosdns.sh") then