From d34ba69307a0da8f82b7216425ff5c34293081b3 Mon Sep 17 00:00:00 2001 From: gitea-action Date: Thu, 12 Dec 2024 01:30:24 +0800 Subject: [PATCH] luci-app-passwall2: sync upstream last commit: https://github.com/xiaorouji/openwrt-passwall2/commit/5867ddde3b33b89fc970a3dce4dcc3fe3b31fd80 --- luci-app-passwall2/Makefile | 4 +- .../root/usr/share/passwall2/app.sh | 51 ++++++++++++++++--- 2 files changed, 48 insertions(+), 7 deletions(-) diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile index a1a23df08..19aacfb96 100644 --- a/luci-app-passwall2/Makefile +++ b/luci-app-passwall2/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall2 PKG_VERSION:=24.12.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \ @@ -47,6 +47,7 @@ if PACKAGE_$(PKG_NAME) config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy bool "Iptables Transparent Proxy" + select PACKAGE_chinadns-ng select PACKAGE_dnsmasq-full select PACKAGE_dnsmasq_full_ipset select PACKAGE_ipset @@ -62,6 +63,7 @@ config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy bool "Nftables Transparent Proxy" + select PACKAGE_chinadns-ng select PACKAGE_dnsmasq-full select PACKAGE_dnsmasq_full_nftset select PACKAGE_nftables diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh index 9e0bf5c23..bc3bb6e85 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/app.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh @@ -353,9 +353,9 @@ run_xray() { [ "${write_ipset_direct}" = "1" ] && { direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_listen_port + 1) udp) local set_flag="${flag}" - local direct_ipset_conf=$TMP_PATH/dnsmasq_${flag}_direct.conf + local direct_ipset_conf=${TMP_ACL_PATH}/default/dns_${flag}_direct.conf [ -n "$(echo ${flag} | grep '^acl')" ] && { - direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dnsmasq_${flag}_direct.conf + direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dns_${flag}_direct.conf set_flag=$(echo ${flag} | awk -F '_' '{print $2}') } if [ "${nftflag}" = "1" ]; then @@ -363,7 +363,7 @@ run_xray() { else local direct_ipset="passwall2_${set_flag}_whitelist,passwall2_${set_flag}_whitelist6" fi - run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf} + run_ipset_dns_server listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf} DIRECT_DNS_UDP_PORT=${direct_dnsmasq_listen_port} DIRECT_DNS_UDP_SERVER="127.0.0.1" [ -n "${direct_ipset}" ] && _extra_param="${_extra_param} -direct_ipset ${direct_ipset}" @@ -465,9 +465,9 @@ run_singbox() { [ "${write_ipset_direct}" = "1" ] && { direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_listen_port + 1) udp) local set_flag="${flag}" - local direct_ipset_conf=$TMP_PATH/dnsmasq_${flag}_direct.conf + local direct_ipset_conf=${TMP_ACL_PATH}/default/dns_${flag}_direct.conf [ -n "$(echo ${flag} | grep '^acl')" ] && { - direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dnsmasq_${flag}_direct.conf + direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dns_${flag}_direct.conf set_flag=$(echo ${flag} | awk -F '_' '{print $2}') } if [ "${nftflag}" = "1" ]; then @@ -475,7 +475,7 @@ run_singbox() { else local direct_ipset="passwall2_${set_flag}_whitelist,passwall2_${set_flag}_whitelist6" fi - run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf} + run_ipset_dns_server listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf} DIRECT_DNS_UDP_PORT=${direct_dnsmasq_listen_port} DIRECT_DNS_UDP_SERVER="127.0.0.1" [ -n "${direct_ipset}" ] && _extra_param="${_extra_param} -direct_ipset ${direct_ipset}" @@ -944,6 +944,14 @@ start_haproxy() { ln_run "$(first_type haproxy)" haproxy "/dev/null" -f "${haproxy_path}/${haproxy_conf}" } +run_ipset_dns_server() { + if [ -n "$(first_type chinadns-ng)" ]; then + run_ipset_chinadns_ng $@ + else + run_ipset_dnsmasq $@ + fi +} + run_ipset_dnsmasq() { local listen_port server_dns ipset nftset cache_size dns_forward_max config_file eval_set_val $@ @@ -962,6 +970,33 @@ run_ipset_dnsmasq() { ln_run "$(first_type dnsmasq)" "dnsmasq" "/dev/null" -C $config_file } +run_ipset_chinadns_ng() { + local listen_port server_dns ipset nftset config_file + eval_set_val $@ + [ -n "${ipset}" ] && { + set_names=$ipset + vps_set_names="passwall2_vpslist,passwall2_vpslist6" + } + [ -n "${nftset}" ] && { + set_names=$(echo ${nftset} | awk -F, '{printf "%s,%s", substr($1,3), substr($2,3)}' | sed 's/#/@/g') + vps_set_names="inet@passwall2@passwall2_vpslist,inet@passwall2@passwall2_vpslist6" + } + cat <<-EOF > $config_file + bind-addr 127.0.0.1 + bind-port ${listen_port} + china-dns ${server_dns} + trust-dns ${server_dns} + filter-qtype 65 + add-tagchn-ip ${set_names} + default-tag chn + group vpslist + group-dnl $TMP_ACL_PATH/vpslist + group-upstream ${server_dns} + group-ipset ${vps_set_names} + EOF + ln_run "$(first_type chinadns-ng)" "chinadns-ng" "/dev/null" -C $config_file -v +} + kill_all() { kill -9 $(pidof "$@") >/dev/null 2>&1 } @@ -1129,6 +1164,10 @@ start() { [ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start [ "$ENABLED_DEFAULT_ACL" == 1 ] && source $APP_PATH/helper_dnsmasq.sh logic_restart if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then + [ -n "$(first_type chinadns-ng)" ] && { + node_servers=$(uci show "${CONFIG}" | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2) + hosts_foreach "node_servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" > $TMP_ACL_PATH/vpslist + } bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables) echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1