zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci: support smartdns nftset

Browse Source
This commit is contained in:
ShanStone 2022-10-25 22:48:01 +08:00 committed by sbwml
parent 5359da1ca8
commit e59759ba7a
4 changed files with 22 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1353,7 +1353,7 @@ start() {
if [ "$use_nft" == 1 ] && [ -z "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then if [ "$use_nft" == 1 ] && [ -z "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
echolog "Dnsmasq软件包不满足nftables透明代理要求如需使用请确保dnsmasq版本在2.87以上并开启nftset支持。" echolog "Dnsmasq软件包不满足nftables透明代理要求如需使用请确保dnsmasq版本在2.87以上并开启nftset支持。"
elif [ "$use_nft" == 1 ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then elif [ "$use_nft" == 1 ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
echolog "使用nftables进行透明代理一些不支持nftables的组件如smartdns分流等将不可用。" echolog "使用nftables进行透明代理一些不支持nftables的组件如chinadns-ng等可能不会正常工作。"
nftflag=1 nftflag=1
start_redir TCP start_redir TCP
start_redir UDP start_redir UDP

2
luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh
View File

@ -67,7 +67,7 @@ restart() {
add() { add() {
local FLAG TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS REMOTE_FAKEDNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG NFTFLAG local FLAG TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS REMOTE_FAKEDNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG NFTFLAG
eval_set_val $@ eval_set_val $@
lua $APP_PATH/helper_dnsmasq_add.lua -FLAG $FLAG -TMP_DNSMASQ_PATH $TMP_DNSMASQ_PATH -DNSMASQ_CONF_FILE $DNSMASQ_CONF_FILE -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS -TUN_DNS $TUN_DNS -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -CHINADNS_DNS ${CHINADNS_DNS:-0} -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} -NFTFLAG ${NFTFLAG} lua $APP_PATH/helper_dnsmasq_add.lua -FLAG $FLAG -TMP_DNSMASQ_PATH $TMP_DNSMASQ_PATH -DNSMASQ_CONF_FILE $DNSMASQ_CONF_FILE -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS -TUN_DNS $TUN_DNS -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -CHINADNS_DNS ${CHINADNS_DNS:-0} -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} -NFTFLAG ${NFTFLAG:-0}
} }
del() { del() {

4
luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh
View File

@ -11,9 +11,9 @@ restart() {
} }
add() { add() {
local FLAG SMARTDNS_CONF LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG local FLAG SMARTDNS_CONF LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_PROXY_IPV6 NO_LOGIC_LOG NFTFLAG
eval_set_val $@ eval_set_val $@
lua $APP_PATH/helper_smartdns_add.lua -FLAG $FLAG -SMARTDNS_CONF $SMARTDNS_CONF -LOCAL_GROUP ${LOCAL_GROUP:-nil} -REMOTE_GROUP ${REMOTE_GROUP:-nil} -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -TUN_DNS $TUN_DNS -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} lua $APP_PATH/helper_smartdns_add.lua -FLAG $FLAG -SMARTDNS_CONF $SMARTDNS_CONF -LOCAL_GROUP ${LOCAL_GROUP:-nil} -REMOTE_GROUP ${REMOTE_GROUP:-nil} -REMOTE_FAKEDNS ${REMOTE_FAKEDNS:-0} -TUN_DNS $TUN_DNS -TCP_NODE $TCP_NODE -PROXY_MODE $PROXY_MODE -NO_PROXY_IPV6 ${NO_PROXY_IPV6:-0} -NO_LOGIC_LOG ${NO_LOGIC_LOG:-0} -NFTFLAG ${NFTFLAG:-0}
} }
del() { del() {

33
luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
View File

@ -12,6 +12,7 @@ local TCP_NODE = var["-TCP_NODE"]
local PROXY_MODE = var["-PROXY_MODE"] local PROXY_MODE = var["-PROXY_MODE"]
local NO_PROXY_IPV6 = var["-NO_PROXY_IPV6"] local NO_PROXY_IPV6 = var["-NO_PROXY_IPV6"]
local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"] local NO_LOGIC_LOG = var["-NO_LOGIC_LOG"]
local NFTFLAG = var["-NFTFLAG"]
local LOG_FILE = api.LOG_FILE local LOG_FILE = api.LOG_FILE
local CACHE_PATH = api.CACHE_PATH local CACHE_PATH = api.CACHE_PATH
local CACHE_FLAG = "dns_" .. FLAG local CACHE_FLAG = "dns_" .. FLAG
@ -172,6 +173,8 @@ if not REMOTE_GROUP or REMOTE_GROUP == "nil" then
sys.call('sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1') sys.call('sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1')
end end
local setflag= (NFTFLAG == "1") and "inet#fw4#" or ""
if not fs.access(CACHE_DNS_FILE) then if not fs.access(CACHE_DNS_FILE) then
sys.call(string.format('echo "server %s -group %s -exclude-default-group" >> %s', TUN_DNS, REMOTE_GROUP, CACHE_DNS_FILE)) sys.call(string.format('echo "server %s -group %s -exclude-default-group" >> %s', TUN_DNS, REMOTE_GROUP, CACHE_DNS_FILE))
--屏蔽列表 --屏蔽列表
@ -186,7 +189,7 @@ if not fs.access(CACHE_DNS_FILE) then
local address = t.address local address = t.address
if datatypes.hostname(address) then if datatypes.hostname(address) then
set_domain_group(address, LOCAL_GROUP) set_domain_group(address, LOCAL_GROUP)
set_domain_ipset(address, "#4:vpsiplist,#6:vpsiplist6") set_domain_ipset(address, "#4:" .. setflag .. "vpsiplist,#6:" .. setflag .. "vpsiplist6")
end end
end) end)
log(string.format(" - 节点列表中的域名(vpsiplist)使用分组:%s", LOCAL_GROUP or "默认")) log(string.format(" - 节点列表中的域名(vpsiplist)使用分组:%s", LOCAL_GROUP or "默认"))
@ -196,19 +199,19 @@ if not fs.access(CACHE_DNS_FILE) then
if line ~= "" and not line:find("#") then if line ~= "" and not line:find("#") then
add_excluded_domain(line) add_excluded_domain(line)
set_domain_group(line, LOCAL_GROUP) set_domain_group(line, LOCAL_GROUP)
set_domain_ipset(line, "#4:whitelist,#6:whitelist6") set_domain_ipset(line, "#4:" .. setflag .. "whitelist,#6:" .. setflag .. "whitelist6")
end end
end end
log(string.format(" - 域名白名单(whitelist)使用分组:%s", LOCAL_GROUP or "默认")) log(string.format(" - 域名白名单(whitelist)使用分组:%s", LOCAL_GROUP or "默认"))
local fwd_group = LOCAL_GROUP local fwd_group = LOCAL_GROUP
local ipset_flag = "#4:whitelist,#6:whitelist6" local ipset_flag = "#4:" .. setflag .. "whitelist,#6:" .. setflag .. "whitelist6"
local no_ipv6 local no_ipv6
if subscribe_proxy == "1" then if subscribe_proxy == "1" then
fwd_group = REMOTE_GROUP fwd_group = REMOTE_GROUP
ipset_flag = "#4:blacklist,#6:blacklist6" ipset_flag = "#4:" .. setflag .. "blacklist,#6:" .. setflag .. "blacklist6"
if NO_PROXY_IPV6 == "1" then if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:blacklist" ipset_flag = "#4:" .. setflag .. "blacklist"
no_ipv6 = true no_ipv6 = true
end end
if REMOTE_FAKEDNS == "1" then if REMOTE_FAKEDNS == "1" then
@ -231,10 +234,10 @@ if not fs.access(CACHE_DNS_FILE) then
for line in io.lines("/usr/share/passwall/rules/proxy_host") do for line in io.lines("/usr/share/passwall/rules/proxy_host") do
if line ~= "" and not line:find("#") then if line ~= "" and not line:find("#") then
add_excluded_domain(line) add_excluded_domain(line)
local ipset_flag = "#4:blacklist,#6:blacklist6" local ipset_flag = "#4:" .. setflag .. "blacklist,#6:" .. setflag .. "blacklist6"
if NO_PROXY_IPV6 == "1" then if NO_PROXY_IPV6 == "1" then
set_domain_address(line, "#6") set_domain_address(line, "#6")
ipset_flag = "#4:blacklist" ipset_flag = "#4:" .. setflag .. "blacklist"
end end
if REMOTE_FAKEDNS == "1" then if REMOTE_FAKEDNS == "1" then
ipset_flag = nil ipset_flag = nil
@ -262,12 +265,12 @@ if not fs.access(CACHE_DNS_FILE) then
if _node_id == "_direct" then if _node_id == "_direct" then
fwd_group = LOCAL_GROUP fwd_group = LOCAL_GROUP
ipset_flag = "#4:whitelist,#6:whitelist6" ipset_flag = "#4:" .. setflag .. "whitelist,#6:" .. setflag .. "whitelist6"
else else
fwd_group = REMOTE_GROUP fwd_group = REMOTE_GROUP
ipset_flag = "#4:shuntlist,#6:shuntlist6" ipset_flag = "#4:" .. setflag .. "shuntlist,#6:" .. setflag .. "shuntlist6"
if NO_PROXY_IPV6 == "1" then if NO_PROXY_IPV6 == "1" then
ipset_flag = "shuntlist" ipset_flag = "#4:" .. setflag .. "shuntlist"
no_ipv6 = true no_ipv6 = true
end end
if REMOTE_FAKEDNS == "1" then if REMOTE_FAKEDNS == "1" then
@ -303,9 +306,9 @@ if not fs.access(CACHE_DNS_FILE) then
local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"') local gfwlist_str = sys.exec('cat /usr/share/passwall/rules/gfwlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(gfwlist_str, "[^\r\n]+") do for line in string.gmatch(gfwlist_str, "[^\r\n]+") do
if line ~= "" then if line ~= "" then
local ipset_flag = "#4:gfwlist,#6:gfwlist6" local ipset_flag = "#4:" .. setflag .. "gfwlist,#6:" .. setflag .. "gfwlist6"
if NO_PROXY_IPV6 == "1" then if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:gfwlist" ipset_flag = "#4:" .. setflag .. "gfwlist"
set_domain_address(line, "#6") set_domain_address(line, "#6")
end end
fwd_group = REMOTE_GROUP fwd_group = REMOTE_GROUP
@ -324,7 +327,7 @@ if not fs.access(CACHE_DNS_FILE) then
for line in string.gmatch(chnlist_str, "[^\r\n]+") do for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then if line ~= "" then
set_domain_group(line, LOCAL_GROUP) set_domain_group(line, LOCAL_GROUP)
set_domain_ipset(line, "#4:chnroute,#6:chnroute6") set_domain_ipset(line, "#4:" .. setflag .. "chnroute,#6:" .. setflag .. "chnroute6")
end end
end end
end end
@ -334,9 +337,9 @@ if not fs.access(CACHE_DNS_FILE) then
local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"') local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
for line in string.gmatch(chnlist_str, "[^\r\n]+") do for line in string.gmatch(chnlist_str, "[^\r\n]+") do
if line ~= "" then if line ~= "" then
local ipset_flag = "#4:chnroute,#6:chnroute6" local ipset_flag = "#4:" .. setflag .. "chnroute,#6:" .. setflag .. "chnroute6"
if NO_PROXY_IPV6 == "1" then if NO_PROXY_IPV6 == "1" then
ipset_flag = "#4:chnroute" ipset_flag = "#4:" .. setflag .. "chnroute"
set_domain_address(line, "#6") set_domain_address(line, "#6")
end end
set_domain_group(line, REMOTE_GROUP) set_domain_group(line, REMOTE_GROUP)