• R/O
  • HTTP
  • SSH
  • HTTPS

luci: Commit

LuCI - OpenWrt Configuration Interface


Commit MetaInfo

Révision2a43828292f1411453ad5c9c834d1334e1a7f187 (tree)
l'heure2022-01-21 16:53:47
AuteurTianling Shen <cnsztl@immo...>
CommiterTianling Shen

Message de Log

Merge Mainline

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

Change Summary

Modification

--- a/applications/luci-app-passwall/Makefile
+++ b/applications/luci-app-passwall/Makefile
@@ -6,9 +6,9 @@
66 include $(TOPDIR)/rules.mk
77
88 PKG_NAME:=luci-app-passwall
9-PKG_VERSION:=4.46
9+PKG_VERSION:=4.48
1010 PKG_RELEASE:=2
11-#20220108
11+#20220120
1212
1313 PKG_CONFIG_DEPENDS:= \
1414 CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Brook \
--- a/applications/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
+++ b/applications/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
@@ -6,6 +6,7 @@ local node_section = var["-node"]
66 local proto = var["-proto"]
77 local proxy_way = var["-proxy_way"]
88 local redir_port = var["-redir_port"]
9+local route_only = var["-route_only"]
910 local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
1011 local local_socks_port = var["-local_socks_port"]
1112 local local_socks_username = var["-local_socks_username"]
@@ -24,6 +25,7 @@ local dns_client_ip = var["-dns_client_ip"]
2425 local dns_query_strategy = var["-dns_query_strategy"]
2526 local dns_socks_address = var["-dns_socks_address"]
2627 local dns_socks_port = var["-dns_socks_port"]
28+local dns_fakedns = var["-dns_fakedns"]
2729 local loglevel = var["-loglevel"] or "warning"
2830 local network = proto
2931 local new_port
@@ -33,6 +35,7 @@ local sys = api.sys
3335 local jsonc = api.jsonc
3436 local appname = api.appname
3537 local dns = nil
38+local fakedns = nil
3639 local inbounds = {}
3740 local outbounds = {}
3841 local routing = nil
@@ -277,7 +280,7 @@ if node_section then
277280 protocol = "dokodemo-door",
278281 settings = {network = proto, followRedirect = true},
279282 streamSettings = {sockopt = {tproxy = proxy_way}},
280- sniffing = {enabled = true, destOverride = {"http", "tls"}, RouteOnly = true}
283+ sniffing = {enabled = true, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, RouteOnly = route_only and true or nil}
281284 })
282285 end
283286
@@ -513,7 +516,7 @@ if node_section then
513516 end
514517 end
515518
516-if dns_server then
519+if dns_server or dns_fakedns then
517520 table.insert(outbounds, {
518521 protocol = "dns",
519522 tag = "dns-out"
@@ -550,6 +553,18 @@ if dns_server then
550553 }
551554 end
552555
556+ if dns_fakedns then
557+ fakedns = {}
558+ fakedns[#fakedns + 1] = {
559+ ipPool = "198.18.0.0/16",
560+ poolSize = 65535
561+ }
562+ dns_server = "1.1.1.1"
563+ dns.servers = {
564+ "fakedns"
565+ }
566+ end
567+
553568 if dns_listen_port then
554569 table.insert(inbounds, {
555570 listen = "127.0.0.1",
@@ -599,7 +614,7 @@ if dns_server then
599614 })
600615 end
601616
602- if node_section and (proto and proto:find("tcp")) and redir_port then
617+ if node_section and (proto and proto:find("tcp")) and redir_port and not dns_fakedns then
603618 local outboundTag = node_section
604619 local node = uci:get_all(appname, node_section)
605620 if node.protocol == "_shunt" then
@@ -634,6 +649,7 @@ if inbounds or outbounds then
634649 },
635650 -- DNS
636651 dns = dns,
652+ fakedns = fakedns,
637653 -- 传入连接
638654 inbounds = inbounds,
639655 -- 传出连接
--- a/applications/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/applications/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -176,43 +176,54 @@ udp_node:value("tcp", translate("Same as the tcp node"))
176176
177177 s:tab("DNS", translate("DNS"))
178178
179+if api.is_finded("smartdns") then
180+ dns_shunt = s:taboption("DNS", ListValue, "dns_shunt", translate("DNS Shunt"))
181+ dns_shunt:value("dnsmasq", "Dnsmasq")
182+ dns_shunt:value("smartdns", "SmartDNS")
183+
184+ group_domestic = s:taboption("DNS", Value, "group_domestic", translate("Domestic group name"))
185+ group_domestic.placeholder = "local"
186+ group_domestic:depends("dns_shunt", "smartdns")
187+ group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
188+end
189+
190+o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
191+o.default = "0"
192+
179193 ---- DNS Forward Mode
180-o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
181-o.rmempty = false
182-o:reset_values()
194+dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
195+dns_mode.rmempty = false
196+dns_mode:reset_values()
183197 if api.is_finded("pdnsd") then
184- o:value("pdnsd", "pdnsd " .. translatef("Requery DNS By %s", translate("TCP Node")))
198+ dns_mode:value("pdnsd", "pdnsd " .. translatef("Requery DNS By %s", translate("TCP Node")))
185199 end
186200 if api.is_finded("dns2socks") then
187- o:value("dns2socks", "dns2socks")
201+ dns_mode:value("dns2socks", "dns2socks")
188202 end
189203 if has_v2ray then
190- o:value("v2ray", "V2ray")
204+ dns_mode:value("v2ray", "V2ray")
191205 end
192206 if has_xray then
193- o:value("xray", "Xray")
207+ dns_mode:value("xray", "Xray")
194208 end
195-o:value("udp", translatef("Requery DNS By %s", translate("UDP Node")))
196-o:value("custom", translate("Custom DNS") .. "(UDP)")
197-o:value("nonuse", translate("No Filter"))
209+dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
198210
199211 o = s:taboption("DNS", ListValue, "v2ray_dns_mode", " ")
200212 o:value("tcp", "TCP")
201213 o:value("doh", "DoH")
214+o:value("fakedns", "FakeDNS")
202215 o:depends("dns_mode", "v2ray")
203216 o:depends("dns_mode", "xray")
204-
205----- Custom DNS
206-o = s:taboption("DNS", Value, "custom_dns", translate("Custom DNS"))
207-o.default = "127.0.0.1#5353"
208217 o.validate = function(self, value, t)
209- local v = string.gsub(value, "#", ":")
210- if not datatypes.ipaddrport(v) then
211- return nil, translate("Custom DNS") .. " " .. translate("Not valid IP format, please re-enter!")
218+ if value == "fakedns" then
219+ local _dns_mode = dns_mode:formvalue(t)
220+ local _tcp_node = tcp_node:formvalue(t)
221+ if m:get(_tcp_node, "type"):lower() ~= _dns_mode then
222+ return nil, translatef("TCP node must be '%s' type to use FakeDNS.", _dns_mode)
223+ end
212224 end
213225 return value
214226 end
215-o:depends({dns_mode = "custom"})
216227
217228 o = s:taboption("DNS", ListValue, "dns_by", translate("Resolver For The List Proxied"))
218229 o:value("tcp", translatef("Requery DNS By %s", translate("TCP Node")))
@@ -248,6 +259,7 @@ o:depends("v2ray_dns_mode", "doh")
248259 ---- DNS Forward
249260 o = s:taboption("DNS", Value, "dns_forward", translate("Remote DNS"))
250261 --o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. " " .. translate("If you use dns2socks, only the first one is valid.")
262+o.datatype = "or(ipaddr,ipaddrport)"
251263 o.default = "1.1.1.1"
252264 o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)")
253265 o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)")
@@ -261,7 +273,10 @@ o:depends({dns_mode = "udp"})
261273 o:depends({v2ray_dns_mode = "tcp"})
262274
263275 o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet"))
276+o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" ..
277+ translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
264278 o.datatype = "ipaddr"
279+o:depends("v2ray_dns_mode", "tcp")
265280 o:depends("v2ray_dns_mode", "doh")
266281
267282 o = s:taboption("DNS", ListValue, "dns_query_strategy", translate("Query Strategy"))
@@ -269,31 +284,33 @@ o.default = "UseIPv4"
269284 o:value("UseIPv4")
270285 o:value("UseIPv6")
271286 o:value("UseIP")
272-o:depends("dns_mode", "v2ray")
273-o:depends("dns_mode", "xray")
287+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
288+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
289+o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
290+o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
274291
275292 o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
276293 o.default = "1"
277294 o:depends({dns_mode = "dns2socks"})
278295 o:depends({dns_mode = "pdnsd"})
279-o:depends({dns_mode = "v2ray"})
280-o:depends({dns_mode = "xray"})
296+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
297+o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
298+o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
299+o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
281300 o.rmempty = false
282301
283302 if has_chnlist and api.is_finded("chinadns-ng") then
284303 o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, but will increase the memory."))
285- o.default = "1"
286- o:depends({dns_mode = "nonuse", ["!reverse"] = true})
304+ o.default = "0"
305+ o:depends({dns_mode = "dns2socks"})
306+ o:depends({dns_mode = "pdnsd"})
307+ o:depends({dns_mode = "v2ray", v2ray_dns_mode = "tcp"})
308+ o:depends({dns_mode = "v2ray", v2ray_dns_mode = "doh"})
309+ o:depends({dns_mode = "xray", v2ray_dns_mode = "tcp"})
310+ o:depends({dns_mode = "xray", v2ray_dns_mode = "doh"})
311+ o:depends({dns_mode = "udp"})
287312 end
288313
289-o = s:taboption("DNS", Flag, "filter_gfwlist_ipv6", translate("Filter GFW List IPv6"), translate("Experimental feature."))
290-o.default = "0"
291-o:depends({dns_mode = "nonuse", ["!reverse"] = true})
292-
293-o = s:taboption("DNS", Flag, "filter_proxylist_ipv6", translate("Filter Proxy List IPv6"), translate("Experimental feature."))
294-o.default = "0"
295-o:depends({dns_mode = "nonuse", ["!reverse"] = true})
296-
297314 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
298315 o.inputstyle = "remove"
299316 function o.write(e, e)
@@ -362,7 +379,7 @@ localhost_udp_proxy_mode.validate = redir_mode_validate
362379 tips = s:taboption("Proxy", DummyValue, "tips", " ")
363380 tips.rawhtml = true
364381 tips.cfgvalue = function(t, n)
365- return string.format('<a style="color: red" href="acl">%s</a>', translate("Want different devices to use different proxy modes/ports/nodes? Please use access control."))
382+ return string.format('<a style="color: red" href="%s">%s</a>', api.url("acl"), translate("Want different devices to use different proxy modes/ports/nodes? Please use access control."))
366383 end
367384
368385 s:tab("log", translate("Log"))
@@ -387,10 +404,10 @@ trojan_loglevel:value("2", "warn")
387404 trojan_loglevel:value("3", "error")
388405 trojan_loglevel:value("4", "fatal")
389406
390-s:tab("tips", translate("Tips"))
407+s:tab("faq", "FAQ")
391408
392-o = s:taboption("tips", DummyValue, "")
393-o.template = appname .. "/global/tips"
409+o = s:taboption("faq", DummyValue, "")
410+o.template = appname .. "/global/faq"
394411
395412 -- [[ Socks Server ]]--
396413 o = s:taboption("Main", Flag, "socks_enabled", "Socks " .. translate("Main switch"))
--- a/applications/luci-app-passwall/luasrc/view/passwall/global/tips.htm
+++ b/applications/luci-app-passwall/luasrc/view/passwall/global/faq.htm
@@ -2,7 +2,15 @@
22 local api = require "luci.model.cbi.passwall.api.api"
33 -%>
44 <div class="cbi-section cbi-tblsection">
5- <div id="tips_div"></div>
5+ <div id="dns_div">
6+ <ul><b style="color:red"><%:About DNS issues:%></b>
7+ <li style="color:red">1. <span><%:Some browsers may have built-in DNS, be sure to close. Example: Chrome. Settings - Security and Privacy - Security - Use secure DNS disabled.%></span></li>
8+ <li style="color:red">2. <span><%:Sometimes after restart, you can not internet, especially the GFW mode. At this time, close all browsers (important), Windows Client, please `ipconfig / flushdns`. Please close the WiFi on the phone, cut the flight mode and then cut back.%></span></li>
9+ <li style="color:red">3. <span><%:The client DNS and the default gateway must point to this router.%></span></li>
10+ <li style="color:red">4. <span><%:If you have a wrong DNS process, the consequences are at your own risk!%></span></li>
11+ </ul>
12+ </div>
13+ <div id="div2"></div>
614 </div>
715
816 <script>
@@ -23,7 +31,7 @@ local api = require "luci.model.cbi.passwall.api.api"
2331 }
2432 }
2533
26- var dom = document.getElementById("tips_div");
34+ var dom = document.getElementById("div2");
2735 if (dom) {
2836 var li = "";
2937 li += "<%:You can use load balancing for failover.%>" + "<br />";
--- a/applications/luci-app-passwall/po/zh-cn/passwall.po
+++ b/applications/luci-app-passwall/po/zh-cn/passwall.po
@@ -142,14 +142,20 @@ msgstr "用于代理特定的列表。"
142142 msgid "For proxy game network, DNS hijack etc."
143143 msgstr "用于代理游戏或DNS劫持等..."
144144
145+msgid "DNS Shunt"
146+msgstr "DNS分流"
147+
148+msgid "Domestic group name"
149+msgstr "国内分组名"
150+
151+msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
152+msgstr "你只需要在SmartDNS配置好国内DNS分组,并设置重定向或作为Dnsmasq上游,此处填入国内DNS分组名。"
153+
145154 msgid "Filter Mode"
146155 msgstr "过滤模式"
147156
148-msgid "No Filter"
149-msgstr "不过滤"
150-
151-msgid "Custom DNS"
152-msgstr "自定义DNS"
157+msgid "TCP node must be '%s' type to use FakeDNS."
158+msgstr "TCP节点必须是 '%s' 类型才能使用 FakeDNS。"
153159
154160 msgid "Remote DNS"
155161 msgstr "远程DNS"
@@ -193,6 +199,12 @@ msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
193199 msgid "Cache Resolved"
194200 msgstr "缓存解析结果"
195201
202+msgid "Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address)."
203+msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位置(不能是私有 IP 地址)。"
204+
205+msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
206+msgstr "此功能需要 DNS 服务器支持 EDNS Client Subnet(RFC7871)。"
207+
196208 msgid "Query Strategy"
197209 msgstr "查询策略"
198210
@@ -202,11 +214,8 @@ msgstr "当访问的域名不存在规则列表中,使用的默认DNS。"
202214 msgid "The effect is better, but will increase the memory."
203215 msgstr "效果更好,但会增加内存使用。"
204216
205-msgid "Filter GFW List IPv6"
206-msgstr "过滤GFW列表 IPv6"
207-
208-msgid "Filter Proxy List IPv6"
209-msgstr "过滤代理列表 IPv6"
217+msgid "Filter Proxy Host IPv6"
218+msgstr "过滤代理域名 IPv6"
210219
211220 msgid "Experimental feature."
212221 msgstr "实验性功能。"
@@ -220,8 +229,20 @@ msgstr "如果修改规则后没有生效,请尝试此功能。"
220229 msgid "The server client can also use this rule to scientifically surf the Internet."
221230 msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
222231
223-msgid "Tips"
224-msgstr "小提示"
232+msgid "About DNS issues:"
233+msgstr "关于DNS问题:"
234+
235+msgid "Some browsers may have built-in DNS, be sure to close. Example: Chrome. Settings - Security and Privacy - Security - Use secure DNS disabled."
236+msgstr "部分浏览器可能有内置的DNS,请务必关闭。如:chrome。 设置 - 安全和隐私设置 - 使用安全 DNS 关闭。"
237+
238+msgid "Sometimes after restart, you can not internet, especially the GFW mode. At this time, close all browsers (important), Windows Client, please `ipconfig / flushdns`. Please close the WiFi on the phone, cut the flight mode and then cut back."
239+msgstr "有时候重启后,上不了,尤其是GFW模式。这时请先关闭所有浏览器(重要),Windows客户端请`ipconfig/flushdns`。手机端请关闭WIFI,切一下飞行模式再切回来。"
240+
241+msgid "The client DNS and the default gateway must point to this router."
242+msgstr "客户端DNS和默认网关必须指向本路由器。"
243+
244+msgid "If you have a wrong DNS process, the consequences are at your own risk!"
245+msgstr "如果你自行配置了错误的DNS流程,后果自负!"
225246
226247 msgid "You can use load balancing for failover."
227248 msgstr "可以使用负载均衡实现故障切换功能。"
--- a/applications/luci-app-passwall/root/usr/share/passwall/0_default_config
+++ b/applications/luci-app-passwall/root/usr/share/passwall/0_default_config
@@ -5,16 +5,12 @@ config global
55 option tcp_node 'nil'
66 option udp_node 'nil'
77 option dns_mode 'pdnsd'
8- option up_china_dns 'default'
98 option dns_forward '1.1.1.1'
10- option dns_cache '0'
11- option filter_gfwlist_ipv6 '0'
12- option filter_proxylist_ipv6 '0'
9+ option filter_proxy_ipv6 '0'
1310 option tcp_proxy_mode 'chnroute'
1411 option udp_proxy_mode 'chnroute'
1512 option localhost_tcp_proxy_mode 'default'
1613 option localhost_udp_proxy_mode 'default'
17- option socks_server '127.0.0.1:1080'
1814 option close_log_tcp '0'
1915 option close_log_udp '0'
2016 option loglevel 'error'
--- a/applications/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/applications/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -347,18 +347,22 @@ run_v2ray_dns_socks() {
347347 }
348348 [ -z "$type" ] && return 1
349349 [ -n "$log_file" ] || log_file="/dev/null"
350+ local _extra_param="-dns_listen_port ${listen_port} -dns_socks_address ${socks_address} -dns_socks_port ${socks_port}"
351+ [ -n "${dns_query_strategy}" ] && _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
352+ [ -n "${dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${dns_client_ip}"
350353 if [ "$dns_proto" = "tcp" ]; then
351354 local _dns_forward=$(get_first_dns dns_tcp_server 53 | sed 's/#/:/g')
352355 local _dns_address=$(echo ${_dns_forward} | awk -F ':' '{print $1}')
353- lua $API_GEN_V2RAY -dns_listen_port "${listen_port}" -dns_server "${_dns_address}" -dns_tcp_server "tcp://${_dns_forward}" -dns_query_strategy "${dns_query_strategy}" -dns_socks_address "${socks_address}" -dns_socks_port "${socks_port}" > $config_file
356+ _extra_param="${_extra_param} -dns_server ${_dns_address} -dns_tcp_server tcp://${_dns_forward}"
354357 elif [ "$dns_proto" = "doh" ]; then
355358 _doh_url=$(echo $doh | awk -F ',' '{print $1}')
356359 _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
357360 _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
358361 _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
359362 _doh_bootstrap=$(echo $doh | cut -d ',' -sf 2-)
360- lua $API_GEN_V2RAY -dns_listen_port "${listen_port}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" -dns_client_ip "${dns_client_ip}" -dns_query_strategy "${dns_query_strategy}" -dns_socks_address "${socks_address}" -dns_socks_port "${socks_port}" > $config_file
363+ _extra_param="${_extra_param} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}"
361364 fi
365+ lua $API_GEN_V2RAY ${_extra_param} > $config_file
362366 ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file -config="$config_file"
363367 }
364368
@@ -643,33 +647,43 @@ run_redir() {
643647 UDP_NODE="nil"
644648 }
645649 _extra_param="${_extra_param} ${proto}"
646- [ "${DNS_MODE}" = "v2ray" -o "${DNS_MODE}" = "xray" ] && [ "$(config_t_get global dns_by)" = "tcp" ] && {
647- config_file=$(echo $config_file | sed "s/.json/_DNS.json/g")
648- resolve_dns=1
649- local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
650- _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
651- [ "${DNS_CACHE}" == "0" ] && _extra_param="${_extra_param} -dns_cache 0"
650+ _extra_param="${_extra_param} -route_only 1"
651+ [ "${DNS_MODE}" = "v2ray" -o "${DNS_MODE}" = "xray" ] && {
652652 local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
653- case "$v2ray_dns_mode" in
654- tcp)
655- local dns_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
656- local dns_address=$(echo $dns_forward | awk -F ':' '{print $1}')
657- _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${dns_address} -dns_tcp_server tcp://${dns_forward}"
658- echolog " - 域名解析 DNS Over TCP..."
659- ;;
660- doh)
661- up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
662- _doh_url=$(echo $up_trust_doh | awk -F ',' '{print $1}')
663- _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
664- _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
665- _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
666- _doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-)
667- _dns_client_ip=$(config_t_get global dns_client_ip)
668- _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host} -dns_client_ip ${_dns_client_ip}"
669- unset _doh_url _doh_port _doh_bootstrap
670- echolog " - 域名解析 DNS Over HTTPS..."
671- ;;
672- esac
653+ [ "$(config_t_get global dns_by)" = "tcp" -o "${v2ray_dns_mode}" = "fakedns" ] && {
654+ config_file=$(echo $config_file | sed "s/.json/_DNS.json/g")
655+ resolve_dns=1
656+ local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
657+ _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
658+ local _dns_client_ip=$(config_t_get global dns_client_ip)
659+ [ -n "${_dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${_dns_client_ip}"
660+ [ "${DNS_CACHE}" == "0" ] && _extra_param="${_extra_param} -dns_cache 0"
661+ case "$v2ray_dns_mode" in
662+ tcp)
663+ local dns_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
664+ local dns_address=$(echo $dns_forward | awk -F ':' '{print $1}')
665+ _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${dns_address} -dns_tcp_server tcp://${dns_forward}"
666+ echolog " - 域名解析 DNS Over TCP..."
667+ ;;
668+ doh)
669+ up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
670+ _doh_url=$(echo $up_trust_doh | awk -F ',' '{print $1}')
671+ _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
672+ _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
673+ _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
674+ _doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-)
675+ _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}"
676+ unset _doh_url _doh_port _doh_bootstrap
677+ echolog " - 域名解析 DNS Over HTTPS..."
678+ ;;
679+ fakedns)
680+ fakedns=1
681+ CHINADNS_NG=0
682+ _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port} -dns_fakedns 1"
683+ echolog " - 域名解析 Fake DNS..."
684+ ;;
685+ esac
686+ }
673687 }
674688 lua $API_GEN_V2RAY -node $node -redir_port $local_port -proxy_way $tcp_proxy_way -loglevel $loglevel ${_extra_param} > $config_file
675689 ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file -config="$config_file"
@@ -1035,12 +1049,6 @@ start_dns() {
10351049 echolog "过滤服务配置:准备接管域名解析..."
10361050
10371051 case "$DNS_MODE" in
1038- nonuse)
1039- echolog " - 不过滤DNS..."
1040- TUN_DNS=""
1041- use_chinadns_ng=$(config_t_get global always_use_chinadns_ng 0)
1042- [ "$use_chinadns_ng" == "0" ] && return
1043- ;;
10441052 dns2socks)
10451053 local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) | sed "s/#/:/g")
10461054 local dns2socks_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
@@ -1053,6 +1061,8 @@ start_dns() {
10531061 [ "${DNS_CACHE}" == "0" ] && local _extra_param="-dns_cache 0"
10541062 local dns_query_strategy=$(config_t_get global dns_query_strategy UseIPv4)
10551063 _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}"
1064+ local _dns_client_ip=$(config_t_get global dns_client_ip)
1065+ [ -n "${_dns_client_ip}" ] && _extra_param="${_extra_param} -dns_client_ip ${_dns_client_ip}"
10561066 local dns_by=$(config_t_get global dns_by "tcp")
10571067 if [ "${dns_by}" = "tcp" ]; then
10581068 use_tcp_node_resolve_dns=1
@@ -1078,7 +1088,6 @@ start_dns() {
10781088 _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
10791089 _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
10801090 _doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-)
1081- _dns_client_ip=$(config_t_get global dns_client_ip)
10821091
10831092 if [ "${dns_by}" = "tcp" ]; then
10841093 DNS_FORWARD=""
@@ -1089,7 +1098,7 @@ start_dns() {
10891098 done
10901099 unset _dns _doh_bootstrap_dns
10911100 fi
1092- lua $API_GEN_V2RAY -dns_listen_port "${dns_listen_port}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" -dns_client_ip "${_dns_client_ip}" ${_extra_param} > $TMP_PATH/DNS.json
1101+ lua $API_GEN_V2RAY -dns_listen_port "${dns_listen_port}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" ${_extra_param} > $TMP_PATH/DNS.json
10931102 unset _doh_url _doh_port _doh_bootstrap
10941103 echolog " - 域名解析 DNS Over HTTPS..."
10951104 ;;
@@ -1105,18 +1114,27 @@ start_dns() {
11051114 ;;
11061115 udp)
11071116 use_udp_node_resolve_dns=1
1108- TUN_DNS=${DNS_FORWARD}
1109- echolog " - 域名解析:直接使用UDP节点请求DNS($TUN_DNS)"
1110- ;;
1111- custom)
1112- custom_dns=$(config_t_get global custom_dns)
1113- TUN_DNS="$(echo ${custom_dns} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
1114- echolog " - 域名解析:使用UDP协议自定义DNS($TUN_DNS)解析..."
1117+ TUN_DNS="$(echo ${DNS_FORWARD} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
1118+ echolog " - 域名解析:使用UDP协议请求DNS($TUN_DNS)..."
11151119 ;;
11161120 esac
11171121
11181122 [ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
11191123 [ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
1124+
1125+ case "$DNS_SHUNT" in
1126+ smartdns)
1127+ if [ -n "$(first_type smartdns)" ]; then
1128+ local group_domestic=$(config_t_get global group_domestic)
1129+ CHINADNS_NG=0
1130+ source $APP_PATH/helper_smartdns.sh add DNS_MODE=$DNS_MODE SMARTDNS_CONF=/tmp/etc/smartdns/$CONFIG.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_GROUP=$group_domestic TUN_DNS=$TUN_DNS TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
1131+ source $APP_PATH/helper_smartdns.sh restart
1132+ echolog " - 域名解析:使用SmartDNS,请确保配置正常。"
1133+ else
1134+ DNS_SHUNT="dnsmasq"
1135+ fi
1136+ ;;
1137+ esac
11201138
11211139 [ -n "$chnlist" ] && [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && [ -s "${RULES_PATH}/chnlist" ] && {
11221140 china_ng_listen_port=$(expr $dns_listen_port + 1)
@@ -1144,8 +1162,11 @@ start_dns() {
11441162 ln_run "$(first_type chinadns-ng)" chinadns-ng "$log_path" -v -b 0.0.0.0 -l "${china_ng_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} -f
11451163 echolog " + 过滤服务:ChinaDNS-NG(:${china_ng_listen_port}):国内DNS:${china_ng_chn},可信DNS:${china_ng_gfw}"
11461164 }
1147- source $APP_PATH/helper_${DNS_N}.sh stretch
1148- source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_GFWLIST_IPV6=${filter_gfwlist_ipv6} NO_PROXYLIST_IPV6=${filter_proxylist_ipv6}
1165+
1166+ [ "$DNS_SHUNT" = "dnsmasq" ] && {
1167+ source $APP_PATH/helper_dnsmasq.sh stretch
1168+ source $APP_PATH/helper_dnsmasq.sh add DNS_MODE=$DNS_MODE TMP_DNSMASQ_PATH=$TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE=/tmp/dnsmasq.d/dnsmasq-passwall.conf REMOTE_FAKEDNS=$fakedns DEFAULT_DNS=$DEFAULT_DNS LOCAL_DNS=$LOCAL_DNS TUN_DNS=$TUN_DNS CHINADNS_DNS=$china_ng_listen TCP_NODE=$TCP_NODE PROXY_MODE=${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE} NO_PROXY_IPV6=${filter_proxy_ipv6}
1169+ }
11491170 }
11501171
11511172 gen_pdnsd_config() {
@@ -1183,7 +1204,7 @@ gen_pdnsd_config() {
11831204 max_ttl = 1w;
11841205 timeout = 10;
11851206 par_queries = 2;
1186- neg_domain_pol = on;
1207+ neg_domain_pol = off;
11871208 udpbufsize = 1024;
11881209 proc_limit = 2;
11891210 procq_limit = 8;
@@ -1399,8 +1420,10 @@ stop() {
13991420 unset V2RAY_LOCATION_ASSET
14001421 unset XRAY_LOCATION_ASSET
14011422 stop_crontab
1402- source $APP_PATH/helper_${DNS_N}.sh del
1403- source $APP_PATH/helper_${DNS_N}.sh restart no_log=1
1423+ source $APP_PATH/helper_smartdns.sh del
1424+ source $APP_PATH/helper_smartdns.sh restart no_log=1
1425+ source $APP_PATH/helper_dnsmasq.sh del
1426+ source $APP_PATH/helper_dnsmasq.sh restart no_log=1
14041427 rm -rf ${TMP_PATH}
14051428 rm -rf /tmp/lock/${CONFIG}_script.lock
14061429 echolog "清空并关闭相关程序和缓存完成。"
@@ -1441,12 +1464,12 @@ global=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LO
14411464 returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "returnhome")
14421465 chnlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "chnroute")
14431466 gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "gfwlist")
1467+DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
14441468 DNS_MODE=$(config_t_get global dns_mode pdnsd)
14451469 DNS_FORWARD=$(config_t_get global dns_forward 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
14461470 DNS_CACHE=$(config_t_get global dns_cache 0)
1447-CHINADNS_NG=$(config_t_get global chinadns_ng 1)
1448-filter_gfwlist_ipv6=$(config_t_get global filter_gfwlist_ipv6 0)
1449-filter_proxylist_ipv6=$(config_t_get global filter_proxylist_ipv6 0)
1471+CHINADNS_NG=$(config_t_get global chinadns_ng 0)
1472+filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0)
14501473 dns_listen_port=${DNS_PORT}
14511474
14521475 DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
--- a/applications/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh
+++ b/applications/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.sh
@@ -64,44 +64,42 @@ restart() {
6464 LOG_FILE=${_LOG_FILE}
6565 }
6666
67-gen_dnsmasq_items() {
68- local ipsetlist=${1}; shift 1
69- local fwd_dns=${1}; shift 1
70- local outf=${1}; shift 1
71-
72- awk -v ipsetlist="${ipsetlist}" -v ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf" -v fwd_dns="${fwd_dns}" -v outf="${outf}" '
67+gen_items() {
68+ local ipsets dnss outf ipsetoutf
69+ eval_set_val $@
70+
71+ awk -v ipsets="${ipsets}" -v dnss="${dnss}" -v outf="${outf}" -v ipsetoutf="${ipsetoutf}" '
7372 BEGIN {
74- if(outf == "") {outf="/dev/stdout"; ipsetoutf="/dev/stdout";}
75- split(fwd_dns, dns, ","); setdns=length(dns)>0; setlist=length(ipsetlist)>0;
73+ if(outf == "") outf="/dev/stdout";
74+ if(ipsetoutf == "") ipsetoutf=outf;
75+ split(dnss, dns, ","); setdns=length(dns)>0; setlist=length(ipsets)>0;
7676 if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
7777 fail=1;
7878 }
7979 ! /^$/&&!/^#/ {
8080 fail=0
81- if(! (setdns || setlist)) {printf("server=%s\n", $0) >>outf; next;}
8281 if(setdns) for(i in dns) printf("server=/.%s/%s\n", $0, dns[i]) >>outf;
83-
84- if(setlist) printf("ipset=/.%s/%s\n", $0, ipsetlist) >>ipsetoutf;
82+ if(setlist) printf("ipset=/.%s/%s\n", $0, ipsets) >>ipsetoutf;
8583 }
8684 END {fflush(outf); close(outf); fflush(ipsetoutf); close(ipsetoutf); exit(fail);}
8785 '
8886 }
8987
90-gen_dnsmasq_address_items() {
91- local fwd_dns=${1}; shift 1
88+gen_address_items() {
89+ local address=${1}; shift 1
9290 local outf=${1}; shift 1
9391
94- awk -v fwd_dns="${fwd_dns}" -v outf="${outf}" '
92+ awk -v address="${address}" -v outf="${outf}" '
9593 BEGIN {
9694 if(outf == "") outf="/dev/stdout";
97- split(fwd_dns, dns, ","); setdns=length(dns)>0;
98- if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
95+ if(address == "") address="0.0.0.0,::";
96+ split(address, ad, ","); setad=length(ad)>0;
97+ if(setad) for(i in ad) if(length(ad[i])==0) delete ad[i];
9998 fail=1;
10099 }
101100 ! /^$/&&!/^#/ {
102101 fail=0
103- if(! setdns) {printf("address=%s\n", $0) >>outf; next;}
104- if(setdns) for(i in dns) printf("address=/.%s/%s\n", $0, dns[i]) >>outf;
102+ if(setad) for(i in ad) printf("address=/.%s/%s\n", $0, ad[i]) >>outf;
105103 }
106104 END {fflush(outf); close(outf); exit(fail);}
107105 '
@@ -114,7 +112,7 @@ ipset_merge() {
114112
115113 add() {
116114 local fwd_dns item servers msg
117- local DNS_MODE TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_GFWLIST_IPV6 NO_PROXYLIST_IPV6
115+ local DNS_MODE TMP_DNSMASQ_PATH DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_DNS TUN_DNS REMOTE_FAKEDNS CHINADNS_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_PROXY_IPV6
118116 eval_set_val $@
119117 _LOG_FILE=$LOG_FILE
120118 [ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"
@@ -125,139 +123,156 @@ add() {
125123 mkdir -p "${TMP_DNSMASQ_PATH}" "${DNSMASQ_PATH}" "/tmp/dnsmasq.d"
126124 count_hosts_str="!"
127125
128- if [ "${DNS_MODE}" = "nonuse" ]; then
129- echolog " - 不对域名进行分流解析"
130- LOG_FILE=${_LOG_FILE}
131- return 0
132- else
133- #屏蔽列表
134- [ -s "${RULES_PATH}/block_host" ] && {
135- cat "${RULES_PATH}/block_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_dnsmasq_address_items "0.0.0.0" "${TMP_DNSMASQ_PATH}/00-block_host.conf"
136- }
126+ #屏蔽列表
127+ [ -s "${RULES_PATH}/block_host" ] && {
128+ cat "${RULES_PATH}/block_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_address_items address="0.0.0.0" outf="${TMP_DNSMASQ_PATH}/00-block_host.conf"
129+ }
137130
138- #始终用国内DNS解析节点域名
139- fwd_dns="${LOCAL_DNS}"
140- servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
141- hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_dnsmasq_items "vpsiplist,vpsiplist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf"
142- echolog " - [$?]节点列表中的域名(vpsiplist):${fwd_dns:-默认}"
131+ #始终用国内DNS解析节点域名
132+ fwd_dns="${LOCAL_DNS}"
133+ servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
134+ hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items ipsets="vpsiplist,vpsiplist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
135+ echolog " - [$?]节点列表中的域名(vpsiplist):${fwd_dns:-默认}"
143136
144- #始终用国内DNS解析直连(白名单)列表
145- [ -s "${RULES_PATH}/direct_host" ] && {
137+ #始终用国内DNS解析直连(白名单)列表
138+ [ -s "${RULES_PATH}/direct_host" ] && {
139+ fwd_dns="${LOCAL_DNS}"
140+ #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
141+ cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/11-direct_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
142+ echolog " - [$?]域名白名单(whitelist):${fwd_dns:-默认}"
143+ }
144+
145+ subscribe_list=""
146+ for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
147+ host=$(host_from_url "$(config_n_get ${item} url)")
148+ subscribe_list="${subscribe_list}\n${host}"
149+ done
150+ [ -n "$subscribe_list" ] && {
151+ if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
152+ #如果没有开启通过代理订阅
146153 fwd_dns="${LOCAL_DNS}"
147- #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
148- cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_dnsmasq_items "whitelist,whitelist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/11-direct_host.conf"
149- echolog " - [$?]域名白名单(whitelist):${fwd_dns:-默认}"
150- }
151-
152- subscribe_list=""
153- for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
154- host=$(host_from_url "$(config_n_get ${item} url)")
155- subscribe_list="${subscribe_list}\n${host}"
156- done
157- [ -n "$subscribe_list" ] && {
158- if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
159- #如果没有开启通过代理订阅
160- fwd_dns="${LOCAL_DNS}"
161- echo -e "$subscribe_list" | sort -u | gen_dnsmasq_items "whitelist,whitelist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/12-subscribe.conf"
162- echolog " - [$?]节点订阅域名(whitelist):${fwd_dns:-默认}"
163- else
164- #如果开启了通过代理订阅
165- fwd_dns="${TUN_DNS}"
166- #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
167- echo -e "$subscribe_list" | sort -u | gen_dnsmasq_items "blacklist,blacklist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/91-subscribe.conf"
168- echolog " - [$?]节点订阅域名(blacklist):${fwd_dns:-默认}"
169- fi
170- }
171-
172- #始终使用远程DNS解析代理(黑名单)列表
173- [ -s "${RULES_PATH}/proxy_host" ] && {
154+ echo -e "$subscribe_list" | sort -u | gen_items ipsets="whitelist,whitelist6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/12-subscribe.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
155+ echolog " - [$?]节点订阅域名(whitelist):${fwd_dns:-默认}"
156+ else
157+ #如果开启了通过代理订阅
158+ fwd_dns="${TUN_DNS}"
174159 local ipset_flag="blacklist,blacklist6"
175- if [ "${NO_PROXYLIST_IPV6}" = "1" ]; then
160+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
176161 ipset_flag="blacklist"
177- cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_dnsmasq_address_items "::" "${TMP_DNSMASQ_PATH}/97-proxy_host-noipv6.conf"
162+ echo -e "$subscribe_list" | sort -u | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/91-subscribe-noipv6.conf"
178163 fi
179-
180- fwd_dns="${TUN_DNS}"
181- #[ -n "$CHINADNS_DNS" ] && unset fwd_dns
182- cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_dnsmasq_items "${ipset_flag}" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/97-proxy_host.conf"
183- echolog " - [$?]代理域名表(blacklist):${fwd_dns:-默认}"
184- }
164+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
165+ echo -e "$subscribe_list" | sort -u | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/91-subscribe.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
166+ echolog " - [$?]节点订阅域名(blacklist):${fwd_dns:-默认}"
167+ fi
168+ }
169+
170+ #始终使用远程DNS解析代理(黑名单)列表
171+ [ -s "${RULES_PATH}/proxy_host" ] && {
172+ local ipset_flag="blacklist,blacklist6"
173+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
174+ ipset_flag="blacklist"
175+ cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/97-proxy_host-noipv6.conf"
176+ fi
177+ fwd_dns="${TUN_DNS}"
178+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
179+ cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/97-proxy_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
180+ echolog " - [$?]代理域名表(blacklist):${fwd_dns:-默认}"
181+ }
185182
186- #分流规则
187- [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
188- fwd_dns="${TUN_DNS}"
189- local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
190- local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
191- for shunt_id in $shunt_ids; do
192- local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
193- [ "$shunt_node_id" = "nil" ] && continue
194- [ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
195- [ "$shunt_node_id" = "_blackhole" ] && continue
196- local str=$(echo -n $(config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u) | sed "s/ /|/g")
197- [ -n "$str" ] && count_hosts_str="${count_hosts_str}|${str}"
198- [ "$shunt_node_id" = "_direct" ] && {
199- [ -n "$str" ] && echo $str | sed "s/|/\n/g" | gen_dnsmasq_items "whitelist,whitelist6" "${LOCAL_DNS}" "${TMP_DNSMASQ_PATH}/13-shunt_host.conf"
200- continue
201- }
202- local shunt_node=$(config_n_get $shunt_node_id address nil)
203- [ "$shunt_node" = "nil" ] && continue
204- [ -n "$str" ] && echo $str | sed "s/|/\n/g" | gen_dnsmasq_items "shuntlist,shuntlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/98-shunt_host.conf"
205- done
206- echolog " - [$?]V2ray/Xray分流规则(shuntlist):${fwd_dns:-默认}"
207- }
208-
209- [ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
210- [ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
211- [ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}|${direct_hosts_str}"
212- [ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}|${proxy_hosts_str}"
183+ #分流规则
184+ [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
185+ fwd_dns="${TUN_DNS}"
186+ msg_dns="${fwd_dns}"
187+ local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
188+ local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
189+ for shunt_id in $shunt_ids; do
190+ local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
191+ [ "$shunt_node_id" = "nil" ] && continue
192+ [ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
193+ [ "$shunt_node_id" = "_blackhole" ] && continue
194+ local str=$(echo -n $(config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u) | sed "s/ /|/g")
195+ [ -n "$str" ] && count_hosts_str="${count_hosts_str}|${str}"
196+ [ "$shunt_node_id" = "_direct" ] && {
197+ [ -n "$str" ] && echo $str | sed "s/|/\n/g" | gen_items ipsets="whitelist,whitelist6" "${LOCAL_DNS}" "${TMP_DNSMASQ_PATH}/13-shunt_host.conf"
198+ msg_dns="${LOCAL_DNS}"
199+ continue
200+ }
201+ local shunt_node=$(config_n_get $shunt_node_id address nil)
202+ [ "$shunt_node" = "nil" ] && continue
213203
214- #如果没有使用回国模式
215- if [ -z "${returnhome}" ]; then
216- # GFW 模式
217- [ -s "${RULES_PATH}/gfwlist" ] && {
218- grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
219-
220- local ipset_flag="gfwlist,gfwlist6"
221- if [ "${NO_GFWLIST_IPV6}" = "1" ]; then
222- ipset_flag="gfwlist"
223- sort -u "${TMP_PATH}/gfwlist" | gen_dnsmasq_address_items "::" "${TMP_DNSMASQ_PATH}/99-gfwlist-noipv6.conf"
204+ [ -n "$str" ] && {
205+ local ipset_flag="shuntlist,shuntlist6"
206+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
207+ ipset_flag="shuntlist"
208+ echo $str | sed "s/|/\n/g" | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/98-shunt_host-noipv6.conf"
224209 fi
225-
226- fwd_dns="${TUN_DNS}"
227- [ -n "$CHINADNS_DNS" ] && unset fwd_dns
228- sort -u "${TMP_PATH}/gfwlist" | gen_dnsmasq_items "${ipset_flag}" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-gfwlist.conf"
229- echolog " - [$?]防火墙域名表(gfwlist):${fwd_dns:-默认}"
230- rm -f "${TMP_PATH}/gfwlist"
210+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
211+ echo $str | sed "s/|/\n/g" | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/98-shunt_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
212+ msg_dns="${fwd_dns}"
231213 }
214+ done
215+ echolog " - [$?]V2ray/Xray分流规则(shuntlist):${msg_dns:-默认}"
216+ }
217+
218+ [ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
219+ [ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
220+ [ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}|${direct_hosts_str}"
221+ [ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}|${proxy_hosts_str}"
222+
223+ #如果没有使用回国模式
224+ if [ -z "${returnhome}" ]; then
225+ # GFW 模式
226+ [ -s "${RULES_PATH}/gfwlist" ] && {
227+ grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
232228
233- # 中国列表以外 模式
234- [ -n "${CHINADNS_DNS}" ] && {
235- fwd_dns="${LOCAL_DNS}"
236- [ -n "$CHINADNS_DNS" ] && unset fwd_dns
237- [ -s "${RULES_PATH}/chnlist" ] && {
238- grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" | gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/19-chinalist_host.conf"
239- echolog " - [$?]中国域名表(chnroute):${fwd_dns:-默认}"
240- }
241- }
242- else
243- #回国模式
229+ local ipset_flag="gfwlist,gfwlist6"
230+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
231+ ipset_flag="gfwlist"
232+ sort -u "${TMP_PATH}/gfwlist" | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/99-gfwlist-noipv6.conf"
233+ fi
234+ fwd_dns="${TUN_DNS}"
235+ [ -n "$CHINADNS_DNS" ] && unset fwd_dns
236+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
237+ sort -u "${TMP_PATH}/gfwlist" | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/99-gfwlist.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
238+ echolog " - [$?]防火墙域名表(gfwlist):${fwd_dns:-默认}"
239+ rm -f "${TMP_PATH}/gfwlist"
240+ }
241+
242+ # 中国列表以外 模式
243+ [ -n "${CHINADNS_DNS}" ] && {
244+ fwd_dns="${LOCAL_DNS}"
245+ [ -n "$CHINADNS_DNS" ] && unset fwd_dns
244246 [ -s "${RULES_PATH}/chnlist" ] && {
245- grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
246- fwd_dns="${TUN_DNS}"
247- sort -u "${TMP_PATH}/chnlist" | gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-chinalist_host.conf"
247+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" | gen_items ipsets="chnroute,chnroute6" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/19-chinalist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
248248 echolog " - [$?]中国域名表(chnroute):${fwd_dns:-默认}"
249- rm -f "${TMP_PATH}/chnlist"
250249 }
251- fi
252-
253- ipset_merge ${TMP_DNSMASQ_PATH}
250+ }
251+ else
252+ #回国模式
253+ [ -s "${RULES_PATH}/chnlist" ] && {
254+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
255+
256+ local ipset_flag="chnroute,chnroute6"
257+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
258+ ipset_flag="chnroute"
259+ sort -u "${TMP_PATH}/chnlist" | gen_address_items address="::" outf="${TMP_DNSMASQ_PATH}/99-chinalist_host-noipv6.conf"
260+ fi
261+ fwd_dns="${TUN_DNS}"
262+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
263+ sort -u "${TMP_PATH}/chnlist" | gen_items ipsets="${ipset_flag}" dnss="${fwd_dns}" outf="${TMP_DNSMASQ_PATH}/99-chinalist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
264+ echolog " - [$?]中国域名表(chnroute):${fwd_dns:-默认}"
265+ rm -f "${TMP_PATH}/chnlist"
266+ }
254267 fi
255268
269+ ipset_merge ${TMP_DNSMASQ_PATH}
270+
256271 echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE
257272 [ -n "${CHINADNS_DNS}" ] && {
258273 echo "${DEFAULT_DNS}" > $TMP_PATH/default_DNS
259274 cat <<-EOF >> $DNSMASQ_CONF_FILE
260- $(echo "${CHINADNS_DNS}" | sed 's/,/\n/g' | gen_dnsmasq_items)
275+ server=${CHINADNS_DNS}
261276 all-servers
262277 no-poll
263278 no-resolv
--- /dev/null
+++ b/applications/luci-app-passwall/root/usr/share/passwall/helper_smartdns.sh
@@ -0,0 +1,224 @@
1+#!/bin/sh
2+
3+restart() {
4+ local no_log
5+ eval_set_val $@
6+ _LOG_FILE=$LOG_FILE
7+ [ -n "$no_log" ] && LOG_FILE="/dev/null"
8+ rm -rf /tmp/smartdns.cache
9+ /etc/init.d/smartdns reload >/dev/null 2>&1
10+ /etc/init.d/dnsmasq restart >/dev/null 2>&1
11+ LOG_FILE=${_LOG_FILE}
12+}
13+
14+gen_items() {
15+ local ipsets group address speed_check_mode outf
16+ eval_set_val $@
17+
18+ awk -v ipsets="${ipsets}" -v group="${group}" -v speed_check_mode="${speed_check_mode}" -v address="${address}" -v outf="${outf}" '
19+ BEGIN {
20+ if(outf == "") outf="/dev/stdout";
21+ if(group != "") group=" -n " group;
22+ if(ipsets != "") ipsets=" -p " ipsets;
23+ if(speed_check_mode != "") speed_check_mode=" -c " speed_check_mode;
24+ if(address != "") address=" -a " address;
25+ fail=1;
26+ }
27+ ! /^$/&&!/^#/ {
28+ fail=0
29+ printf("domain-rules /%s/ %s%s%s%s\n", $0, group, ipsets, address, speed_check_mode) >>outf;
30+ }
31+ END {fflush(outf); close(outf); exit(fail);}
32+ '
33+}
34+
35+gen_address_items() {
36+ local address=${1}; shift 1
37+ local outf=${1}; shift 1
38+
39+ awk -v address="${address}" -v outf="${outf}" '
40+ BEGIN {
41+ if(outf == "") outf="/dev/stdout";
42+ setaddress=length(address)>0;
43+ fail=1;
44+ }
45+ ! /^$/&&!/^#/ {
46+ fail=0
47+ if(setaddress) printf("address /%s/%s\n", $0, address) >>outf;
48+ }
49+ END {fflush(outf); close(outf); exit(fail);}
50+ '
51+}
52+
53+add() {
54+ local fwd_dns fwd_group item servers msg
55+ local DNS_MODE SMARTDNS_CONF DNSMASQ_CONF_FILE DEFAULT_DNS LOCAL_GROUP REMOTE_GROUP REMOTE_FAKEDNS TUN_DNS TCP_NODE PROXY_MODE NO_LOGIC_LOG NO_PROXY_IPV6
56+ eval_set_val $@
57+ _LOG_FILE=$LOG_FILE
58+ [ -n "$NO_LOGIC_LOG" ] && LOG_FILE="/dev/null"
59+ global=$(echo "${PROXY_MODE}" | grep "global")
60+ returnhome=$(echo "${PROXY_MODE}" | grep "returnhome")
61+ chnlist=$(echo "${PROXY_MODE}" | grep "chnroute")
62+ gfwlist=$(echo "${PROXY_MODE}" | grep "gfwlist")
63+ touch ${SMARTDNS_CONF}
64+ count_hosts_str="!"
65+ [ -z "${REMOTE_GROUP}" ] && {
66+ REMOTE_GROUP="${CONFIG}_proxy"
67+ [ -n "${TUN_DNS}" ] && TUN_DNS="$(echo ${TUN_DNS} | sed 's/#/:/g')"
68+ echo "server ${TUN_DNS} -group ${REMOTE_GROUP} -exclude-default-group" >> ${SMARTDNS_CONF}
69+ }
70+
71+ #屏蔽列表
72+ [ -s "${RULES_PATH}/block_host" ] && {
73+ cat "${RULES_PATH}/block_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_address_items "-" "${SMARTDNS_CONF}"
74+ }
75+
76+ #始终用国内DNS解析节点域名
77+ servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
78+ hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items ipsets="#4:vpsiplist,#6:vpsiplist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
79+ echolog " - [$?]节点列表中的域名(vpsiplist)使用分组:${LOCAL_GROUP:-默认}"
80+
81+ #始终用国内DNS解析直连(白名单)列表
82+ [ -s "${RULES_PATH}/direct_host" ] && {
83+ cat "${RULES_PATH}/direct_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
84+ echolog " - [$?]域名白名单(whitelist)使用分组:${LOCAL_GROUP:-默认}"
85+ }
86+
87+ subscribe_list=""
88+ for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
89+ host=$(host_from_url "$(config_n_get ${item} url)")
90+ subscribe_list="${subscribe_list}\n${host}"
91+ done
92+ [ -n "$subscribe_list" ] && {
93+ if [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "0" ]; then
94+ #如果没有开启通过代理订阅
95+ echo -e "$subscribe_list" | sort -u | gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
96+ echolog " - [$?]节点订阅域名(whitelist)使用分组:${LOCAL_GROUP:-默认}"
97+ else
98+ #如果开启了通过代理订阅
99+ local ipset_flag="#4:blacklist,#6:blacklist6"
100+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
101+ ipset_flag="#4:blacklist"
102+ address="#6"
103+ fi
104+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
105+ echo -e "$subscribe_list" | sort -u | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
106+ echolog " - [$?]节点订阅域名(blacklist)使用分组:${REMOTE_GROUP}"
107+ fi
108+ }
109+
110+ #始终使用远程DNS解析代理(黑名单)列表
111+ [ -s "${RULES_PATH}/proxy_host" ] && {
112+ local ipset_flag="#4:blacklist,#6:blacklist6"
113+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
114+ ipset_flag="#4:blacklist"
115+ address="#6"
116+ fi
117+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
118+ cat "${RULES_PATH}/proxy_host" | tr -s '\n' | grep -v "^#" | sort -u | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
119+ echolog " - [$?]代理域名表(blacklist)使用分组:${REMOTE_GROUP}"
120+ }
121+
122+ #分流规则
123+ [ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
124+ local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
125+ local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
126+ for shunt_id in $shunt_ids; do
127+ local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
128+ [ "$shunt_node_id" = "nil" ] && continue
129+ [ "$shunt_node_id" = "_default" ] && shunt_node_id=$default_node_id
130+ [ "$shunt_node_id" = "_blackhole" ] && continue
131+ local str=$(echo -n $(config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u) | sed "s/ /|/g")
132+ [ -n "$str" ] && count_hosts_str="${count_hosts_str}|${str}"
133+ [ "$shunt_node_id" = "_direct" ] && {
134+ [ -n "$str" ] && echo $str | sed "s/|/\n/g" | gen_items ipsets="#4:whitelist,#6:whitelist6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
135+ msg_dns="${LOCAL_GROUP}"
136+ continue
137+ }
138+ local shunt_node=$(config_n_get $shunt_node_id address nil)
139+ [ "$shunt_node" = "nil" ] && continue
140+
141+ [ -n "$str" ] && {
142+ local ipset_flag="#4:shuntlist,#6:shuntlist6"
143+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
144+ ipset_flag="#4:shuntlist"
145+ address="#6"
146+ fi
147+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
148+ echo $str | sed "s/|/\n/g" | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
149+ msg_dns="${REMOTE_GROUP}"
150+ }
151+ done
152+ echolog " - [$?]V2ray/Xray分流规则(shuntlist):${msg_dns:-默认}"
153+ }
154+
155+ [ -s "${RULES_PATH}/direct_host" ] && direct_hosts_str="$(echo -n $(cat ${RULES_PATH}/direct_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
156+ [ -s "${RULES_PATH}/proxy_host" ] && proxy_hosts_str="$(echo -n $(cat ${RULES_PATH}/proxy_host | tr -s '\n' | grep -v "^#" | sort -u) | sed "s/ /|/g")"
157+ [ -n "$direct_hosts_str" ] && count_hosts_str="${count_hosts_str}|${direct_hosts_str}"
158+ [ -n "$proxy_hosts_str" ] && count_hosts_str="${count_hosts_str}|${proxy_hosts_str}"
159+
160+ #如果没有使用回国模式
161+ if [ -z "${returnhome}" ]; then
162+ # GFW 模式
163+ [ -s "${RULES_PATH}/gfwlist" ] && {
164+ grep -v -E "$count_hosts_str" "${RULES_PATH}/gfwlist" > "${TMP_PATH}/gfwlist"
165+
166+ local ipset_flag="#4:gfwlist,#6:gfwlist6"
167+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
168+ ipset_flag="#4:gfwlist"
169+ address="#6"
170+ fi
171+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
172+ sort -u "${TMP_PATH}/gfwlist" | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
173+ echolog " - [$?]防火墙域名表(gfwlist)使用分组:${REMOTE_GROUP}"
174+ rm -f "${TMP_PATH}/gfwlist"
175+ }
176+
177+ # 中国列表以外 模式
178+ [ -s "${RULES_PATH}/chnlist" ] && [ -n "${chnlist}" ] && {
179+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" | gen_items ipsets="#4:chnroute,#6:chnroute6" group="${LOCAL_GROUP}" outf="${SMARTDNS_CONF}"
180+ echolog " - [$?]中国域名表(chnroute)使用分组:${LOCAL_GROUP:-默认}"
181+ }
182+ else
183+ #回国模式
184+ [ -s "${RULES_PATH}/chnlist" ] && {
185+ grep -v -E "$count_hosts_str" "${RULES_PATH}/chnlist" > "${TMP_PATH}/chnlist"
186+
187+ local ipset_flag="#4:chnroute,#6:chnroute6"
188+ if [ "${NO_PROXY_IPV6}" = "1" ]; then
189+ ipset_flag="#4:chnroute"
190+ address="#6"
191+ fi
192+ [ -n "${REMOTE_FAKEDNS}" ] && unset ipset_flag
193+ sort -u "${TMP_PATH}/chnlist" | gen_items ipsets="${ipset_flag}" group="${REMOTE_GROUP}" address="${address}" speed_check_mode="none" outf="${SMARTDNS_CONF}"
194+ echolog " - [$?]中国域名表(chnroute)使用分组:${REMOTE_GROUP}"
195+ rm -f "${TMP_PATH}/chnlist"
196+ }
197+ fi
198+
199+ echo "conf-file ${SMARTDNS_CONF}" >> /etc/smartdns/custom.conf
200+ echolog " - 请让SmartDNS作为Dnsmasq的上游或重定向!"
201+ LOG_FILE=${_LOG_FILE}
202+}
203+
204+del() {
205+ rm -rf /tmp/etc/smartdns/passwall.conf
206+ sed -i "/passwall/d" /etc/smartdns/custom.conf >/dev/null 2>&1
207+ rm -rf /tmp/smartdns.cache
208+ /etc/init.d/smartdns reload
209+}
210+
211+arg1=$1
212+shift
213+case $arg1 in
214+add)
215+ add $@
216+ ;;
217+del)
218+ del $@
219+ ;;
220+restart)
221+ restart $@
222+ ;;
223+*) ;;
224+esac
--- a/applications/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/applications/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -233,7 +233,7 @@ load_acl() {
233233 d_server=127.0.0.1
234234 [ "$tcp_proxy_mode" = "global" ] && d_server=${d_server}#${_dns_port}
235235 echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
236- source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_GFWLIST_IPV6=${filter_gfwlist_ipv6} NO_PROXYLIST_IPV6=${filter_proxylist_ipv6}
236+ source $APP_PATH/helper_${DNS_N}.sh add DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
237237 ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
238238 eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
239239 }
--- a/applications/luci-app-unblockneteasemusic/root/etc/init.d/unblockneteasemusic
+++ b/applications/luci-app-unblockneteasemusic/root/etc/init.d/unblockneteasemusic
@@ -112,6 +112,7 @@ start_service()
112112 "lower_than_999kbps") procd_append_param env MIN_BR="600000" ;;
113113 "replace_all") procd_append_param env MIN_BR="9999999" ;;
114114 esac
115+ procd_append_param env JSON_LOG="true"
115116
116117 procd_set_param stdout 1
117118 procd_set_param stderr 1
Afficher sur ancien navigateur de dépôt.