luci-app-passwall: sync with upstream source

Co-authored-by: xiaorouji <60100640+xiaorouji@users.noreply.github.com>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This commit is contained in:
ShanStone 2021-02-16 14:33:44 +08:00 committed by CN_SZTL
parent 70557e367e
commit 6c6f6049eb
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
5 changed files with 77 additions and 31 deletions

View File

@ -198,6 +198,7 @@ o:depends("up_china_dns", "xray_doh")
o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode")) o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
o.rmempty = false o.rmempty = false
o:reset_values() o:reset_values()
o:value("fake_ip", translatef("Fake IP"))
if api.is_finded("pdnsd") then if api.is_finded("pdnsd") then
o:value("pdnsd", "pdnsd " .. translatef("Requery DNS By %s", translate("TCP Node"))) o:value("pdnsd", "pdnsd " .. translatef("Requery DNS By %s", translate("TCP Node")))
end end

View File

@ -211,6 +211,26 @@ gen_dnsmasq_items() {
' '
} }
gen_dnsmasq_fake_items() {
local fwd_dns="1.2.3.4"
local outf=${1}; shift 1
awk -v fwd_dns="${fwd_dns}" -v outf="${outf}" '
BEGIN {
if(outf == "") outf="/dev/stdout";
split(fwd_dns, dns, ","); setdns=length(dns)>0;
if(setdns) for(i in dns) if(length(dns[i])==0) delete dns[i];
fail=1;
}
! /^$/&&!/^#/ {
fail=0
if(! setdns) {printf("address=%s\n", $0) >>outf; next;}
if(setdns) for(i in dns) printf("address=/.%s/%s\n", $0, dns[i]) >>outf;
}
END {fflush(outf); close(outf); exit(fail);}
'
}
check_port_exists() { check_port_exists() {
port=$1 port=$1
protocol=$2 protocol=$2
@ -841,14 +861,18 @@ start_dns() {
TUN_DNS=${DNS_FORWARD} TUN_DNS=${DNS_FORWARD}
echolog " - 域名解析直接使用UDP节点请求DNS$TUN_DNS" echolog " - 域名解析直接使用UDP节点请求DNS$TUN_DNS"
;; ;;
fake_ip)
TUN_DNS="1.2.3.4"
echolog " - 域名解析使用FakeIP方案..."
;;
custom) custom)
custom_dns=$(config_t_get global custom_dns) custom_dns=$(config_t_get global custom_dns)
TUN_DNS="$(echo ${custom_dns} | sed 's/:/#/g')" TUN_DNS="$(echo ${custom_dns} | sed 's/:/#/g')"
echolog " - 域名解析直接使用UDP协议自定义DNS$TUN_DNS)解析..." echolog " - 域名解析:使用UDP协议自定义DNS$TUN_DNS)解析..."
;; ;;
esac esac
[ -n "$chnlist" ] && [ "$DNS_MODE" != "custom" ] && { [ -n "$chnlist" ] && [ "$DNS_MODE" != "custom" ] && [ "$DNS_MODE" != "fake_ip" ] && {
[ -f "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${TMP_PATH}/chnlist" [ -f "${RULES_PATH}/chnlist" ] && cp -a "${RULES_PATH}/chnlist" "${TMP_PATH}/chnlist"
[ -n "$(first_type chinadns-ng)" ] && { [ -n "$(first_type chinadns-ng)" ] && {
echolog "发现ChinaDNS-NG将启动。" echolog "发现ChinaDNS-NG将启动。"
@ -909,31 +933,38 @@ add_dnsmasq() {
#始终用国内DNS解析节点域名 #始终用国内DNS解析节点域名
fwd_dns="${LOCAL_DNS}" fwd_dns="${LOCAL_DNS}"
servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2) servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
hosts_foreach "servers" host_from_url | grep -v "google.c" | grep '[a-zA-Z]$' | sort -u | gen_dnsmasq_items "vpsiplist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/00-vpsiplist_host.conf" hosts_foreach "servers" host_from_url | grep -v "google.c" | grep '[a-zA-Z]$' | sort -u | gen_dnsmasq_items "vpsiplist,vpsiplist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/00-vpsiplist_host.conf"
echolog " - [$?]节点列表中的域名(vpsiplist)${fwd_dns:-默认}" echolog " - [$?]节点列表中的域名(vpsiplist)${fwd_dns:-默认}"
#始终用国内DNS解析直连白名单列表 #始终用国内DNS解析直连白名单列表
fwd_dns="${LOCAL_DNS}" fwd_dns="${LOCAL_DNS}"
[ -n "$CHINADNS_NG" ] && unset fwd_dns [ -n "$CHINADNS_NG" ] && unset fwd_dns
sort -u "${RULES_PATH}/direct_host" | gen_dnsmasq_items "whitelist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/01-direct_host.conf" sort -u "${RULES_PATH}/direct_host" | gen_dnsmasq_items "whitelist,whitelist_6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/01-direct_host.conf"
echolog " - [$?]域名白名单(whitelist)${fwd_dns:-默认}" echolog " - [$?]域名白名单(whitelist)${fwd_dns:-默认}"
#始终使用远程DNS解析代理黑名单列表 #始终使用远程DNS解析代理黑名单列表
if [ "${DNS_MODE}" = "fake_ip" ]; then
sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_fake_items "${TMP_DNSMASQ_PATH}/99-proxy_host.conf"
else
fwd_dns="${TUN_DNS}" fwd_dns="${TUN_DNS}"
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}" [ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
[ -n "$CHINADNS_NG" ] && unset fwd_dns [ -n "$CHINADNS_NG" ] && unset fwd_dns
sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_items "blacklist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-proxy_host.conf" sort -u "${RULES_PATH}/proxy_host" | gen_dnsmasq_items "blacklist,blacklist_6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-proxy_host.conf"
echolog " - [$?]代理域名表(blacklist)${fwd_dns:-默认}" echolog " - [$?]代理域名表(blacklist)${fwd_dns:-默认}"
fi
#如果开启了通过代理订阅 #如果开启了通过代理订阅
[ "$(config_t_get global_subscribe subscribe_proxy 0)" = "1" ] && { [ "$(config_t_get global_subscribe subscribe_proxy 0)" = "1" ] && {
fwd_dns="${TUN_DNS}" fwd_dns="${TUN_DNS}"
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}" [ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
items=$(get_enabled_anonymous_secs "@subscribe_list") for item in $(get_enabled_anonymous_secs "@subscribe_list"); do
for item in ${items}; do if [ "${DNS_MODE}" = "fake_ip" ]; then
host_from_url "$(config_n_get ${item} url)" | gen_dnsmasq_items "blacklist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-subscribe.conf" host_from_url "$(config_n_get ${item} url)" | gen_dnsmasq_fake_items "${TMP_DNSMASQ_PATH}/99-subscribe.conf"
else
host_from_url "$(config_n_get ${item} url)" | gen_dnsmasq_items "blacklist,blacklist_6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/99-subscribe.conf"
fi
done done
echolog " - [$?]节点订阅域名(blacklist)${fwd_dns:-默认}" [ "${DNS_MODE}" != "fake_ip" ] && echolog " - [$?]节点订阅域名(blacklist)${fwd_dns:-默认}"
} }
#分流规则 #分流规则
@ -948,27 +979,38 @@ add_dnsmasq() {
fi fi
local shunt_node=$(config_n_get $shunt_node_id address nil) local shunt_node=$(config_n_get $shunt_node_id address nil)
[ "$shunt_node" = "nil" ] && continue [ "$shunt_node" = "nil" ] && continue
config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/998-shunt_host.conf" if [ "${DNS_MODE}" = "fake_ip" ]; then
config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u | gen_dnsmasq_fake_items "${TMP_DNSMASQ_PATH}/998-shunt_host.conf"
else
config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u | gen_dnsmasq_items "shuntlist,shuntlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/998-shunt_host.conf"
fi
done done
echolog " - [$?]Xray分流规则(shuntlist)${fwd_dns:-默认}" [ "${DNS_MODE}" != "fake_ip" ] && echolog " - [$?]Xray分流规则(shuntlist)${fwd_dns:-默认}"
} }
#如果没有使用回国模式 #如果没有使用回国模式
if [ -z "${returnhome}" ]; then if [ -z "${returnhome}" ]; then
[ ! -f "${TMP_PATH}/gfwlist.txt" ] && sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt"
if [ "${DNS_MODE}" = "fake_ip" ]; then
sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_fake_items "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
else
fwd_dns="${TUN_DNS}" fwd_dns="${TUN_DNS}"
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}" [ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
[ -n "$CHINADNS_NG" ] && unset fwd_dns [ -n "$CHINADNS_NG" ] && unset fwd_dns
[ ! -f "${TMP_PATH}/gfwlist.txt" ] && sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt"
#sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf" sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
echolog " - [$?]防火墙域名表(gfwlist)${fwd_dns:-默认}" echolog " - [$?]防火墙域名表(gfwlist)${fwd_dns:-默认}"
fi
else else
#回国模式 #回国模式
if [ "${DNS_MODE}" = "fake_ip" ]; then
sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_fake_items "${TMP_DNSMASQ_PATH}/02-chinalist_host.conf"
else
fwd_dns="${TUN_DNS}" fwd_dns="${TUN_DNS}"
sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_items "chnroute" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/02-chinalist_host.conf" sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_items "chnroute,chnroute6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/02-chinalist_host.conf"
echolog " - [$?]中国域名表(chnroute)${fwd_dns:-默认}" echolog " - [$?]中国域名表(chnroute)${fwd_dns:-默认}"
fi fi
fi fi
fi
if [ "${DNS_MODE}" != "nouse" ]; then if [ "${DNS_MODE}" != "nouse" ]; then
echo "conf-dir=${TMP_DNSMASQ_PATH}" > "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf" echo "conf-dir=${TMP_DNSMASQ_PATH}" > "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf"

View File

@ -476,7 +476,7 @@ add_firewall_rule() {
done done
for shunt_id in $shunt_ids; do for shunt_id in $shunt_ids; do
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
done done
cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
@ -486,10 +486,10 @@ add_firewall_rule() {
cat $RULES_PATH/direct_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/direct_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute6 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/chnroute6 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/proxy_ip | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R [ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R [ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/direct_ip | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
ipset -! -R <<-EOF ipset -! -R <<-EOF
$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /") $(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
@ -534,7 +534,7 @@ add_firewall_rule() {
done done
} }
local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u ) local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u )
[ -n "$ISP_DNS" ] && { [ -n "$ISP_DNS" ] && {
#echolog "处理 ISP IPv6 DNS 例外..." #echolog "处理 ISP IPv6 DNS 例外..."
for ispip6 in $ISP_DNS; do for ispip6 in $ISP_DNS; do
@ -638,6 +638,7 @@ add_firewall_rule() {
} }
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53 [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT $ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
$ipt_tmp -I PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && { [ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
@ -730,6 +731,7 @@ add_firewall_rule() {
} }
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53 [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT $ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
$ipt_m -I PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK)
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN

View File

@ -65,7 +65,7 @@ do
#dns #dns
dns_mode=$(config_t_get global dns_mode) dns_mode=$(config_t_get global dns_mode)
if [ "$dns_mode" != "nonuse" ] && [ "$dns_mode" != "custom" ]; then if [ "$dns_mode" != "nonuse" ] && [ "$dns_mode" != "custom" ] && [ "$dns_mode" != "fake_ip" ]; then
icount=$(netstat -apn | grep 7913 | wc -l) icount=$(netstat -apn | grep 7913 | wc -l)
if [ $icount = 0 ]; then if [ $icount = 0 ]; then
/etc/init.d/$CONFIG restart /etc/init.d/$CONFIG restart

View File

@ -195,6 +195,7 @@ local function fetch_chnlist()
end end
else else
sret = 0 sret = 0
log("chnlist 第"..k.."条规则:"..v.."下载失败!")
end end
os.remove("/tmp/chnlist_dl"..k) os.remove("/tmp/chnlist_dl"..k)
end end