luci-app-passwall: bump to 3.9-33

2025-01-10 03:09:08 +08:00 · 2020-08-10 16:36:26 +08:00 · 2020-08-10 16:36:26 +08:00 · d7f277288f
commit d7f277288f
parent cf95b02ed2
14 changed files with 409 additions and 305 deletions
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=3.9
-PKG_RELEASE:=31
-PKG_DATE:=20200807
+PKG_RELEASE:=33
+PKG_DATE:=20200810

 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua
@ -114,8 +114,8 @@ o:value("default", translate("Default"))
 o:value("disable", translate("No Proxy"))
 o:value("global", translate("Global Proxy"))
 o:value("gfwlist", translate("GFW List"))
-o:value("chnroute", translate("China WhiteList"))
-o:value("returnhome", translate("Return Home"))
+o:value("chnroute", translate("Not China List"))
+o:value("returnhome", translate("China List"))

 ---- UDP Proxy Mode
 o = s:option(ListValue, "udp_proxy_mode", "UDP" .. translate("Proxy Mode"))
@ -125,8 +125,8 @@ o:value("default", translate("Default"))
 o:value("disable", translate("No Proxy"))
 o:value("global", translate("Global Proxy"))
 o:value("gfwlist", translate("GFW List"))
-o:value("chnroute", translate("Game Mode") .. "（" .. translate("China WhiteList") .. "）")
-o:value("returnhome", translate("Return Home"))
+o:value("chnroute", translate("Game Mode") .. "（" .. translate("Not China List") .. "）")
+o:value("returnhome", translate("China List"))

 ---- TCP No Redir Ports
 o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua
@ -12,20 +12,19 @@ local config = {
    local_address = "0.0.0.0",
    local_port = tonumber(local_port),
    password = node.password,
+    method = node.method,
    timeout = tonumber(node.timeout),
    fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false,
    reuse_port = true
 }

 if node.type == "SS" then
-    config.method = node.ss_encrypt_method
-    if node.ss_plugin and node.ss_plugin ~= "none" then
-        config.plugin = node.ss_plugin
-        config.plugin_opts = node.ss_plugin_opts or nil
+    if node.plugin and node.plugin ~= "none" then
+        config.plugin = node.plugin
+        config.plugin_opts = node.plugin_opts or nil
    end
 elseif node.type == "SSR" then
-    config.method = node.ssr_encrypt_method
-    config.protocol = node.ssr_protocol
+    config.protocol = node.protocol
    config.protocol_param = node.protocol_param
    config.obfs = node.obfs
    config.obfs_param = node.obfs_param
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
@ -114,9 +114,9 @@ local function gen_outbound(node, tag)
                    {
                        address = node.address,
                        port = tonumber(node.port),
-                        method = node.v_ss_encrypt_method or nil,
+                        method = node.method or nil,
                        password = node.password or "",
-                        ota = node.ss_ota == '1' and true or false,
+                        ota = node.ota == '1' and true or false,
                        users = (node.username and node.password) and
                            {{user = node.username, pass = node.password}} or nil
                    }
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua
@ -57,14 +57,13 @@ else
    m:append(Template(appname .. "/global/status2"))
 end

-- [[ Global Settings ]]--
 s = m:section(TypedSection, "global")
 s.anonymous = true
 s.addremove = false

-s:tab("Main", translate("Main Settings"))
+s:tab("Main", translate("Main"))

---- Main switch
+-- [[ Global Settings ]]--
 o = s:taboption("Main", Flag, "enabled", translate("Main switch"))
 o.rmempty = false

@ -73,7 +72,7 @@ local tcp_node_num = tonumber(m:get("@global_other[0]", "tcp_node_num") or 1)
 for i = 1, tcp_node_num, 1 do
    if i == 1 then
        o = s:taboption("Main", ListValue, "tcp_node" .. i, translate("TCP Node"))
-        -- o.description = translate("For used to surf the Internet.")
+        o.description = translate("For proxy specific list.")
    else
        o = s:taboption("Main", ListValue, "tcp_node" .. i,
                     translate("TCP Node") .. " " .. i)
@ -87,7 +86,7 @@ local udp_node_num = tonumber(m:get("@global_other[0]", "udp_node_num") or 1)
 for i = 1, udp_node_num, 1 do
    if i == 1 then
        o = s:taboption("Main", ListValue, "udp_node" .. i, translate("UDP Node"))
-        -- o.description = translate("For Game Mode or DNS resolution and more.") .. translate("The selected server will not use Kcptun.")
+        o.description = translate("For proxy game network, DNS hijack etc.") .. translate(" The selected server will not use Kcptun.")
        o:value("nil", translate("Close"))
        o:value("tcp", translate("Same as the tcp node"))
        o:value("tcp_", translate("Same as the tcp node") .. "（" .. translate("New process") .. "）")
@ -99,13 +98,12 @@ for i = 1, udp_node_num, 1 do
    for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end
 end

-s:tab("DNS", translate("DNS Settings"))
+s:tab("DNS", translate("DNS"))

-o = s:taboption("DNS", Value, "up_china_dns", translate("China DNS Server") .. "(UDP)")
-- o.description = translate("If you want to work with other DNS acceleration services, use the default.<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.")
+o = s:taboption("DNS", Value, "up_china_dns", translate("Resolver For Local/WhiteList Domains") .. "(UDP)")
+o.description = translate("Forced to local filter mode on 'Not China List' mode<br />IP:Port mode acceptable, multi value split with english comma.")
 o.default = "default"
 o:value("default", translate("Default"))
-o:value("dnsbyisp", translate("dnsbyisp"))
 o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)")
 o:value("223.6.6.6", "223.6.6.6 (" .. translate("Ali") .. "DNS)")
 o:value("114.114.114.114", "114.114.114.114 (114DNS)")
@ -117,8 +115,7 @@ o:value("210.2.4.8", "210.2.4.8 (CNNIC DNS)")
 o:value("180.76.76.76", "180.76.76.76 (" .. translate("Baidu") .. "DNS)")

 ---- DNS Forward Mode
-o = s:taboption("DNS", Value, "dns_mode", translate("DNS Mode"))
-- o.description = translate("if has problem, please try another mode.<br />if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq.")
+o = s:taboption("DNS", Value, "dns_mode", translate("Filter Mode"))
 o.rmempty = false
 o:reset_values()
 if api.is_finded("chinadns-ng") then
@ -130,43 +127,45 @@ end
 if api.is_finded("dns2socks") then
    o:value("dns2socks", "dns2socks")
 end
-o:value("nonuse", translate("No patterns are used"))
+o:value("nonuse", translate("No Filter"))

---- Upstream trust DNS Server for ChinaDNS-NG
-o = s:taboption("DNS", ListValue, "up_trust_chinadns_ng_dns",
-             translate("Upstream trust DNS Server for ChinaDNS-NG") .. "(UDP)")
+o = s:taboption("DNS", ListValue, "up_trust_pdnsd_dns", translate("Resolver For The List Proxied"))
 -- o.description = translate("You can use other resolving DNS services as trusted DNS, Example: dns2socks, dns-forwarder... 127.0.0.1#5353<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.")
-o.default = "pdnsd"
+o.default = ""
 if api.is_finded("pdnsd") then
-    o:value("pdnsd", "pdnsd + " .. translate("Use TCP Node Resolve DNS"))
+    o:value("", "pdnsd + " .. translate("Access Filtered DNS By ") .. translate("TCP Node"))
 end
+o:value("udp", translate("Access Filtered DNS By ") .. translate("UDP Node"))
+if api.is_finded("dns2socks") then
+    o:value("dns2socks", "dns2socks")
+end
+o:depends("dns_mode", "pdnsd")
+
+o = s:taboption("DNS", ListValue, "up_trust_chinadns_ng_dns", translate("Resolver For The List Proxied") .. "(UDP)")
+o.default = "pdnsd"
+if api.is_finded("pdnsd") then
+    o:value("pdnsd", "pdnsd, " .. translate("Access Filtered DNS By ") .. translate("TCP Node"))
+end
+o:value("udp", translate("Access Filtered DNS By ") .. translate("UDP Node"))
 if api.is_finded("dns2socks") then
    o:value("dns2socks", "dns2socks")
 end
-o:value("udp", translate("Use UDP Node Resolve DNS"))
 o:depends("dns_mode", "chinadns-ng")

---- Use TCP Node Resolve DNS
--[[ if api.is_finded("pdnsd") then
-    o = s:taboption("DNS", Flag, "use_tcp_node_resolve_dns", translate("Use TCP Node Resolve DNS"))
-    o.description = translate("If checked, DNS is resolved using the TCP node.")
-    o.default = 1
-    o:depends("dns_mode", "pdnsd")
-end
--]]
-
-o = s:taboption("DNS", Value, "socks_server", translate("Socks Server"))
+---- Upstream trust DNS Mode for ChinaDNS-NG
+o = s:taboption("DNS", Value, "socks_server", translate("Socks Server"), translate("Make sure socks service is available on this address if 'dns2socks' selected."))
 o.default = ""
+for k, v in pairs(socks_table) do o:value(v.id, v.remarks) end
 o:depends({dns_mode = "dns2socks"})
 o:depends({dns_mode = "chinadns-ng", up_trust_chinadns_ng_dns = "dns2socks"})
-for k, v in pairs(socks_table) do o:value(v.id, v.remarks) end
+o:depends({dns_mode = "pdnsd", up_trust_pdnsd_dns = "dns2socks"})

-o = s:taboption("DNS", Flag, "fair_mode", translate("Fair Mode"))
+o = s:taboption("DNS", Flag, "fair_mode", translate("ChinaDNS-NG Fair Mode"))
 o.default = "1"
 o:depends({dns_mode = "chinadns-ng"})

 ---- DNS Forward
-o = s:taboption("DNS", Value, "dns_forward", translate("DNS Address"))
+o = s:taboption("DNS", Value, "dns_forward", translate("Filtered DNS(For Proxied Domains)"), translate("IP:Port mode acceptable, the 1st for 'dns2socks' if split with english comma."))
 o.default = "8.8.4.4"
 o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
 o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
@ -176,56 +175,52 @@ o:depends({dns_mode = "chinadns-ng"})
 o:depends({dns_mode = "dns2socks"})
 o:depends({dns_mode = "pdnsd"})

-o = s:taboption("DNS", Flag, "dns_cache", translate("DNS Cache"))
+o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
 o.default = "1"
 o:depends({dns_mode = "chinadns-ng", up_trust_chinadns_ng_dns = "pdnsd"})
 o:depends({dns_mode = "chinadns-ng", up_trust_chinadns_ng_dns = "dns2socks"})
 o:depends({dns_mode = "dns2socks"})
 o:depends({dns_mode = "pdnsd"})

-s:tab("Mode", translate("Proxy Mode"))
+s:tab("Proxy", translate("Mode"))

 ---- TCP Default Proxy Mode
-o = s:taboption("Mode", ListValue, "tcp_proxy_mode",
-             "TCP" .. translate("Default") .. translate("Proxy Mode"))
+o = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP" .. translate("Default") .. translate("Proxy Mode"))
 -- o.description = translate("If not available, try clearing the cache.")
 o.default = "chnroute"
 o.rmempty = false
 o:value("disable", translate("No Proxy"))
 o:value("global", translate("Global Proxy"))
 o:value("gfwlist", translate("GFW List"))
-o:value("chnroute", translate("China WhiteList"))
-o:value("returnhome", translate("Return Home"))
+o:value("chnroute", translate("Not China List"))
+o:value("returnhome", translate("China List"))

 ---- UDP Default Proxy Mode
-o = s:taboption("Mode", ListValue, "udp_proxy_mode",
-             "UDP" .. translate("Default") .. translate("Proxy Mode"))
+o = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP" .. translate("Default") .. translate("Proxy Mode"))
 o.default = "chnroute"
 o.rmempty = false
 o:value("disable", translate("No Proxy"))
 o:value("global", translate("Global Proxy"))
 o:value("gfwlist", translate("GFW List"))
-o:value("chnroute", translate("Game Mode") .. "（" .. translate("China WhiteList") .. "）")
-o:value("returnhome", translate("Return Home"))
+o:value("chnroute", translate("Game Mode") .. "（" .. translate("Not China List") .. "）")
+o:value("returnhome", translate("China List"))

 ---- Localhost TCP Proxy Mode
-o = s:taboption("Mode", ListValue, "localhost_tcp_proxy_mode",
-             translate("Router Localhost") .. "TCP" .. translate("Proxy Mode"))
+o = s:taboption("Proxy", ListValue, "localhost_tcp_proxy_mode", translate("Router Localhost") .. "TCP" .. translate("Proxy Mode"))
 -- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
 o:value("default", translate("Default"))
 o:value("gfwlist", translate("GFW List"))
-o:value("chnroute", translate("China WhiteList"))
+o:value("chnroute", translate("Not China List"))
 o:value("global", translate("Global Proxy"))
 o.default = "default"
 o.rmempty = false

 ---- Localhost UDP Proxy Mode
-o = s:taboption("Mode", ListValue, "localhost_udp_proxy_mode",
-             translate("Router Localhost") .. "UDP" .. translate("Proxy Mode"))
+o = s:taboption("Proxy", ListValue, "localhost_udp_proxy_mode", translate("Router Localhost") .. "UDP" .. translate("Proxy Mode"))
 o:value("disable", translate("No Proxy"))
 o:value("default", translate("Default"))
 o:value("gfwlist", translate("GFW List"))
-o:value("chnroute", translate("Game Mode") .. "（" .. translate("China WhiteList") .. "）")
+o:value("chnroute", translate("Game Mode") .. "（" .. translate("Not China List") .. "）")
 o:value("global", translate("Global Proxy"))
 o.default = "default"
 o.rmempty = false
@ -260,7 +255,7 @@ o.datatype = "port"
 o.rmempty = false

 ---- Tips
-m:append(Template(appname .. "/global/tips"))
+--m:append(Template(appname .. "/global/tips"))

 m:append(Template(appname .. "/global/footer"))

--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
@ -86,6 +86,9 @@ if api.is_finded("brook") then
    type:value("Brook", translate("Brook"))
 end
 if api.is_finded("trojan-plus") or api.is_finded("trojan") then
+    type:value("Trojan", translate("Trojan"))
+end
+if api.is_finded("trojan-plus") then
    type:value("Trojan-Plus", translate("Trojan-Plus"))
 end
 if api.is_finded("trojan-go") then
@ -140,6 +143,12 @@ brook_protocol = s:option(ListValue, "brook_protocol", translate("Brook Protocol
 brook_protocol:value("client", translate("Brook"))
 brook_protocol:value("wsclient", translate("WebSocket"))
 brook_protocol:depends("type", "Brook")
+function brook_protocol.cfgvalue(self, section)
+	return m:get(section, "protocol")
+end
+function brook_protocol.write(self, section, value)
+	m:set(section, "protocol", value)
+end

 brook_tls = s:option(Flag, "brook_tls", translate("Use TLS"))
 brook_tls:depends("brook_protocol", "wsclient")
@ -154,6 +163,7 @@ address:depends({ type = "V2ray", protocol = "http" })
 address:depends({ type = "V2ray", protocol = "socks" })
 address:depends({ type = "V2ray", protocol = "shadowsocks" })
 address:depends("type", "Brook")
+address:depends("type", "Trojan")
 address:depends("type", "Trojan-Plus")
 address:depends("type", "Trojan-Go")

@ -168,6 +178,7 @@ use_ipv6:depends({ type = "V2ray", protocol = "http" })
 use_ipv6:depends({ type = "V2ray", protocol = "socks" })
 use_ipv6:depends({ type = "V2ray", protocol = "shadowsocks" })
 use_ipv6:depends("type", "Brook")
+use_ipv6:depends("type", "Trojan")
 use_ipv6:depends("type", "Trojan-Plus")
 use_ipv6:depends("type", "Trojan-Go")
 --]]
@ -183,6 +194,7 @@ port:depends({ type = "V2ray", protocol = "http" })
 port:depends({ type = "V2ray", protocol = "socks" })
 port:depends({ type = "V2ray", protocol = "shadowsocks" })
 port:depends("type", "Brook")
+port:depends("type", "Trojan")
 port:depends("type", "Trojan-Plus")
 port:depends("type", "Trojan-Go")

@ -197,6 +209,7 @@ password:depends("type", "Socks")
 password:depends("type", "SS")
 password:depends("type", "SSR")
 password:depends("type", "Brook")
+password:depends("type", "Trojan")
 password:depends("type", "Trojan-Plus")
 password:depends("type", "Trojan-Go")
 password:depends("protocol", "http")
@ -206,10 +219,22 @@ password:depends("protocol", "shadowsocks")
 ss_encrypt_method = s:option(ListValue, "ss_encrypt_method", translate("Encrypt Method"))
 for a, t in ipairs(ss_encrypt_method_list) do ss_encrypt_method:value(t) end
 ss_encrypt_method:depends("type", "SS")
+function ss_encrypt_method.cfgvalue(self, section)
+	return m:get(section, "method")
+end
+function ss_encrypt_method.write(self, section, value)
+	m:set(section, "method", value)
+end

 ssr_encrypt_method = s:option(ListValue, "ssr_encrypt_method", translate("Encrypt Method"))
 for a, t in ipairs(ssr_encrypt_method_list) do ssr_encrypt_method:value(t) end
 ssr_encrypt_method:depends("type", "SSR")
+function ssr_encrypt_method.cfgvalue(self, section)
+	return m:get(section, "method")
+end
+function ssr_encrypt_method.write(self, section, value)
+	m:set(section, "method", value)
+end

 security = s:option(ListValue, "security", translate("Encrypt Method"))
 for a, t in ipairs(security_list) do security:value(t) end
@ -218,14 +243,32 @@ security:depends("protocol", "vmess")
 v_ss_encrypt_method = s:option(ListValue, "v_ss_encrypt_method", translate("Encrypt Method"))
 for a, t in ipairs(v_ss_encrypt_method_list) do v_ss_encrypt_method:value(t) end
 v_ss_encrypt_method:depends("protocol", "shadowsocks")
+function v_ss_encrypt_method.cfgvalue(self, section)
+	return m:get(section, "method")
+end
+function v_ss_encrypt_method.write(self, section, value)
+	m:set(section, "method", value)
+end

 ss_ota = s:option(Flag, "ss_ota", translate("OTA"), translate("When OTA is enabled, V2Ray will reject connections that are not OTA enabled. This option is invalid when using AEAD encryption."))
 ss_ota.default = "0"
 ss_ota:depends("protocol", "shadowsocks")
+function ss_ota.cfgvalue(self, section)
+	return m:get(section, "ota")
+end
+function ss_ota.write(self, section, value)
+	m:set(section, "ota", value)
+end

 ssr_protocol = s:option(ListValue, "ssr_protocol", translate("Protocol"))
 for a, t in ipairs(ssr_protocol_list) do ssr_protocol:value(t) end
 ssr_protocol:depends("type", "SSR")
+function ssr_protocol.cfgvalue(self, section)
+	return m:get(section, "protocol")
+end
+function ssr_protocol.write(self, section, value)
+	m:set(section, "protocol", value)
+end

 protocol_param = s:option(Value, "protocol_param", translate("Protocol_param"))
 protocol_param:depends("type", "SSR")
@ -248,6 +291,7 @@ tcp_fast_open:value("false")
 tcp_fast_open:value("true")
 tcp_fast_open:depends("type", "SS")
 tcp_fast_open:depends("type", "SSR")
+tcp_fast_open:depends("type", "Trojan")
 tcp_fast_open:depends("type", "Trojan-Plus")
 tcp_fast_open:depends("type", "Trojan-Go")

@ -256,10 +300,22 @@ ss_plugin:value("none", translate("none"))
 if api.is_finded("v2ray-plugin") then ss_plugin:value("v2ray-plugin") end
 if api.is_finded("obfs-local") then ss_plugin:value("obfs-local") end
 ss_plugin:depends("type", "SS")
+function ss_plugin.cfgvalue(self, section)
+	return m:get(section, "plugin")
+end
+function ss_plugin.write(self, section, value)
+	m:set(section, "plugin", value)
+end

 ss_plugin_opts = s:option(Value, "ss_plugin_opts", translate("opts"))
 ss_plugin_opts:depends("ss_plugin", "v2ray-plugin")
 ss_plugin_opts:depends("ss_plugin", "obfs-local")
+function ss_plugin_opts.cfgvalue(self, section)
+	return m:get(section, "plugin_opts")
+end
+function ss_plugin_opts.write(self, section, value)
+	m:set(section, "plugin_opts", value)
+end

 use_kcp = s:option(Flag, "use_kcp", translate("Use Kcptun"),
                   "<span style='color:red'>" .. translate("Please confirm whether the Kcptun is installed. If not, please go to Rule Update download installation.") .. "</span>")
@ -298,10 +354,11 @@ stream_security.default = "tls"
 stream_security:depends("protocol", "vmess")
 stream_security:depends("protocol", "socks")
 stream_security:depends("protocol", "shadowsocks")
+stream_security:depends("type", "Trojan")
 stream_security:depends("type", "Trojan-Plus")
 stream_security:depends("type", "Trojan-Go")
 stream_security.validate = function(self, value)
-    if value == "none" and type:formvalue(arg[1]) == "Trojan" then
+    if value == "none" and (type:formvalue(arg[1]) == "Trojan" or type:formvalue(arg[1]) == "Trojan-Plus") then
        return nil, translate("'none' not supported for original Trojan.")
    end
    return value
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua
@ -14,20 +14,20 @@ o.rmempty = false

 ---- Enable custom url
 --[[
-o = s:option(Flag, "enable_custom_url", translate("Enable custom url"))
+o = s:option(Flag, "enable_custom_url", translate("Enable custom URL"))
 o.default = 0
 o.rmempty = false
 ]]--

 ---- gfwlist URL
-o = s:option(Value, "gfwlist_url", translate("gfwlist Update url"))
+o = s:option(Value, "gfwlist_url", translate("GFW domains(gfwlist) Update URL"))
 o:value("https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt", translate("Loukky/gfwlist-by-loukky"))
 o:value("https://cdn.jsdelivr.net/gh/gfwlist/gfwlist/gfwlist.txt", translate("gfwlist/gfwlist"))
 o.default = "https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt"
 --o:depends("enable_custom_url", 1)

 ----chnroute  URL
-o = s:option(Value, "chnroute_url", translate("Chnroute Update url"))
+o = s:option(Value, "chnroute_url", translate("China IPs(chnroute) Update URL"))
 o:value("https://ispip.clang.cn/all_cn.txt", translate("Clang.CN"))
 o:value("https://ispip.clang.cn/all_cn_cidr.txt", translate("Clang.CN.CIDR"))
 o.default = "https://ispip.clang.cn/all_cn.txt"
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
@ -79,6 +79,9 @@ local function start()
            elseif type == "V2ray" then
                config = require("luci.model.cbi.passwall.server.api.v2ray").gen_config(user)
                bin = ln_start(_api.get_v2ray_path(), "v2ray", "-config=" .. config_file)
+            elseif type == "Trojan" then
+                config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user)
+                bin = ln_start("/usr/sbin/trojan", "trojan", "-c " .. config_file)
            elseif type == "Trojan-Plus" then
                config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user)
                bin = ln_start("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file)
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
@ -70,6 +70,9 @@ if api.is_finded("brook") then
    type:value("Brook", translate("Brook"))
 end
 if api.is_finded("trojan-plus") or api.is_finded("trojan") then
+    type:value("Trojan", translate("Trojan"))
+end
+if api.is_finded("trojan-plus") then
    type:value("Trojan-Plus", translate("Trojan-Plus"))
 end
 if api.is_finded("trojan-go") then
@ -105,6 +108,7 @@ password = s:option(Value, "password", translate("Password"))
 password.password = true
 password:depends("type", "SSR")
 password:depends("type", "Brook")
+password:depends("type", "Trojan")
 password:depends("type", "Trojan-Plus")
 password:depends({ type = "V2ray", protocol = "http" })
 password:depends({ type = "V2ray", protocol = "socks" })
@ -160,6 +164,7 @@ tcp_fast_open = s:option(ListValue, "tcp_fast_open", translate("TCP Fast Open"),
 tcp_fast_open:value("false")
 tcp_fast_open:value("true")
 tcp_fast_open:depends("type", "SSR")
+tcp_fast_open:depends("type", "Trojan")
 tcp_fast_open:depends("type", "Trojan-Plus")
 tcp_fast_open:depends("type", "Trojan-Go")

@ -193,10 +198,11 @@ stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "ws" }
 stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "h2" })
 stream_security:depends({ type = "V2ray", protocol = "socks" })
 stream_security:depends({ type = "V2ray", protocol = "shadowsocks" })
+stream_security:depends("type", "Trojan")
 stream_security:depends("type", "Trojan-Plus")
 stream_security:depends("type", "Trojan-Go")
 stream_security.validate = function(self, value)
-    if value == "none" and type:formvalue(arg[1]) == "Trojan" then
+    if value == "none" and (type:formvalue(arg[1]) == "Trojan" or type:formvalue(arg[1]) == "Trojan-Plus") then
        return nil, translate("'none' not supported for original Trojan.")
    end
    return value
@ -363,6 +369,7 @@ quic_guise:depends("transport", "quic")
 remote_enable = s:option(Flag, "remote_enable", translate("Enable Remote"), translate("You can forward to Nginx/Caddy/V2ray WebSocket and more."))
 remote_enable.default = "1"
 remote_enable.rmempty = false
+remote_enable:depends("type", "Trojan")
 remote_enable:depends("type", "Trojan-Plus")
 remote_enable:depends("type", "Trojan-Go")

--- a/package/lienol/luci-app-passwall/luasrc/view/passwall/log/log.htm
+++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/log/log.htm
@ -16,7 +16,6 @@
 			if(x && x.status == 200) {
 				var log_textarea = document.getElementById('log_textarea');
 				log_textarea.innerHTML = x.responseText;
-				log_textarea.scrollTop = log_textarea.scrollHeight;
 			}
 		}
 	);
@ -24,5 +23,5 @@
 </script>
 <fieldset class="cbi-section" id="_log_fieldset">
 	<input class="cbi-button cbi-input-remove" type="button" onclick="clearlog()" value="<%:Clear logs%>" />
-	<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="30" wrap="off" readonly="readonly"></textarea>
+	<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="40" wrap="off" readonly="readonly"></textarea>
 </fieldset>
--- a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
+++ b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
@ -101,7 +101,7 @@ msgid "Clear"
 msgstr "清除"

 msgid "Main switch"
-msgstr "总开关"
+msgstr "主开关"

 msgid "TCP Node"
 msgstr "TCP节点"
@ -124,38 +124,47 @@ msgstr "与TCP%s节点相同"
 msgid "New process"
 msgstr "另开进程"

-msgid "For used to surf the Internet."
-msgstr "用于科学上网。"
+msgid "For proxy specific list."
+msgstr "用于代理特定的列表。"

-msgid "For Game Mode or DNS resolution and more."
-msgstr "用于游戏模式或DNS解析等。"
+msgid "For proxy game network, DNS hijack etc."
+msgstr "用于代理游戏或DNS劫持等..."

 msgid "The selected server will not use Kcptun."
 msgstr "选中的服务器不会使用Kcptun。"

-msgid "The client can use the router's Socks proxy."
-msgstr "客户端可以使用路由器的Socks代理。"
+msgid "The client can use the router's Socks Servie."
+msgstr "客户端可以使用路由器的 Socks 服务。"

-msgid "DNS Mode"
-msgstr "DNS模式"
+msgid "Filter Mode"
+msgstr "过滤模式"

-msgid "Use local port 7913 as DNS"
-msgstr "使用本机7913端口的DNS"
+msgid "No Filter"
+msgstr "不过滤"

-msgid "No patterns are used"
-msgstr "不使用"
+msgid "IP:Port mode ecceptable for specify other filtered name services."
+msgstr "定义接受 IP:Port 形式的输入，以指定其它域名服务的过滤服务。"

-msgid "if has problem, please try another mode.<br />if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq."
-msgstr "如果有问题，请尝试其他模式。<br />如果您没有使用任何模式，则会使用WAN的DNS。"
+msgid "Resolver For Local/WhiteList Domains"
+msgstr "解析本地和白名单域名"

-msgid "Use TCP Node Resolve DNS"
-msgstr "使用TCP节点解析DNS"
+msgid "Forced to local filter mode on 'Not China List' mode<br />IP:Port mode acceptable, multi value split with english comma."
+msgstr "在 '中国列表以外' 模式下会被强制设置为设定的DNS过滤服务<br />接受 IP:Port 形式的输入，多个以英文逗号分隔。"

-msgid "Use UDP Node Resolve DNS"
-msgstr "使用UDP节点解析DNS"
+msgid "Ali"
+msgstr "阿里"

-msgid "If checked, DNS is resolved using the TCP node."
-msgstr "如果勾选，则使用TCP节点解析DNS解决污染。"
+msgid "Baidu"
+msgstr "百度"
+
+msgid "Resolver For The List Proxied"
+msgstr "解析被代理的域名列表"
+
+msgid "Access Filtered DNS By"
+msgstr "由过滤DNS解析，经过"
+
+msgid "Forward To Socks Server"
+msgstr "转发至 Socks 服务器"

 msgid "Socks Server"
 msgstr "Socks服务器"
@ -163,26 +172,20 @@ msgstr "Socks服务器"
 msgid "Misconfigured"
 msgstr "配置不当"

-msgid "Fair Mode"
-msgstr "公平模式"
+msgid "Make sure socks service is available on this address if 'dns2socks' selected."
+msgstr "如启用了 'dns2socks' 请确保此Socks服务可用。"

-msgid "DNS Address"
-msgstr "DNS地址"
+msgid "ChinaDNS-NG Fair Mode"
+msgstr "ChinaDNS-NG 公平模式"

-msgid "DNS Cache"
-msgstr "DNS缓存"
+msgid "Filtered DNS(For Proxied Domains)"
+msgstr "域名过滤服务(用于被代理的域名)"

-msgid "China DNS Server"
-msgstr "国内DNS服务器"
+msgid "Cache Resolved"
+msgstr "缓存解析结果"

-msgid "If you want to work with other DNS acceleration services, use the default.<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."
-msgstr "如果你想和其他DNS加速服务一起工作，请使用默认。<br />最多使用2个DNS服务器，英文逗号分隔，如果没有填#和后面的端口，则使用53端口。"
-
-msgid "Upstream trust DNS Server for ChinaDNS-NG"
-msgstr "ChinaDNS-NG可信DNS"
-
-msgid "You can use other resolving DNS services as trusted DNS, Example: dns2socks, dns-forwarder... 127.0.0.1#5353<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."
-msgstr "你可以使用其他解决污染DNS服务作为可信DNS，例：dns2socks，dns-forwarder等等。127.0.0.1#5353<br />最多使用2个DNS服务器，英文逗号分隔，如果没有填#和后面的端口，则使用53端口。"
+msgid "IP:Port mode acceptable, the 1st for 'dns2socks' if split with english comma."
+msgstr "接受 IP:Port 形式的输入，多个以英文逗号分隔 ，'dns2socks' 模式下仅首个有效。"

 msgid "The server client can also use this rule to scientifically surf the Internet."
 msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
@ -196,15 +199,6 @@ msgstr "可以使用负载均衡实现故障切换功能。"
 msgid "Restore the default configuration method. Input example in the address bar:"
 msgstr "恢复默认配置方法，地址栏输入例："

-msgid "dnsbyisp"
-msgstr "运营商DNS(自动分配)"
-
-msgid "Ali"
-msgstr "阿里"
-
-msgid "Baidu"
-msgstr "百度"
-
 msgid "DNS Export Of Multi WAN"
 msgstr "国内DNS指定解析出口"

@ -217,18 +211,9 @@ msgstr "只有多线接入才有效。"
 msgid "Not Specify"
 msgstr "不指定"

-msgid "DNS Hijack"
-msgstr "DNS劫持"
-
 msgid "custom"
 msgstr "自定义"

-msgid "DNS Server"
-msgstr "DNS服务器"
-
-msgid "Use Socks Node Resolve DNS"
-msgstr "使用Socks节点解析DNS"
-
 msgid "Multi Process Option"
 msgstr "多进程并发"

@ -254,16 +239,16 @@ msgid "Global Proxy"
 msgstr "全局代理"

 msgid "GFW List"
-msgstr "GFW名单"
+msgstr "防火墙表"

-msgid "China WhiteList"
-msgstr "大陆白名单"
+msgid "Not China List"
+msgstr "中国列表以外"

 msgid "Game Mode"
 msgstr "游戏模式"

-msgid "Return Home"
-msgstr "回国模式"
+msgid "China List"
+msgstr "中国列表"

 msgid "Localhost"
 msgstr "本机"
@ -616,14 +601,14 @@ msgstr "备用"
 msgid "Manually update"
 msgstr "手动更新"

-msgid "Enable custom url"
+msgid "Enable custom URL"
 msgstr "启用自定义规则地址"

-msgid "gfwlist Update url"
-msgstr "GFWList更新URL"
+msgid "GFW domains(gfwlist) Update URL"
+msgstr "防火墙域名列表(gfwlist)更新URL"

-msgid "Chnroute Update url"
-msgstr "国内IP段(Chnroute)更新URL"
+msgid "China IPs(chnroute) Update URL"
+msgstr "中国IP段(chnroute)更新URL"

 msgid "Rule status"
 msgstr "规则版本"
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@ -21,6 +21,8 @@ IS_DEFAULT_DNS=
 LOCAL_DNS=
 DEFAULT_DNS=
 NO_PROXY=
+use_tcp_node_resolve_dns=0
+use_udp_node_resolve_dns=0
 LUA_API_PATH=/usr/lib/lua/luci/model/cbi/$CONFIG/api
 API_GEN_SS=$LUA_API_PATH/gen_shadowsocks.lua
 API_GEN_V2RAY=$LUA_API_PATH/gen_v2ray.lua
@ -122,7 +124,7 @@ hosts_foreach() {
 	local __ip __port
 	for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do
 		get_ip_port_from "$__host" "__ip" "__port"
-		eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" $@"
+		eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" \"$@\""
 		__ret=$?
 		[ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret}
 	done
@ -135,7 +137,7 @@ get_first_dns() {
 		echo "${2}#${3}"
 		return 1
 	}
-	eval "hosts_foreach \"${__hosts_val}\" __first $@"
+	eval "hosts_foreach \"${__hosts_val}\" __first \"$@\""
 }

 get_last_dns() {
@ -146,7 +148,7 @@ get_last_dns() {
 		__last="${2}#${3}"
 		__first=${__first:-${__last}}
 	}
-	eval "hosts_foreach \"${__hosts_val}\" __every $@"
+	eval "hosts_foreach \"${__hosts_val}\" __every \"$@\""
 	[ "${__first}" ==  "${__last}" ] || echo "${__last}"
 }

@ -168,7 +170,7 @@ gen_dnsmasq_items() {
 			if(setdns) for(i in dns) printf("server=/.%s/%s\n", $0, dns[i]) >>outf;
 			if(setlist) printf("ipset=/.%s/%s\n", $0, ipsetlist) >>outf;
 		}
-   END {fflush(outf); close(outf); exit(fail);}
+		END {fflush(outf); close(outf); exit(fail);}
 	'
 }

@ -181,11 +183,7 @@ check_port_exists() {
 	elif [ "$protocol" = "udp" ]; then
 		result=$(netstat -uln | grep -c ":$port ")
 	fi
-	if [ "$result" = 1 ]; then
-		echo 1
-	else
-		echo 0
-	fi
+	echo "${result}"
 }

 get_new_port() {
@ -193,7 +191,7 @@ get_new_port() {
 	[ "$port" == "auto" ] && port=2082
 	protocol=$2
 	result=$(check_port_exists $port $protocol)
-	if [ "$result" = 1 ]; then
+	if [ "$result" != 0 ]; then
 		temp=
 		if [ "$port" -lt 65535 ]; then
 			temp=$(expr $port + 1)
@ -208,7 +206,7 @@ get_new_port() {

 first_type() {
 	local path_name=${1}
-	type -t -p "/bin/${path_name}" -p "${TMP_BIN_PATH}/${path_name}" -p "${path_name}" -p "/usr/bin/v2ray/{path_name}" $@ | head -n1
+	type -t -p "/bin/${path_name}" -p "${TMP_BIN_PATH}/${path_name}" -p "${path_name}" -p "/usr/bin/v2ray/{path_name}" "$@" | head -n1
 }

 ln_start_bin() {
@ -221,11 +219,11 @@ ln_start_bin() {
 			ln -s "${file_func}" "${TMP_BIN_PATH}/${ln_name}"
 			file_func="${TMP_BIN_PATH}/${ln_name}"
 		}
-		[ -x "${file_func}" ] || echolog "  - $(readlink ${file_func}) 没有执行权限，无法启动：${file_func} $@"
+		[ -x "${file_func}" ] || echolog "  - $(readlink ${file_func}) 没有执行权限，无法启动：${file_func} $*"
 	fi
-	echo "${file_func} $@" >&2
+	echo "${file_func} $*" >&2
 	[ -n "${file_func}" ] || echolog "  - 找不到 ${ln_name}，无法启动..."
-	${file_func:-echolog "  - ${ln_name}"} $@ >/dev/null 2>&1 &
+	${file_func:-echolog "  - ${ln_name}"} "$@" >/dev/null 2>&1 &
 }

 ENABLED=$(config_t_get global enabled 0)
@ -285,8 +283,6 @@ load_config() {
 	DNS_MODE=$(config_t_get global dns_mode pdnsd)
 	DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53 | sed 's/:/#/g')
 	DNS_CACHE=$(config_t_get global dns_cache 1)
-	use_tcp_node_resolve_dns=0
-	use_udp_node_resolve_dns=0
 	process=1
 	if [ "$(config_t_get global_forwarding process 0)" = "0" ]; then
 		process=$(cat /proc/cpuinfo | grep 'processor' | wc -l)
@ -295,7 +291,7 @@ load_config() {
 	fi
 	LOCAL_DNS=$(config_t_get global up_china_dns dnsbyisp | sed 's/:/#/g')
 	[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
-	DEFAULT_DNS=$(cat "${RESOLVFILE}" 2>/dev/null | sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' | grep -v "0.0.0.0" | grep -v "127.0.0.1" | grep -v "^::$" | sed 's/\n/,/g')
+	DEFAULT_DNS=$(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v "0.0.0.0" | grep -v "127.0.0.1" | grep -v "^::$" | head -2 | tr '\n' ',')
 	if [ "${LOCAL_DNS}" = "default" ]; then
 		IS_DEFAULT_DNS=1
 		LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29}"
@ -334,26 +330,26 @@ run_socks() {
 		echolog "  - 不能使用 Socks 类型的代理节点"
 	elif [ "$type" == "v2ray" ]; then
 		lua $API_GEN_V2RAY $node nil nil $local_port > $config_file
-		ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray "-config=$config_file"
+		ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$config_file"
 	elif [ "$type" == "trojan" ]; then
 		lua $API_GEN_TROJAN $node client $bind $local_port > $config_file
-		ln_start_bin "$(first_type trojan)" trojan "-c $config_file"
+		ln_start_bin "$(first_type trojan trojan-plus)" trojan -c "$config_file"
 	elif [ "$type" == "trojan-plus" ]; then
 		lua $API_GEN_TROJAN $node client $bind $local_port > $config_file
-		ln_start_bin "$(first_type trojan-plus trojan)" trojan-plus "-c $config_file"
+		ln_start_bin "$(first_type trojan-plus trojan)" trojan-plus -c "$config_file"
 	elif [ "$type" == "trojan-go" ]; then
 		lua $API_GEN_TROJAN $node client $bind $local_port > $config_file
-		ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go "-config $config_file"
+		ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go -config "$config_file"
 	elif [ "$type" == "brook" ]; then
-		local protocol=$(config_n_get $node brook_protocol client)
+		local protocol=$(config_n_get $node protocol client)
 		local brook_tls=$(config_n_get $node brook_tls 0)
 		[ "$protocol" == "wsclient" ] && {
 			[ "$brook_tls" == "1" ] && server_host="wss://${server_host}" || server_host="ws://${server_host}" 
 		}
-		ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" brook_socks_$5 "$protocol -l $bind:$local_port -i $bind -s $server_host:$port -p $(config_n_get $node password)"
+		ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_socks_$5" "$protocol" -l "$bind:$local_port" -i "$bind" -s "$server_host:$port" -p "$(config_n_get $node password)"
 	elif [ "$type" == "ssr" ] || [ "$type" == "ss" ]; then
 		lua $API_GEN_SS $node $local_port > $config_file
-		ln_start_bin "$(first_type ${type}-local)" ${type}-local "-c $config_file -b $bind -u"
+		ln_start_bin "$(first_type ${type}-local)" "${type}-local" -c "$config_file" -b "$bind" -u
 	fi
 }

@ -387,29 +383,29 @@ run_redir() {
 			local server_username=$(config_n_get $node username)
 			local server_password=$(config_n_get $node password)
 			eval port=\$UDP_REDIR_PORT$6
-			ln_start_bin "$(first_type ipt2socks)" ipt2socks_udp_$6 "-U -l $port -b 0.0.0.0 -s $node_address -p $node_port -R"
+			ln_start_bin "$(first_type ipt2socks)" "ipt2socks_udp_$6" -U -l "$port" -b 0.0.0.0 -s "$node_address" -p "$node_port" -R
 		elif [ "$type" == "v2ray" ]; then
 			lua $API_GEN_V2RAY $node udp $local_port nil > $config_file
-			ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray "-config=$config_file"
+			ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$config_file"
 		elif [ "$type" == "trojan" ]; then
 			lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port >$config_file
-			ln_start_bin "$(first_type trojan)" trojan "-c $config_file"
+			ln_start_bin "$(first_type trojan trojan-plus)" trojan -c "$config_file"
 		elif [ "$type" == "trojan-plus" ]; then
 			lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port >$config_file
-			ln_start_bin "$(first_type trojan-plus trojan)" trojan-plus "-c $config_file"
+			ln_start_bin "$(first_type trojan-plus trojan)" trojan-plus -c "$config_file"
 		elif [ "$type" == "trojan-go" ]; then
 			lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port >$config_file
-			ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go "-config $config_file"
+			ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go -config "$config_file"
 		elif [ "$type" == "brook" ]; then
-			local protocol=$(config_n_get $node brook_protocol client)
+			local protocol=$(config_n_get $node protocol client)
 			if [ "$protocol" == "wsclient" ]; then
 				echolog "Brook的WebSocket不支持UDP转发！"
 			else
-				ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" brook_udp_$6 "tproxy -l 0.0.0.0:$local_port -s $server_host:$port -p $(config_n_get $node password)"
+				ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_udp_$6" tproxy -l "0.0.0.0:$local_port" -s "$server_host:$port" -p "$(config_n_get $node password)"
 			fi
 		elif [ "$type" == "ssr" ] || [ "$type" == "ss" ]; then
 			lua $API_GEN_SS $node $local_port > $config_file
-			ln_start_bin "$(first_type ${type}-redir)" ${type}-redir "-c $config_file -U"
+			ln_start_bin "$(first_type ${type}-redir)" "${type}-redir" -c "$config_file" -U
 		fi
 	fi

@ -422,25 +418,25 @@ run_redir() {
 			eval port=\$TCP_REDIR_PORT$6
 			local extra_param="-T"
 			[ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param=""
-			ln_start_bin "$(first_type ipt2socks)" ipt2socks_tcp_$6 "-l $port -b 0.0.0.0 -s $node_address -p $node_port -R $extra_param"
+			ln_start_bin "$(first_type ipt2socks)" "ipt2socks_tcp_$6" -l "$port" -b 0.0.0.0 -s "$node_address" -p "$node_port" -R $extra_param
 		elif [ "$type" == "v2ray" ]; then
 			local extra_param="tcp"
 			[ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="tcp,udp"
 			lua $API_GEN_V2RAY $node $extra_param $local_port nil > $config_file
-			ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray "-config=$config_file"
+			ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$config_file"
 		elif [ "$type" == "trojan" ]; then
 			lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port > $config_file
 			for k in $(seq 1 $process); do
-				ln_start_bin "$(first_type trojan)" trojan "-c $config_file"
+				ln_start_bin "$(first_type trojan trojan-plus)" trojan -c "$config_file"
 			done
 		elif [ "$type" == "trojan-plus" ]; then
 			lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port > $config_file
 			for k in $(seq 1 $process); do
-				ln_start_bin "$(first_type trojan-plus trojan)" trojan-plus "-c $config_file"
+				ln_start_bin "$(first_type trojan-plus trojan)" trojan-plus -c "$config_file"
 			done
 		elif [ "$type" == "trojan-go" ]; then
 			lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port > $config_file
-			ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go "-config $config_file"
+			ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go -config "$config_file"
 		else
 			local kcptun_use=$(config_n_get $node use_kcp 0)
 			if [ "$kcptun_use" == "1" ]; then
@ -456,7 +452,7 @@ run_redir() {
 					local run_kcptun_ip=$server_host
 					[ -n "$kcptun_server_host" ] && run_kcptun_ip=$(get_host_ip $network_type $kcptun_server_host)
 					KCPTUN_REDIR_PORT=$(get_new_port $KCPTUN_REDIR_PORT tcp)
-					ln_start_bin "$(first_type $(config_t_get global_app kcptun_client_file notset) kcptun-client)" kcptun_tcp_$6 "-l 0.0.0.0:$KCPTUN_REDIR_PORT -r $run_kcptun_ip:$kcptun_port $kcptun_config"
+					ln_start_bin "$(first_type $(config_t_get global_app kcptun_client_file notset) kcptun-client)" "kcptun_tcp_$6" -l "0.0.0.0:$KCPTUN_REDIR_PORT" -r "$run_kcptun_ip:$kcptun_port" "$kcptun_config"
 				fi
 			fi
 			if [ "$type" == "ssr" ] || [ "$type" == "ss" ]; then
@ -468,18 +464,18 @@ run_redir() {
 					[ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="-u"
 				fi
 				for k in $(seq 1 $process); do
-					ln_start_bin "$(first_type ${type}-redir)" ${type}-redir "-c $config_file $extra_param"
+					ln_start_bin "$(first_type ${type}-redir)" "${type}-redir" -c "$config_file" $extra_param
 				done
 			elif [ "$type" == "brook" ]; then
 				local server_ip=$server_host
-				local protocol=$(config_n_get $node brook_protocol client)
+				local protocol=$(config_n_get $node protocol client)
 				local brook_tls=$(config_n_get $node brook_tls 0)
 				if [ "$protocol" == "wsclient" ]; then
 					[ "$brook_tls" == "1" ] && server_ip="wss://${server_ip}" || server_ip="ws://${server_ip}" 
 					socks_port=$(get_new_port 2081 tcp)
-					ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" brook_tcp_$6 "wsclient -l 127.0.0.1:$socks_port -i 127.0.0.1 -s $server_ip:$port -p $(config_n_get $node password)"
+					ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_tcp_$6" wsclient -l "127.0.0.1:$socks_port" -i 127.0.0.1 -s "$server_ip:$port" -p "$(config_n_get $node password)"
 					eval port=\$TCP_REDIR_PORT$6
-					ln_start_bin "$(first_type ipt2socks)" ipt2socks_tcp_$6 "-T -l $port -b 0.0.0.0 -s 127.0.0.1 -p $socks_port -R"
+					ln_start_bin "$(first_type ipt2socks)" "ipt2socks_tcp_$6" -T -l "$port" -b 0.0.0.0 -s 127.0.0.1 -p "$socks_port" -R
 					echolog "Brook的WebSocket不支持透明代理，将使用ipt2socks转换透明代理！"
 					[ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && echolog "Brook的WebSocket不支持UDP转发！"
 				else
@ -487,7 +483,7 @@ run_redir() {
 						server_ip=127.0.0.1
 						port=$KCPTUN_REDIR_PORT
 					}
-					ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" brook_tcp_$6 "tproxy -l 0.0.0.0:$local_port -s $server_ip:$port -p $(config_n_get $node password)"
+					ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_tcp_$6" tproxy -l "0.0.0.0:$local_port" -s "$server_ip:$port" -p "$(config_n_get $node password)"
 				fi
 			fi
 		fi
@ -621,132 +617,192 @@ stop_crontab() {
 }

 start_dns() {
-	DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server 127.0.0.1:9050) | sed "s/#/:/g")
-	DNS2SOCKS_FORWARD=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
+	local dns2socks_socks_server dns2socks_forward dns2sock_cache pdnsd_port pdnsd_forward other_port up_trust_pdnsd_dns msg
+	local chnlist returnhome china_ng_chn china_ng_gfw chnlist_param gfwlist_param extra_mode up_trust_chinadns_ng_dns
+	dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:9050) | sed "s/#/:/g")
+	dns2socks_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
+	dns2socks_listen="127.0.0.1:${DNS_PORT}"
+	[ "$DNS_CACHE" == "0" ] && dns2sock_cache="/d"
+	pdnsd_port=${DNS_PORT}
+	pdnsd_forward=${DNS_FORWARD}
+	china_ng_chn="${LOCAL_DNS}"
+	other_port=$(expr $DNS_PORT + 1)
+	china_ng_gfw="127.0.0.1#${other_port}"
+	returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "returnhome")
+	sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt"
+	echolog "过滤服务配置：准备接管域名解析[$?]..."
 	case "$DNS_MODE" in
 	nonuse)
-		echolog "DNS：不使用，将会直接使用上级DNS！"
+		echolog "  - 被禁用，设置为非 '默认DNS' 并开启广告过滤可以按本插件内置的广告域名表进行过滤..."
+		TUN_DNS=""
 	;;
 	dns2socks)
-		[ "$DNS_CACHE" == "0" ] && local _cache="/d"
-		ln_start_bin "$(first_type dns2socks)" dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$DNS_PORT $_cache"
-		echolog "DNS：dns2socks，${DNS2SOCKS_FORWARD-D46.182.19.48:53}"
+		echolog "  - 域名解析 dns2socks..."
 	;;
 	pdnsd)
-		if [ -z "$TCP_NODE1" -o "$TCP_NODE1" == "nil" ]; then
-			echolog "DNS：pdnsd 模式需要启用TCP节点！"
-			force_stop
-		else
-			gen_pdnsd_config $DNS_PORT
-			ln_start_bin "$(first_type pdnsd)" pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
-			echolog "DNS：pdnsd + 使用TCP节点解析DNS"
+		up_trust_pdnsd_dns=$(config_t_get global up_trust_pdnsd_dns "nil")
+		if [ "$up_trust_pdnsd_dns" = "dns2socks" ]; then
+			pdnsd_forward=${china_ng_gfw}
+			dns2socks_listen=${pdnsd_forward}
+			msg="dns2socks"
+		elif [ "$up_trust_pdnsd_dns" = "udp" ]; then
+			use_udp_node_resolve_dns=1
+			msg="UDP节点"
+		elif [ "${up_trust_pdnsd_dns}" = "nil" ]; then
+			msg="TCP节点"
 		fi
+		echolog "  - 域名解析：pdnsd + 使用(${msg})解析域名..."
 	;;
 	chinadns-ng)
-		local china_ng_chn=${LOCAL_DNS}
-		local china_ng_gfw=${DNS_FORWARD}
-		other_port=$(expr $DNS_PORT + 1)
-		[ -f "$RULES_PATH/gfwlist.conf" ] && cat $RULES_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt
-		[ -f "$TMP_PATH/gfwlist.txt" ] && {
-			[ -f "$RULES_PATH/proxy_host" -a -s "$RULES_PATH/proxy_host" ] && cat $RULES_PATH/proxy_host >> $TMP_PATH/gfwlist.txt
-			local gfwlist_param="-g $TMP_PATH/gfwlist.txt"
-		}
-		[ -f "$RULES_PATH/chnlist" ] && cp -a $RULES_PATH/chnlist $TMP_PATH/chnlist
-		[ -f "$TMP_PATH/chnlist" ] && {
-			[ -f "$RULES_PATH/direct_host" -a -s "$RULES_PATH/direct_host" ] && cat $RULES_PATH/direct_host >> $TMP_PATH/chnlist
-			local chnlist_param="-m $TMP_PATH/chnlist -M"
-		}
-		
-		local fair_mode=$(config_t_get global fair_mode 1)
-		if [ "$fair_mode" == "1" ]; then
-			fair_mode="-f"
-		else
-			fair_mode=""
-		fi
-		
 		up_trust_chinadns_ng_dns=$(config_t_get global up_trust_chinadns_ng_dns "pdnsd")
-		if [ "$up_trust_chinadns_ng_dns" == "pdnsd" ]; then
-			if [ -z "$TCP_NODE1" -o "$TCP_NODE1" == "nil" ]; then
-				echolog "DNS：ChinaDNS-NG + pdnsd 模式需要启用TCP节点！"
-				force_stop
-			else
-				gen_pdnsd_config $other_port
-				ln_start_bin "$(first_type pdnsd)" pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
-				ln_start_bin "$(first_type chinadns-ng)" chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
-				echolog "DNS：ChinaDNS-NG + pdnsd，$china_ng_gfw，国内DNS：$china_ng_chn"
-			fi
-		elif [ "$up_trust_chinadns_ng_dns" == "dns2socks" ]; then
-			[ "$DNS_CACHE" == "0" ] && local _cache="/d"
-			ln_start_bin "$(first_type dns2socks)" dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$other_port $_cache"
-			ln_start_bin "$(first_type chinadns-ng)" chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
-			echolog "DNS：ChinaDNS-NG + dns2socks，${DNS2SOCKS_FORWARD:-D46.182.19.48:53}，国内DNS：$china_ng_chn"
-		elif [ "$up_trust_chinadns_ng_dns" == "udp" ]; then
+		if [ "$up_trust_chinadns_ng_dns" = "pdnsd" ]; then
+			pdnsd_port=${other_port}
+			msg="pdnsd"
+			echolog "  | - (chinadns-ng) 只支持2~4级的域名过滤，列表外的域名查询会同时发送给本地DNS(可切换到Pdnsd + TCP节点模式解决)..."
+			echolog "  | - (chinadns-ng) 虽然列表外域名查询的结果，不在中国IP段内(chnroute/chnroute6)时，只采信上游代理 DNS 的应答..."
+			echolog "  | - (chinadns-ng) 上游代理 DNS 有一定概率会比本地 DNS 先返回的话(比如上游代理 DNS 的本地查询缓存)，启用 '公平模式' 可以优先接受本地 DNS 的中国IP段内(chnroute/chnroute6)的应答..."
+		elif [ "$up_trust_chinadns_ng_dns" = "dns2socks" ]; then
+			dns2socks_listen=${china_ng_gfw}
+			TUN_DNS="${dns2socks_listen}"
+			msg="dns2socks"
+		elif [ "$up_trust_chinadns_ng_dns" = "udp" ]; then
 			use_udp_node_resolve_dns=1
-			ln_start_bin "$(first_type chinadns-ng)" chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t $china_ng_gfw $gfwlist_param $chnlist_param $fair_mode"
-			echolog "DNS：ChinaDNS-NG，国内DNS：$china_ng_chn，可信DNS：$up_trust_chinadns_ng_dns，$china_ng_gfw"
-			echolog "  - 如非直连地址，请确保UDP节点已打开并且支持UDP转发。"
+			china_ng_gfw=${DNS_FORWARD}
+			[ -z "${returnhome}" ] || china_ng_chn="${china_ng_gfw}"
+			msg="udp"
 		fi
+		cat "${RULES_PATH}/proxy_host" >> "${TMP_PATH}/gfwlist.txt"
+			echolog "  | - [$?](chinadns-ng) 代理域名表合并到防火墙域名表"
+		gfwlist_param="${TMP_PATH}/gfwlist.txt"
+		cp -a "${RULES_PATH}/chnlist" "${TMP_PATH}/chnlist"
+		if [ -z "${returnhome}" ]; then
+			cat "${RULES_PATH}/direct_host" >> "${TMP_PATH}/chnlist"
+			echolog "  | - [$?](chinadns-ng) 域名白名单合并到中国域名表"
+		else
+			echolog "  | - (chinadns-ng) 白名单不与中国域名表合并"
+			china_ng_chn=${china_ng_gfw}
+			cat "${RULES_PATH}/proxy_host" >> "${TMP_PATH}/chnlist"
+			echolog "  | - [$?](chinadns-ng) 忽略防火墙域名表，代理域名表合并到中国域名表"
+		fi
+		chnlist_param="${TMP_PATH}/chnlist"
+		[ "$(config_t_get global fair_mode 1)" = "1" ] && extra_mode="-f"
+		ln_start_bin "$(first_type chinadns-ng)" chinadns-ng -l "${DNS_PORT}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param:+-m "${chnlist_param}" -M} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} $extra_mode
+		echolog "  + 过滤服务：ChinaDNS-NG(:${DNS_PORT}${extra_mode})：中国域名列表：${china_ng_chn:-D114.114.114.114}，防火域名列表：${china_ng_gfw:-D8.8.8.8} ${msg}"
 	;;
 	*)
 		TUN_DNS="$(echo ${DNS_MODE} | sed 's/:/#/g')"
 		DNS_MODE="other_dns"
-		echolog "可信DNS：指定DNS服务器(支持UDP查询)解析域名：${TUN_DNS}"
+		echolog "  - 域名解析：指定DNS服务器(支持UDP查询)解析域名：${TUN_DNS}"
 	;;
 	esac
+	if [ -n "$(echo ${DNS_MODE}${up_trust_chinadns_ng_dns} | grep pdnsd)" ]; then
+		gen_pdnsd_config "${pdnsd_port}" "${pdnsd_forward}"
+		ln_start_bin "$(first_type pdnsd)" pdnsd --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d
+	fi
+	if [ -n "$(echo ${DNS_MODE}${up_trust_chinadns_ng_dns}${up_trust_pdnsd_dns} | grep dns2socks)" ]; then
+		dns2socks_listen=$(echo "${dns2socks_listen}" | sed 's/#/:/g')
+		ln_start_bin "$(first_type dns2socks)" dns2socks "$dns2socks_socks_server" "$dns2socks_forward" "$dns2socks_listen" $dns2sock_cache
+		echolog "  - dns2sock(${dns2socks_listen}${dns2sock_cache})，${dns2socks_socks_server:-127.0.0.1:9050} -> ${dns2socks_forward-D46.182.19.48:53}"
+	fi
+	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 要求代理 DNS 请求，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发"
+	[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 TCP 查询，如非直连地址，确保 TCP 代理打开，并且已经正确转发"
 }

 add_dnsmasq() {
-	local fwd_dns
-	echolog "准备 dnsmasq 配置文件..."
-	mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
-	local adblock=$(config_t_get global_rules adblock 0)
-	local chinadns_mode=0
-	[ "$DNS_MODE" == "chinadns-ng" ] && [ "$IS_DEFAULT_DNS" != 1 ] && chinadns_mode=1
-	[ "$adblock" == "1" ] && {
-		[ -f "$RULES_PATH/adblock.conf" -a -s "$RULES_PATH/adblock.conf" ] && ln -s $RULES_PATH/adblock.conf $TMP_DNSMASQ_PATH/adblock.conf
+	local global returnhome chnlist gfwlist force_local filtered_dns fwd_dns items item servers msg
+
+	mkdir -p "${TMP_DNSMASQ_PATH}" "${DNSMASQ_PATH}" "/var/dnsmasq.d"
+	[ "$(config_t_get global_rules adblock 0)" = "1" ] && {
+		ln -s "${RULES_PATH}/adblock.conf" "${TMP_DNSMASQ_PATH}/adblock.conf"
+		echolog "  - [$?]广告域名表中域名解析请求直接应答为 '0.0.0.0'"
 	}
-	
-	[ "$DNS_MODE" != "nonuse" ] && {
-		[ "${chinadns_mode}" = "0" ] && fwd_dns="${LOCAL_DNS}"
-		cat "${RULES_PATH}/direct_host" | sort -u | gen_dnsmasq_items "whitelist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/direct_host.conf"
-		echolog "  - [$?]域名白名单(whitelist)：${fwd_dns:-默认}"
+
+	if [ "${DNS_MODE}" = "nonuse" ]; then
+		echolog "  - 不对域名进行分流解析"
+	else
+		global=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "global")
+		returnhome=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "returnhome")
+		chnlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "chnroute")
+		gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${LOCALHOST_UDP_PROXY_MODE}" | grep "gfwlist")
+		if [ "${IS_DEFAULT_DNS}" = "1" ]; then
+			force_local=1
+			[ -n "${chnlist}" ] && force_local=2
+			[ "${DNS_MODE}" = "other_dns" ] || [ "${DNS_MODE}" = "chinadns-ng" ] && force_local=3
+		fi
+		[ "${DNS_MODE}" = "other_dns" ] || [ "${DNS_MODE}" = "chinadns-ng" ] || [ -n "${global}${chnlist}" ] && filtered_dns=1

 		fwd_dns="${LOCAL_DNS}"
+		[ -z "${global}" ] && {
+			[ -z "${chnlist}" ] || [ -n "${returnhome}" ] && [ -n "${force_local}" ] && [ "${filtered_dns}" != "1" ] && unset fwd_dns
+			sort -u "${RULES_PATH}/direct_host" | gen_dnsmasq_items "whitelist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/direct_host.conf"
+			echolog "  - [$?]域名白名单(whitelist)：${fwd_dns:-默认}"
+		}
+
+		servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
+		[ "${filtered_dns}" = "1" ] && [ "${DNS_MODE}" != "chinadns-ng" ] && [ -z "${global}${chnlist}" ] && unset fwd_dns
 		hosts_foreach "servers" host_from_url | grep -v "google.c" | grep '[a-zA-Z]$' | sort -u | gen_dnsmasq_items "vpsiplist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/vpsiplist_host.conf"
 		echolog "  - [$?]节点列表中的域名(vpsiplist)：${fwd_dns:-默认}"

-		unset fwd_dns
-		[ "${chinadns_mode}" = "0" ] && fwd_dns="127.0.0.1#${DNS_PORT}" && cat "${RULES_PATH}/proxy_host" | sort -u | gen_dnsmasq_items "blacklist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/proxy_host.conf"
+		[ -n "${returnhome}" ] || [ "${filtered_dns}" = "1" ] && {
+			[ -n "${gfwlist}" ] && fwd_dns="${LOCAL_DNS}"
+			[ "${filtered_dns}" = "1" ] && [ -z "${chnlist}" ] && unset fwd_dns
+			[ "${DNS_MODE}" = "chinadns-ng" ] && fwd_dns="127.0.0.1#${DNS_PORT}"
+			[ -n "${returnhome}" ] && fwd_dns="${TUN_DNS}"
+			[ -n "${global}" ] && unset fwd_dns
+			sort -u "${RULES_PATH}/chnlist" | gen_dnsmasq_items "chnroute" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/chinalist_host.conf"
+			echolog "  - [$?]中国域名表(chnroute)：${fwd_dns:-默认}"
+		}
+
+		fwd_dns="${TUN_DNS}"
+		[ "${filtered_dns}" = "1" ] && [ -z "${returnhome}" ] && unset fwd_dns
+		[ -n "${global}" ] && unset fwd_dns
+		sort -u "${RULES_PATH}/proxy_host" | sed 's/^\.\(.*\)$/\1/g' | gen_dnsmasq_items "blacklist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/proxy_host.conf"
 		echolog "  - [$?]代理域名表(blacklist)：${fwd_dns:-默认}"

-		if [ "$chinadns_mode" == 0 ]; then
-			[ -f "$RULES_PATH/gfwlist.conf" -a -s "$RULES_PATH/gfwlist.conf" ] && ln -s $RULES_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
-		else
-			cat $TMP_PATH/gfwlist.txt | sed -e "/^$/d" | sort -u | awk '{print "ipset=/."$1"/gfwlist"}' > $TMP_DNSMASQ_PATH/gfwlist.conf
-		fi
-		echolog "  - [$?]防火墙域名表(gfwlist)：${fwd_dns:-默认}"
+		[ -n "${gfwlist}" ] || [ "${filtered_dns}" = "1" ] && [ -z "${returnhome}" ] && {
+			[ "${filtered_dns}" = "1" ] && [ "${DNS_MODE}" != "chinadns-ng" ] && unset fwd_dns
+			sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/gfwlist.conf"
+			echolog "  - [$?]防火墙域名表(gfwlist)：${fwd_dns:-默认}"
+		}

 		[ "$(config_t_get global_subscribe subscribe_proxy 0)" = "1" ] && {
-			local items=$(get_enabled_anonymous_secs "@subscribe_list")
+			items=$(get_enabled_anonymous_secs "@subscribe_list")
 			for item in ${items}; do
 				host_from_url "$(config_n_get ${item} url)" | gen_dnsmasq_items "blacklist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/subscribe.conf"
 				echolog "  - [$?]节点订阅用域名，$(host_from_url $(config_n_get ${item} url))：${fwd_dns:-默认}"
 			done
 		}
-	}
+	fi
 	
-	if [ "${IS_DEFAULT_DNS}" != "1" ]; then
-		servers="${TUN_DNS}"
-		[ "$DNS_MODE" != "chinadns-ng" ] && servers="${LOCAL_DNS}"
-		cat <<-EOF > "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf"
+	if [ "${DNS_MODE}" != "nouse" ] || [ "${IS_DEFAULT_DNS}" != "1" ]; then
+		msg="ISP"
+		servers="${LOCAL_DNS}"
+		echo "conf-dir=${TMP_DNSMASQ_PATH}" > "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf"
+		echo "conf-dir=$TMP_DNSMASQ_PATH" > "${DNSMASQ_PATH}/dnsmasq-${CONFIG}.conf"
+
+		[ "${filtered_dns}" = "1" ] && servers="${TUN_DNS}"
+		[ "${DNS_MODE}" = "chinadns-ng" ] && servers="127.0.0.1#${DNS_PORT}" && msg="chinadns-ng"
+		[ -n "${chnlist}" ] && msg="中国列表以外"
+		[ -n "${returnhome}" ] && msg="中国列表"
+		[ -n "${global}" ] && msg="全局"
+		if [ "${DNS_MODE}" = "other_dns" ]; then
+			msg="指定DNS"
+		else
+			[ "${IS_DEFAULT_DNS}" = "1" ] && [ "${filtered_dns}" != "1" ] && {
+				echolog "  - 不强制设置默认DNS(上级分配)！"
+				return
+			}
+		fi
+		cat <<-EOF >> "/var/dnsmasq.d/dnsmasq-${CONFIG}.conf"
 			$(echo "${servers}" | sed 's/,/\n/g' | gen_dnsmasq_items)
 			all-servers
 			no-poll
 			no-resolv
 		EOF
-		echolog "  - 默认DNS：${servers}"
+		echolog "  - [$?]以上所列以外及默认(${msg})：${servers}"
 	else
-		[ -z "${DEFAULT_DNS}" ] && {
+		echolog "  - 从系统 dnsmasq 自行手动处理..."
+		[ -z "$DEFAULT_DNS" ] && {
 			local tmp=$(get_host_ip ipv4 www.baidu.com 1)
 			[ -z "$tmp" ] && {
 				cat <<-EOF > /var/dnsmasq.d/dnsmasq-$CONFIG.conf
@ -754,34 +810,39 @@ add_dnsmasq() {
 					no-poll
 					no-resolv
 				EOF
-				echolog "  - 你没有设置接口DNS，请前往设置！"
-				/etc/init.d/dnsmasq restart >/dev/null 2>&1
+				echolog "  - [$?]发现暂时无法解析度娘域名，临时接管并设置默认上游DNS：$(get_first_dns LOCAL_DNS 53)"
+				return 99
 			}
 		}
 	fi
-	
-	echo "conf-dir=$TMP_DNSMASQ_PATH" >> /var/dnsmasq.d/dnsmasq-$CONFIG.conf
-	cp -rf /var/dnsmasq.d/dnsmasq-$CONFIG.conf $DNSMASQ_PATH/dnsmasq-$CONFIG.conf
 }

 gen_pdnsd_config() {
-	pdnsd_dir=$TMP_PATH/pdnsd
-	mkdir -p $pdnsd_dir
-	touch $pdnsd_dir/pdnsd.cache
-	chown -R root.nogroup $pdnsd_dir
+	local listen_port=${1}
+	local up_dns=${2}
+	local pdnsd_dir=${TMP_PATH}/pdnsd
 	local perm_cache=2048
 	local _cache="on"
-	[ "$DNS_CACHE" == "0" ] && _cache="off" && perm_cache=0
-	echolog "准备 pdnsd 配置文件..."
-	cat > $pdnsd_dir/pdnsd.conf <<-EOF
+	local query_method="tcp_only"
+
+	mkdir -p "${pdnsd_dir}"
+	touch "${pdnsd_dir}/pdnsd.cache"
+	chown -R root.nogroup "${pdnsd_dir}"
+	if [ "${use_udp_node_resolve_dns}" = "1" ]; then
+		query_method="udp_only"
+	else
+		use_tcp_node_resolve_dns=1
+	fi
+	[ "${DNS_CACHE}" = "0" ] && _cache="off" && perm_cache=0
+	cat > "${pdnsd_dir}/pdnsd.conf" <<-EOF
 		global {
 			perm_cache = $perm_cache;
 			cache_dir = "$pdnsd_dir";
 			run_as = "root";
 			server_ip = 127.0.0.1;
-			server_port = $1;
+			server_port = ${listen_port};
 			status_ctl = on;
-			query_method = tcp_only;
+			query_method = ${query_method};
 			min_ttl = 1h;
 			max_ttl = 1w;
 			timeout = 10;
@ -793,10 +854,10 @@ gen_pdnsd_config() {
 		}
 		
 	EOF
-		echolog "  - [$?]监听：127.0.0.1:${1}"
+	echolog "  + [$?]Pdnsd (127.0.0.1:${listen_port})..."

 	append_pdnsd_updns() {
-		[ -z "${2}" ] && echolog "  - 略过错误 : ${1}" && return 0
+		[ -z "${2}" ] && echolog "  | - 略过错误 : ${1}" && return 0
 		cat >> $pdnsd_dir/pdnsd.conf <<-EOF
 			server {
 				label = "node-${2}_${3}";
@ -811,11 +872,9 @@ gen_pdnsd_config() {
 				caching = $_cache;
 			}
 		EOF
-		echolog "  - [$?]上游DNS：${2}:${3}"
+		echolog "  | - [$?]上游DNS：${2}:${3}"
 	}
-	hosts_foreach DNS_FORWARD append_pdnsd_updns 53
-
-	use_tcp_node_resolve_dns=1
+	hosts_foreach up_dns append_pdnsd_updns 53
 }

 del_dnsmasq() {
@ -861,7 +920,7 @@ start_haproxy() {
 		    maxconn                 3000

 	EOF
-			
+
 	items=$(get_enabled_anonymous_secs "@haproxy_config")
 	for item in $items; do
 		lport=$(config_n_get ${item} haproxy_port 0)
@ -873,7 +932,7 @@ start_haproxy() {

 	unset lport
 	local haproxy_port lbss lbort lbweight export backup
-	local msg bip bport bline bbackup failcount interface
+	local msg bip bport hasvalid bbackup failcount interface
 	for item in ${items}; do
 		unset haproxy_port lbort bbackup

@ -885,7 +944,7 @@ start_haproxy() {
 		[ "$backup" = "1" ] && bbackup="backup"

 		[ "$lport" = "${haproxy_port}" ] || {
-			item="hasvalid"
+			hasvalid="1"
 			lport=${haproxy_port}
 			echolog "  + 入口 0.0.0.0:${lport}..."
 			cat <<-EOF >> "${haproxy_file}"
@ -936,7 +995,7 @@ start_haproxy() {
 		    $auth
 	EOF

-	[ "${item}" == "hasvalid" ] && echolog "  - 没有发现任何有效节点信息..." && return 0
+	[ "${hasvalid}" != "1" ] && echolog "  - 没有发现任何有效节点信息..." && return 0
 	ln_start_bin "$(first_type haproxy)" haproxy -f "${haproxy_file}"
 	echolog "  * 控制台端口：${console_port}/，${auth:-公开}"
 }
@ -1010,7 +1069,7 @@ node_switch)
 	node_switch $2 $3 $4 $5
 	;;
 stop)
-	[ -n "$2" -a "$2" == "force" ] && force_stop
+	[ "$2" = "force" ] && force_stop
 	stop
 	;;
 start)
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -82,13 +82,13 @@ get_action_chain_name() {
 		echo "全局代理"
 		;;
 	gfwlist)
-		echo "GFW名单"
+		echo "防火墙列表"
 		;;
 	chnroute)
-		echo "大陆白名单"
+		echo "中国列表以外"
 		;;
 	returnhome)
-		echo "回国模式"
+		echo "中国列表"
 		;;
 	esac
 }
@ -115,7 +115,7 @@ load_acl() {
 		local TCP_NODE UDP_NODE TCP_NODE_TYPE UDP_NODE_TYPE ipt_tmp is_tproxy tcp_port udp_port msg msg2
 		for item in $items; do
 			unset ip mac tcp_port udp_port is_tproxy msg
-			eval $(uci -q show $CONFIG.${item} | cut -d'.' -sf 3- | grep -v '^$')
+			eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
 			[ -z "${ip}${mac}" ] && continue
 			tcp_proxy_mode=${tcp_proxy_mode:-default}
 			udp_proxy_mode=${udp_proxy_mode:-default}
@ -144,7 +144,7 @@ load_acl() {
 				[ "$TCP_NODE" != "nil" ] && {
 					eval tcp_port=\$TCP_REDIR_PORT$tcp_node
 					eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
-					[ "$TCP_NODE_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ] && is_tproxy=1
+					[ "$TCP_NODE_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE protocol client)" == "client" ] && is_tproxy=1
 					[ "$TCP_NODE_TYPE" == "trojan-go" ] && is_tproxy=1
 					msg2="${msg}使用TCP节点${tcp_node} [$(get_action_chain_name $tcp_proxy_mode)]"
 					if [ -n "${is_tproxy}" ]; then
@ -190,7 +190,7 @@ load_acl() {
 	unset is_tproxy msg
 	[ "$TCP_NODE1" != "nil" ] && [ "$TCP_PROXY_MODE" != "disable" ] && {
 		local TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
-		[ "$TCP_NODE1_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && is_tproxy=1
+		[ "$TCP_NODE1_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE1 protocol client)" == "client" ] && is_tproxy=1
 		[ "$TCP_NODE1_TYPE" == "trojan-go" ] && is_tproxy=1
 			msg="TCP默认代理：使用TCP节点1 [$(get_action_chain_name $TCP_PROXY_MODE)]"
 		if [ -n "$is_tproxy" ]; then
@ -244,7 +244,7 @@ filter_node() {
 			ipt_tmp=$ipt_n
 			ip6t_tmp=$ip6t_n
 			[ "$stream" == "udp" ] && is_tproxy=1
-			[ "$type" == "brook" ] && [ "$(config_n_get $node brook_protocol client)" == "client" ] && is_tproxy=1
+			[ "$type" == "brook" ] && [ "$(config_n_get $node protocol client)" == "client" ] && is_tproxy=1
 			[ "$type" == "trojan-go" ] && is_tproxy=1
 			if [ -n "$is_tproxy" ]; then
 				ipt_tmp=$ipt_m
@ -402,7 +402,7 @@ add_firewall_rule() {
 		local p_r=$(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE $TCP_REDIR_PORT1)
 		TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
 		echolog "加载路由器自身 TCP 代理..."
-		if [ "$TCP_NODE1_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
+		if [ "$TCP_NODE1_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE1 protocol client)" == "client" ]; then
 			echolog "  - 启用 TPROXY 模式"
 			ipt_tmp=$ipt_m
 			dns_l="PSW"
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@ -317,8 +317,8 @@ local function processData(szType, content, add_mode)
 		result.type = "SSR"
 		result.address = hostInfo[1]
 		result.port = hostInfo[2]
-		result.ssr_protocol = hostInfo[3]
-		result.ssr_encrypt_method = hostInfo[4]
+		result.protocol = hostInfo[3]
+		result.method = hostInfo[4]
 		result.obfs = hostInfo[5]
 		result.password = base64Decode(hostInfo[6])
 		local params = {}
@ -421,20 +421,20 @@ local function processData(szType, content, add_mode)
 				local plugin_info = UrlDecode(params.plugin)
 				local idx_pn = plugin_info:find(";")
 				if idx_pn then
-					result.ss_plugin = plugin_info:sub(1, idx_pn - 1)
-					result.ss_plugin_opts =
+					result.plugin = plugin_info:sub(1, idx_pn - 1)
+					result.plugin_opts =
 						plugin_info:sub(idx_pn + 1, #plugin_info)
 				else
-					result.ss_plugin = plugin_info
+					result.plugin = plugin_info
 				end
 			end
-			if result.ss_plugin and result.ss_plugin == "simple-obfs" then
-				result.ss_plugin = "obfs-local"
+			if result.plugin and result.plugin == "simple-obfs" then
+				result.plugin = "obfs-local"
 			end
 		else
 			result.port = host[2]
 		end
-		result.ss_encrypt_method = method
+		result.method = method
 		result.password = password
 	elseif szType == "trojan" then
 		local alias = ""
@ -443,7 +443,7 @@ local function processData(szType, content, add_mode)
 			alias = content:sub(idx_sp + 1, -1)
 			content = content:sub(0, idx_sp - 1)
 		end
-		result.type = "Trojan"
+		result.type = "Trojan-Plus"
 		result.remarks = UrlDecode(alias)
 		if content:find("@") then
 			local Info = split(content, "@")
@ -566,9 +566,9 @@ local function processData(szType, content, add_mode)
 		result.address = content.server
 		result.port = content.port
 		result.password = content.password
-		result.ss_encrypt_method = content.encryption
-		result.ss_plugin = content.plugin
-		result.ss_plugin_opts = content.plugin_options
+		result.method = content.encryption
+		result.plugin = content.plugin
+		result.plugin_opts = content.plugin_options
 		result.group = content.airport
 		result.remarks = content.remarks
 	else