update 2025-02-24 16:27:46

2025-04-04 03:01:27 +08:00 · 2025-02-24 16:27:46 +08:00 · 2025-02-24 16:27:46 +08:00 · 535212fb64
commit 535212fb64
parent 78ed473d41
24 changed files with 2000 additions and 1509 deletions
--- a/ddns-scripts/Makefile
+++ b/ddns-scripts/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=ddns-scripts
 PKG_VERSION:=2.8.2
-PKG_RELEASE:=52
+PKG_RELEASE:=64

 PKG_LICENSE:=GPL-2.0

@ -155,6 +155,17 @@ define Package/ddns-scripts-dnspod/description
 endef


+define Package/ddns-scripts-dnspod-v3
+  $(call Package/ddns-scripts/Default)
+  TITLE:=Extension for dnspod.tencentcloudapi.com (aka: dnspod.cn) API v3
+  DEPENDS:=ddns-scripts +curl +openssl-util
+endef
+
+define Package/ddns-scripts-dnspod-v3/description
+  Dynamic DNS Client scripts extension for dnspod.tencentcloudapi.com API v3 (require curl)
+endef
+
+
 define Package/ddns-scripts-noip
  $(call Package/ddns-scripts/Default)
  TITLE:=Extension for no-ip.com
@ -351,6 +362,10 @@ define Package/ddns-scripts/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) ./files/usr/bin/ddns.sh \
 		$(1)/usr/bin/ddns
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DATA) ./files/etc/uci-defaults/50-ddns-migrate-retry-count \
+		$(1)/etc/uci-defaults/
 endef

 define Package/ddns-scripts/postinst
@ -385,6 +400,7 @@ define Package/ddns-scripts-services/install
 	rm $(1)/usr/share/ddns/default/godaddy.com-v1.json
 	rm $(1)/usr/share/ddns/default/digitalocean.com-v2.json
 	rm $(1)/usr/share/ddns/default/dnspod.cn.json
+	rm $(1)/usr/share/ddns/default/dnspod.cn-v3.json
 	rm $(1)/usr/share/ddns/default/no-ip.com.json
 	rm $(1)/usr/share/ddns/default/bind-nsupdate.json
 	rm $(1)/usr/share/ddns/default/route53-v1.json
@ -541,6 +557,25 @@ exit 0
 endef


+define Package/ddns-scripts-dnspod-v3/install
+	$(INSTALL_DIR) $(1)/usr/lib/ddns
+	$(INSTALL_BIN) ./files/usr/lib/ddns/update_dnspod_cn_v3.sh \
+		$(1)/usr/lib/ddns
+
+	$(INSTALL_DIR) $(1)/usr/share/ddns/default
+	$(INSTALL_DATA) ./files/usr/share/ddns/default/dnspod.cn-v3.json \
+		$(1)/usr/share/ddns/default/
+endef
+
+define Package/ddns-scripts-dnspod-v3/prerm
+#!/bin/sh
+if [ -z "$${IPKG_INSTROOT}" ]; then
+	/etc/init.d/ddns stop
+fi
+exit 0
+endef
+
+
 define Package/ddns-scripts-noip/install
 	$(INSTALL_DIR) $(1)/usr/lib/ddns
 	$(INSTALL_BIN) ./files/usr/lib/ddns/update_no-ip_com.sh \
@ -760,6 +795,7 @@ $(eval $(call BuildPackage,ddns-scripts-freedns))
 $(eval $(call BuildPackage,ddns-scripts-godaddy))
 $(eval $(call BuildPackage,ddns-scripts-digitalocean))
 $(eval $(call BuildPackage,ddns-scripts-dnspod))
+$(eval $(call BuildPackage,ddns-scripts-dnspod-v3))
 $(eval $(call BuildPackage,ddns-scripts-noip))
 $(eval $(call BuildPackage,ddns-scripts-nsupdate))
 $(eval $(call BuildPackage,ddns-scripts-route53))
--- a/ddns-scripts/files/etc/uci-defaults/50-ddns-migrate-retry-count
+++ b/ddns-scripts/files/etc/uci-defaults/50-ddns-migrate-retry-count
@ -0,0 +1,20 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+upgrade_to_retry_max_count() {
+	local service=$1
+	local retry_count retry_max_count
+
+	config_get retry_max_count $service retry_max_count
+	config_get retry_count $service retry_count
+	if [ -z "$retry_max_count" ] && [ -n "$retry_count" ]; then
+		uci_set ddns $service retry_max_count $retry_count
+		uci_commit ddns
+	fi
+}
+
+config_load ddns
+config_foreach upgrade_to_retry_max_count service
+
+exit 0
--- a/ddns-scripts/files/usr/lib/ddns/update_cloudflare_com_v4.sh
+++ b/ddns-scripts/files/usr/lib/ddns/update_cloudflare_com_v4.sh
@ -27,9 +27,8 @@
 [ $use_https -eq 0 ] && use_https=1	# force HTTPS

 # used variables
-local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
+local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID
 local __URLBASE="https://api.cloudflare.com/client/v4"
-local __TTL=120

 # split __HOST __DOMAIN from $domain
 # given data:
@ -97,8 +96,8 @@ __PRGBASE="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
 # force network/interface-device to use for communication
 if [ -n "$bind_network" ]; then
 	local __DEVICE
-	network_get_physdev __DEVICE $bind_network || \
-		write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
+	network_get_device __DEVICE $bind_network || \
+		write_log 13 "Can not detect local device using 'network_get_device $bind_network' - Error: '$?'"
 	write_log 7 "Force communication via device '$__DEVICE'"
 	__PRGBASE="$__PRGBASE --interface $__DEVICE"
 fi
@ -186,16 +185,14 @@ __DATA=$(grep -o '"content":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)

 # update is needed
 # let's build data to send
-# set proxied parameter
-__PROXIED=$(grep -o '"proxied":\s*[^",]*' $DATFILE | grep -o '[^:]*$')

 # use file to work around " needed for json
 cat > $DATFILE << EOF
-{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","ttl":$__TTL,"proxied":$__PROXIED}
+{"content":"$__IP"}
 EOF

 # let's complete transfer command
-__RUNPROG="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
+__RUNPROG="$__PRGBASE --request PATCH --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
 cloudflare_transfer || return 1

 return 0
--- a/ddns-scripts/files/usr/lib/ddns/update_digitalocean_com_v2.sh
+++ b/ddns-scripts/files/usr/lib/ddns/update_digitalocean_com_v2.sh
@ -24,6 +24,7 @@
 json_init
 json_add_string name "$username"
 json_add_string data "$__IP"
+[ $use_ipv6 -ne 0 ] && json_add_string type "AAAA" || json_add_string type "A"

 __STATUS=$(curl -Ss -X PUT "https://api.digitalocean.com/v2/domains/${domain}/records/${param_opt}" \
 	-H "Authorization: Bearer ${password}" \
--- a/ddns-scripts/files/usr/lib/ddns/update_dnspod_cn.sh
+++ b/ddns-scripts/files/usr/lib/ddns/update_dnspod_cn.sh
@ -28,7 +28,7 @@ build_command() {
 	# bind host/IP
 	if [ -n "$bind_network" ]; then
 		local __DEVICE
-		network_get_physdev __DEVICE $bind_network || write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
+		network_get_device __DEVICE $bind_network || write_log 13 "Can not detect local device using 'network_get_device $bind_network' - Error: '$?'"
 		write_log 7 "Force communication via device '$__DEVICE'"
 		__CMDBASE="$__CMDBASE --interface $__DEVICE"
 	fi
--- a/ddns-scripts/files/usr/lib/ddns/update_dnspod_cn_v3.sh
+++ b/ddns-scripts/files/usr/lib/ddns/update_dnspod_cn_v3.sh
@ -0,0 +1,353 @@
+#!/bin/sh
+#
+# Script for sending updates to cloud.tencent.com, modified based on
+# "update_cloudflare_com_v4.sh" and "update_dnspod_cn.sh".
+#
+# You can found them from:
+# - github.com/openwrt/packages for "update_cloudflare_com_v4.sh"
+#	- at: net/ddns-scripts/files/usr/lib/ddns/update_cloudflare_com_v4.sh
+# - github.com/nixonli/ddns-scripts_dnspod for "update_dnspod_cn.sh"
+#
+# v1.2.0:
+#   - Migrate retry_count to retry_max_count
+#   - Fix signature expiration during retries
+# v1.1.0: Publish script
+#
+# 2024 FriesI23 <FriesI23@outlook.com>
+#
+# API documentation at https://cloud.tencent.com/document/api/1427/84627
+# API signature documentation at https://cloud.tencent.com/document/api/1427/56189
+#
+# This script is parsed by dynamic_dns_functions.sh inside send_update() function
+#
+# using following options from /etc/config/ddns
+# you can get your own secret values from console.cloud.tencent.com/cam/capi
+# option username  - api secretId
+# option password  - api secretKey
+# option domain    - "hostname@yourdomain.TLD"
+# option record_id - record id for special record
+#
+# variable __IP already defined with the ip-address to use for update
+#
+
+local OPENSSL=$(command -v openssl)
+
+# check parameters
+[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
+[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
+[ -z "$CURL_SSL" ] && write_log 13 "Dnspod communication require cURL with SSL support. Please install"
+[ -z "$OPENSSL" ] && write_log 13 "Dnspod communication require openssl. Please install"
+[ $use_https -eq 0 ] && use_https=1
+
+# variables
+local __HOST __DOMAIN __TYPE
+local __RUNPROG
+local __RECID __RECLINE __DATA __IPV6
+local __URLHOST="dnspod.tencentcloudapi.com"
+local __URLBASE="https://$__URLHOST"
+local __METHOD="POST"
+local __CONTENT_TYPE="application/json"
+local __RETRY_COUNT=${retry_count:-$retry_max_count}
+
+# Build base command to use
+local __PRGBASE="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
+local __PRGEXTA=""
+
+# split __HOST __DOMAIN from $domain
+# given data:
+# @example.com for "domain record"
+# host.sub@example.com for a "host record"
+__HOST=$(printf %s "$domain" | cut -d@ -f1)
+__DOMAIN=$(printf %s "$domain" | cut -d@ -f2)
+
+# set record type
+[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
+
+tencentcloud_transfer() {
+	local __CNT=0
+	local __ERR __CODE
+
+	while :; do
+		__RUNPROG="$__PRGBASE $($__PRGEXTA)"
+		write_log 7 "#> $__RUNPROG"
+		eval "$__RUNPROG"
+		__ERR=$? # save communication error
+
+		if [ $__ERR -eq 0 ]; then
+			if grep -q '"Error"' "$DATFILE"; then
+				__CODE=$(grep -o '"Code":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
+				[[ $__CODE == "ResourceNotFound.NoDataOfRecord" ]] && break
+				write_log 3 "cURL Response Error: '$__CODE'"
+				write_log 7 "$(cat $DATFILE)" # report error
+			else
+				break
+			fi
+		else
+			write_log 3 "cURL Error: '$__ERR'"
+			write_log 7 "$(cat $ERRFILE)" # report error
+		fi
+
+		[ $VERBOSE -gt 1 ] && {
+			# VERBOSE > 1 then NO retry
+			write_log 4 "Transfer failed - Verbose Mode: $VERBOSE - NO retry on error"
+			break
+		}
+
+		__CNT=$(($__CNT + 1)) # increment error counter
+		# if error count > __RETRY_COUNT leave here
+		[ $__RETRY_COUNT -gt 0 -a $__CNT -gt $__RETRY_COUNT ] &&
+			write_log 14 "Transfer failed after $__RETRY_COUNT retries"
+
+		write_log 4 "Transfer failed - retry $__CNT/$__RETRY_COUNT in $RETRY_SECONDS seconds"
+		sleep $RETRY_SECONDS &
+		PID_SLEEP=$!
+		wait $PID_SLEEP # enable trap-handler
+		PID_SLEEP=0
+	done
+
+	# check for error
+	if grep -q '"Error":' $DATFILE; then
+		__CODE=$(grep -o '"Code":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
+		[[ $__CODE == "ResourceNotFound.NoDataOfRecord" ]] && return 0
+		write_log 4 "TecentCloud reported an error:"
+		write_log 7 "$(cat $DATFILE)" # report error
+		return 1
+	fi
+
+	return 0
+}
+
+# force network/interface-device to use for communication
+if [ -n "$bind_network" ]; then
+	local __DEVICE
+	network_get_device __DEVICE $bind_network ||
+		write_log 13 "Can not detect local device using 'network_get_device $bind_network' - Error: '$?'"
+	write_log 7 "Force communication via device '$__DEVICE'"
+	__PRGBASE="$__PRGBASE --interface $__DEVICE"
+fi
+
+# force ip version to use
+if [ $force_ipversion -eq 1 ]; then
+	[ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6" # force IPv4/IPv6
+fi
+
+# set certificate parameters
+if [ "$cacert" = "IGNORE" ]; then     # idea from Ticket #15327 to ignore server cert
+	__PRGBASE="$__PRGBASE --insecure" # but not empty better to use "IGNORE"
+elif [ -f "$cacert" ]; then
+	__PRGBASE="$__PRGBASE --cacert $cacert"
+elif [ -d "$cacert" ]; then
+	__PRGBASE="$__PRGBASE --capath $cacert"
+elif [ -n "$cacert" ]; then # it's not a file and not a directory but given
+	write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
+fi
+
+# disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
+# or check if libcurl compiled with proxy support
+if [ -z "$proxy" ]; then
+	__PRGBASE="$__PRGBASE --noproxy '*'"
+elif [ -z "$CURL_PROXY" ]; then
+	# if libcurl has no proxy support and proxy should be used then force ERROR
+	write_log 13 "cURL: libcurl compiled without Proxy support"
+fi
+
+# Signature Method v3
+# get more information from github.com/TencentCloud/signature-process-demo,
+# at signature-v3/bash/signv3_no_xdd.sh
+# usage: build_authorization <action> <version> <timestamp> <payload>
+build_authorization() {
+	local __SECRET_ID=$username
+	local __SECRET_KEY=$password
+
+	local __SERVICE=$(printf %s "$__URLHOST" | cut -d '.' -f1)
+	local __REGION=""
+	local __ACTION=$1
+	local __VERSION=$2
+	local __ALGORITHM="TC3-HMAC-SHA256"
+	local __TIMESTAMP=$3
+	local __DATE=$(date -u -d @$__TIMESTAMP +"%Y-%m-%d")
+	local __PAYLOAD=$4
+
+	# Step 1: Concatenate request string
+	local __CANONICAL_URI="/"
+	local __CANONICAL_QUERYSTRING=""
+	local __CANONICAL_HEADERS=$(
+		cat <<EOF
+content-type:$__CONTENT_TYPE
+host:$__URLHOST
+x-tc-action:$(echo $__ACTION | awk '{print tolower($0)}')
+EOF
+	)
+	local __SIGNED_HEADERS="content-type;host;x-tc-action"
+	local __HASHED_REQUEST_PAYLOAD=$(echo -n "$__PAYLOAD" | $OPENSSL sha256 -hex | awk '{print $2}')
+	local __CANONICAL_REQEUST=$(
+		cat <<EOF
+$__METHOD
+$__CANONICAL_URI
+$__CANONICAL_QUERYSTRING
+$__CANONICAL_HEADERS
+
+$__SIGNED_HEADERS
+$__HASHED_REQUEST_PAYLOAD
+EOF
+	)
+
+	# Step 2: Concatenate signed string
+	local __CREDENTIAL_SCOPE="$__DATE/$__SERVICE/tc3_request"
+	local __HASHED_CANONICAL_REQUEST=$(printf "$__CANONICAL_REQEUST" |
+		$OPENSSL sha256 -hex | awk '{print $2}')
+	local __STRING_TO_SIGN=$(
+		cat <<EOF
+$__ALGORITHM
+$__TIMESTAMP
+$__CREDENTIAL_SCOPE
+$__HASHED_CANONICAL_REQUEST
+EOF
+	)
+
+	# Step 3: Calculate signature
+	local __SECRET_DATE=$(printf "$__DATE" |
+		$OPENSSL sha256 -hmac "TC3$__SECRET_KEY" | awk '{print $2}')
+	local __SECRET_SERVICE=$(printf $__SERVICE |
+		$OPENSSL dgst -sha256 -mac hmac -macopt hexkey:"$__SECRET_DATE" | awk '{print $2}')
+	local __SECRET_SIGNING=$(printf "tc3_request" |
+		$OPENSSL dgst -sha256 -mac hmac -macopt hexkey:"$__SECRET_SERVICE" | awk '{print $2}')
+	local __SIGNATURE=$(printf "$__STRING_TO_SIGN" |
+		$OPENSSL dgst -sha256 -mac hmac -macopt hexkey:"$__SECRET_SIGNING" | awk '{print $2}')
+
+	# Step 4: Concatenate Authorization
+	local __AUTHORIZATION="$__ALGORITHM Credential=$__SECRET_ID/$__CREDENTIAL_SCOPE, \
+SignedHeaders=$__SIGNED_HEADERS, Signature=$__SIGNATURE"
+
+	printf '%s' "$__AUTHORIZATION"
+}
+
+# Common Parameters for Signature Method v3
+# usage: build_header <action> <version> <payload>
+build_header() {
+	local __ACTION=$1
+	local __VERSION=$2
+	local __TIMESTAMP=$(date +%s)
+	local __PAYLOAD=$3
+
+	local __AUTHORIZATION=$(build_authorization $__ACTION $__VERSION $__TIMESTAMP $__PAYLOAD)
+
+	printf '%s' "--header 'HOST: $__URLHOST' "
+	printf '%s' "--header 'Content-Type: $__CONTENT_TYPE' "
+	printf '%s' "--header 'X-TC-Action: $__ACTION' "
+	printf '%s' "--header 'X-TC-Version: $__VERSION' "
+	printf '%s' "--header 'X-TC-Timestamp: $__TIMESTAMP' "
+	printf '%s' "--header 'Authorization: $__AUTHORIZATION' "
+}
+
+# API: DescribeRecordList。
+# https://cloud.tencent.com/document/api/1427/56166
+build_describe_record_list_request_param() {
+	local __PAYLOAD="{\"Domain\":\"$__DOMAIN\""
+	__PAYLOAD="$__PAYLOAD,\"Offset\":0"
+	__PAYLOAD="$__PAYLOAD,\"Limit\":1"
+	__PAYLOAD="$__PAYLOAD,\"RecordType\":\"$__TYPE\""
+	if [[ -n "$__HOST" ]]; then
+		__PAYLOAD="$__PAYLOAD,\"Subdomain\":\"$__HOST\""
+	fi
+	__PAYLOAD="$__PAYLOAD}"
+
+	printf '%s' "--request POST "
+	printf '%s' "$__URLBASE "
+	printf '%s' "--data '$__PAYLOAD' "
+	build_header "DescribeRecordList" "2021-03-23" $__PAYLOAD
+}
+
+# API: CreateRecord
+# https://cloud.tencent.com/document/api/1427/56180
+build_create_record_request_param() {
+	local __VALUE=$1
+	local __RECLINE=${2:-默认}
+
+	local __PAYLOAD="{\"Domain\":\"$__DOMAIN\""
+	__PAYLOAD="$__PAYLOAD,\"RecordType\":\"$__TYPE\""
+	__PAYLOAD="$__PAYLOAD,\"RecordLine\":\"$__RECLINE\""
+	__PAYLOAD="$__PAYLOAD,\"Value\":\"$__VALUE\""
+	if [[ -n "$__HOST" ]]; then
+		__PAYLOAD="$__PAYLOAD,\"SubDomain\":\"$__HOST\""
+	fi
+	__PAYLOAD="$__PAYLOAD}"
+
+	printf '%s' "--request POST "
+	printf '%s' "$__URLBASE "
+	printf '%s' "--data '$__PAYLOAD' "
+	build_header "CreateRecord" "2021-03-23" $__PAYLOAD
+}
+
+# API: ModifyRecord
+# https://cloud.tencent.com/document/api/1427/56157
+build_modify_record_request_param() {
+	local __VALUE=$1
+	local __RECLINE=${2:-默认}
+	local __RECID=$3
+
+	local __PAYLOAD="{\"Domain\":\"$__DOMAIN\""
+	__PAYLOAD="$__PAYLOAD,\"RecordType\":\"$__TYPE\""
+	__PAYLOAD="$__PAYLOAD,\"RecordLine\":\"$__RECLINE\""
+	__PAYLOAD="$__PAYLOAD,\"RecordId\":$__RECID"
+	__PAYLOAD="$__PAYLOAD,\"Value\":\"$__VALUE\""
+	if [[ -n "$__HOST" ]]; then
+		__PAYLOAD="$__PAYLOAD,\"SubDomain\":\"$__HOST\""
+	fi
+	__PAYLOAD="$__PAYLOAD}"
+
+	printf '%s' "--request POST "
+	printf '%s' "$__URLBASE "
+	printf '%s' "--data '$__PAYLOAD' "
+	build_header "ModifyRecord" "2021-03-23" $__PAYLOAD
+}
+
+if [ -n "$record_id" ]; then
+	__RECID="$record_id"
+else
+	# read record id for A or AAAA record of host.domain.TLD
+	__PRGEXTA="build_describe_record_list_request_param"
+	# extract zone id
+	tencentcloud_transfer || return 1
+	__RECID=$(grep -o '"RecordId":[[:space:]]*[0-9]*' $DATFILE | grep -o '[0-9]*' | head -1)
+fi
+
+[ $VERBOSE -gt 1 ] && write_log 7 "Got record id: $__RECID"
+
+# extract current stored IP
+__RECLINE=$(grep -o '"Line":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
+__DATA=$(grep -o '"Value":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
+
+# check data
+[ $use_ipv6 -eq 0 ] &&
+	__DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") ||
+	__DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
+
+# we got data so verify
+[ -n "$__DATA" ] && {
+	# expand IPv6 for compare
+	if [ $use_ipv6 -eq 1 ]; then
+		expand_ipv6 $__IP __IPV6
+		expand_ipv6 $__DATA __DATA
+		[ "$__DATA" = "$__IPV6" ] && { # IPv6 no update needed
+			write_log 7 "IPv6 at cloud.tencent.com already up to date"
+			return 0
+		}
+	else
+		[ "$__DATA" = "$__IP" ] && { # IPv4 no update needed
+			write_log 7 "IPv4 at cloud.tencent.com already up to date"
+			return 0
+		}
+	fi
+}
+
+if [ -z "$__RECID" ]; then
+	# create new record if record id not found
+	__PRGEXTA="build_create_record_request_param $__IP $__RECLINE"
+	tencentcloud_transfer || return 1
+	return 0
+fi
+
+__PRGEXTA="build_modify_record_request_param $__IP $__RECLINE $__RECID"
+tencentcloud_transfer || return 1
+return
--- a/ddns-scripts/files/usr/lib/ddns/update_godaddy_com_v1.sh
+++ b/ddns-scripts/files/usr/lib/ddns/update_godaddy_com_v1.sh
@ -93,8 +93,8 @@ __PRGBASE="$CURL -RsS -w '%{http_code}' -o $DATFILE --stderr $ERRFILE"
 # force network/interface-device to use for communication
 if [ -n "$bind_network" ]; then
 	local __DEVICE
-	network_get_physdev __DEVICE $bind_network || \
-		write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
+	network_get_device __DEVICE $bind_network || \
+		write_log 13 "Can not detect local device using 'network_get_device $bind_network' - Error: '$?'"
 	write_log 7 "Force communication via device '$__DEVICE'"
 	__PRGBASE="$__PRGBASE --interface $__DEVICE"
 fi
--- a/ddns-scripts/files/usr/lib/ddns/update_luadns_v1.sh
+++ b/ddns-scripts/files/usr/lib/ddns/update_luadns_v1.sh
@ -76,8 +76,8 @@ __PRGBASE="$CURL -RsS -w '%{http_code}' -o $DATFILE --stderr $ERRFILE"
 # force network/interface-device to use for communication
 if [ -n "$bind_network" ]; then
 	local __DEVICE
-	network_get_physdev __DEVICE $bind_network || \
-		write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
+	network_get_device __DEVICE $bind_network || \
+		write_log 13 "Can not detect local device using 'network_get_device $bind_network' - Error: '$?'"
 	write_log 7 "Force communication via device '$__DEVICE'"
 	__PRGBASE="$__PRGBASE --interface $__DEVICE"
 fi
--- a/ddns-scripts/files/usr/share/ddns/default/dnspod.cn-v3.json
+++ b/ddns-scripts/files/usr/share/ddns/default/dnspod.cn-v3.json
@ -0,0 +1,9 @@
+{
+	"name": "dnspod.cn-v3",
+	"ipv4": {
+		"url": "update_dnspod_cn_v3.sh"
+	},
+	"ipv6": {
+		"url": "update_dnspod_cn_v3.sh"
+	}
+}
--- a/ddns-scripts/files/usr/share/ddns/default/dynu.com.json
+++ b/ddns-scripts/files/usr/share/ddns/default/dynu.com.json
@ -4,6 +4,6 @@
 		"url": "http://api.dynu.com/nic/update?hostname=[DOMAIN]&myip=[IP]&username=[USERNAME]&password=[PASSWORD]"
 	},
 	"ipv6": {
-		"url": "http://api.dynu.com/nic/update?hostname=[DOMAIN]&myipv6=[IP]&username=[USERNAME]&password=[PASSWORD]"
+		"url": "http://api.dynu.com/nic/update?hostname=[DOMAIN]&myip=no&myipv6=[IP]&username=[USERNAME]&password=[PASSWORD]"
 	}
 }
--- a/ddns-scripts/files/usr/share/ddns/default/ipv64.net.json
+++ b/ddns-scripts/files/usr/share/ddns/default/ipv64.net.json
@ -0,0 +1,11 @@
+{
+	"name": "duckdns.org",
+	"ipv4": {
+		"url": "http://ipv64.net/nic/update?domain=[DOMAIN]&key=[PASSWORD]&ip=[IP]",
+		"answer": "good|nochg"
+	},
+	"ipv6": {
+		"url": "http://ipv64.net/nic/update?domain=[DOMAIN]&key=[PASSWORD]&ipv6=[IP]",
+		"answer": "good|nochg"
+	}
+}
--- a/ddns-scripts/files/usr/share/ddns/default/joker.com.json
+++ b/ddns-scripts/files/usr/share/ddns/default/joker.com.json
@ -3,5 +3,9 @@
 	"ipv4": {
 		"url": "http://svc.joker.com/nic/update?username=[USERNAME]&password=[PASSWORD]&myip=[IP]&hostname=[DOMAIN]",
 		"answer": "good|nochg"
+	},
+	"ipv6": {
+		"url": "http://svc.joker.com/nic/update?username=[USERNAME]&password=[PASSWORD]&myip=[IP]&hostname=[DOMAIN]",
+		"answer": "good|nochg"
 	}
 }
--- a/ddns-scripts/files/usr/share/ddns/default/ydns.io.json
+++ b/ddns-scripts/files/usr/share/ddns/default/ydns.io.json
@ -0,0 +1,11 @@
+{
+	"name": "ydns.io",
+	"ipv4": {
+		"url": "https://[USERNAME]:[PASSWORD]@ydns.io/api/v1/update/?host=[DOMAIN]&ip=[IP]",
+		"answer": "good|nochg"
+	},
+	"ipv6": {
+		"url": "https://[USERNAME]:[PASSWORD]@ydns.io/api/v1/update/?host=[DOMAIN]&ip=[IP]",
+		"answer": "good|nochg"
+	}
+}
--- a/ddns-scripts/files/usr/share/ddns/list
+++ b/ddns-scripts/files/usr/share/ddns/list
@ -35,6 +35,7 @@ he.net
 hosting.de
 infomaniak.com
 ipnodns.ru
+ipv64.net
 inwx.de
 joker.com
 loopia.se
@ -66,4 +67,5 @@ twodns.de
 udmedia.de
 variomedia.de
 xlhost.de
+ydns.io
 zoneedit.com
--- a/luci-app-fchomo/htdocs/luci-static/resources/view/fchomo/client.js
+++ b/luci-app-fchomo/htdocs/luci-static/resources/view/fchomo/client.js
@ -526,7 +526,8 @@ function renderRules(s, uciconfig) {
 	//o.depends('SUB-RULE', '');
 	o.editable = true;

-	o = s.option(form.Flag, 'src', _('src'));
+	o = s.option(form.Flag, 'src', _('src'),
+		_('Treat the <code>destination IP</code> as the <code>source IP</code>.'));
 	o.default = o.disabled;
 	o.load = function(section_id) {
 		return boolToFlag(new RulesEntry(uci.get(uciconfig, section_id, 'entry')).getParam('src') ? true : false);
@ -543,7 +544,9 @@ function renderRules(s, uciconfig) {
 	o.depends('SUB-RULE', '');
 	o.modalonly = true;

-	o = s.option(form.Flag, 'no-resolve', _('no-resolve'));
+	o = s.option(form.Flag, 'no-resolve', _('no-resolve'),
+		_('Do not resolve the domain connection to IP for this match.</br>' +
+		'Only works for pure domain inbound connections without DNS resolution. e.g., socks5h'));
 	o.default = o.disabled;
 	o.load = function(section_id) {
 		return boolToFlag(new RulesEntry(uci.get(uciconfig, section_id, 'entry')).getParam('no-resolve') ? true : false);
--- a/luci-app-fchomo/po/templates/fchomo.pot
+++ b/luci-app-fchomo/po/templates/fchomo.pot
--- a/luci-app-fchomo/po/zh_Hans/fchomo.po
+++ b/luci-app-fchomo/po/zh_Hans/fchomo.po
--- a/luci-app-fchomo/po/zh_Hant/fchomo.po
+++ b/luci-app-fchomo/po/zh_Hant/fchomo.po
--- a/luci-app-nikki/Makefile
+++ b/luci-app-nikki/Makefile
@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk

-PKG_VERSION:=1.19.1
+PKG_VERSION:=1.19.2

 LUCI_TITLE:=LuCI Support for nikki
 LUCI_DEPENDS:=+luci-base +nikki
--- a/luci-app-nikki/htdocs/luci-static/resources/view/nikki/app.js
+++ b/luci-app-nikki/htdocs/luci-static/resources/view/nikki/app.js
@ -28,8 +28,8 @@ return view.extend({
    },
    render: function (data) {
        const subscriptions = uci.sections('nikki', 'subscription');
-        const appVersion = data[1]?.app || '';
-        const coreVersion = data[1]?.core || '';
+        const appVersion = data[1].app ?? '';
+        const coreVersion = data[1].core ?? '';
        const running = data[2];
        const profiles = data[3];

--- a/luci-app-nikki/htdocs/luci-static/resources/view/nikki/proxy.js
+++ b/luci-app-nikki/htdocs/luci-static/resources/view/nikki/proxy.js
@ -77,7 +77,7 @@ return view.extend({
        for (const mac in hosts) {
            const host = hosts[mac];
            for (const ip of host.ipaddrs) {
-                const hint = host.name || mac;
+                const hint = host.name ?? mac;
                o.value(ip, hint ? '%s (%s)'.format(ip, hint) : ip);
            };
        };
@ -91,7 +91,7 @@ return view.extend({
        for (const mac in hosts) {
            const host = hosts[mac];
            for (const ip of host.ip6addrs) {
-                const hint = host.name || mac;
+                const hint = host.name ?? mac;
                o.value(ip, hint ? '%s (%s)'.format(ip, hint) : ip);
            };
        };
@ -104,7 +104,7 @@ return view.extend({

        for (const mac in hosts) {
            const host = hosts[mac];
-            const hint = host.name || host.ipaddrs[0];
+            const hint = host.name ?? host.ipaddrs[0];
            o.value(mac, hint ? '%s (%s)'.format(mac, hint) : mac);
        };

--- a/nikki/Makefile
+++ b/nikki/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nikki
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
--- a/nikki/files/ucode/hijack.ut
+++ b/nikki/files/ucode/hijack.ut
@ -40,8 +40,8 @@

 	const bypass_user = filter(ensure_array(uci.get('nikki', 'proxy', 'bypass_user')), (x) => x != "root" && index(users, x) >= 0);
 	const bypass_group = filter(ensure_array(uci.get('nikki', 'proxy', 'bypass_group')), (x) => x != "root" && index(groups, x) >= 0);
-	const proxy_tcp_dport = ensure_array(uci.get('nikki', 'proxy', 'proxy_tcp_dport'));
-	const proxy_udp_dport = ensure_array(uci.get('nikki', 'proxy', 'proxy_udp_dport'));
+	const proxy_tcp_dport = split((uci.get('nikki', 'proxy', 'proxy_tcp_dport') ?? '0-65535'), ' ');
+	const proxy_udp_dport = split((uci.get('nikki', 'proxy', 'proxy_udp_dport') ?? '0-65535'), ' ');
 	const bypass_dscp = ensure_array(uci.get('nikki', 'proxy', 'bypass_dscp'));

 	const dns_hijack_nfproto = [];
--- a/nikki/files/ucode/mixin.uc
+++ b/nikki/files/ucode/mixin.uc
@ -13,51 +13,52 @@ const config = {};

 const mixin = uci.get('nikki', 'config', 'mixin') == '1';

-config['log-level'] = uci.get('nikki', 'mixin', 'log_level') || 'info';
-config['mode'] = uci.get('nikki', 'mixin', 'mode') || 'rule';
-config['find-process-mode'] = uci.get('nikki', 'mixin', 'match_process') || 'off';
-config['interface-name'] = ubus.call('network.interface', 'status', {'interface': uci.get('nikki', 'mixin', 'outbound_interface')})?.l3_device || '';
+config['log-level'] = uci.get('nikki', 'mixin', 'log_level') ?? 'info';
+config['mode'] = uci.get('nikki', 'mixin', 'mode') ?? 'rule';
+config['find-process-mode'] = uci.get('nikki', 'mixin', 'match_process') ?? 'off';
+config['interface-name'] = ubus.call('network.interface', 'status', {'interface': uci.get('nikki', 'mixin', 'outbound_interface')})?.l3_device ?? '';
 config['ipv6'] = uci.get('nikki', 'mixin', 'ipv6') == '1';
 if (mixin) {
 	config['unified-delay'] = uci.get('nikki', 'mixin', 'unify_delay') == '1';
 	config['tcp-concurrent'] = uci.get('nikki', 'mixin', 'tcp_concurrent') == '1';
-	config['keep-alive-idle'] = int(uci.get('nikki', 'mixin', 'tcp_keep_alive_idle') || '600');
-	config['keep-alive-interval'] = int(uci.get('nikki', 'mixin', 'tcp_keep_alive_interval') || '15');
+	config['keep-alive-idle'] = int(uci.get('nikki', 'mixin', 'tcp_keep_alive_idle') ?? '600');
+	config['keep-alive-interval'] = int(uci.get('nikki', 'mixin', 'tcp_keep_alive_interval') ?? '15');
 }

-config['external-ui'] = uci.get('nikki', 'mixin', 'ui_path') || 'ui';
-config['external-ui-name'] = uci.get('nikki', 'mixin', 'ui_name') || '';
+config['external-ui'] = uci.get('nikki', 'mixin', 'ui_path') ?? 'ui';
+config['external-ui-name'] = uci.get('nikki', 'mixin', 'ui_name') ?? '';
 config['external-ui-url'] = uci.get('nikki', 'mixin', 'ui_url');
-config['external-controller'] = '0.0.0.0' + ':' + (uci.get('nikki', 'mixin', 'api_port') || '9090');
-config['secret'] = uci.get('nikki', 'mixin', 'api_secret') || '666666';
+config['external-controller'] = '0.0.0.0' + ':' + (uci.get('nikki', 'mixin', 'api_port') ?? '9090');
+config['secret'] = uci.get('nikki', 'mixin', 'api_secret') ?? '666666';
 config['profile'] = {};
 config['profile']['store-selected'] = uci.get('nikki', 'mixin', 'selection_cache') == '1';
 config['profile']['store-fake-ip'] = uci.get('nikki', 'mixin', 'fake_ip_cache') == '1';

 config['allow-lan'] = uci.get('nikki', 'mixin', 'allow_lan') == '1';
-config['port'] = int(uci.get('nikki', 'mixin', 'http_port') || '8080');
-config['socks-port'] = int(uci.get('nikki', 'mixin', 'socks_port') || '1080');
-config['mixed-port'] = int(uci.get('nikki', 'mixin', 'mixed_port') || '7890');
-config['redir-port'] = int(uci.get('nikki', 'mixin', 'redir_port') || '7891');
-config['tproxy-port'] = int(uci.get('nikki', 'mixin', 'tproxy_port') || '7892');
+config['port'] = int(uci.get('nikki', 'mixin', 'http_port') ?? '8080');
+config['socks-port'] = int(uci.get('nikki', 'mixin', 'socks_port') ?? '1080');
+config['mixed-port'] = int(uci.get('nikki', 'mixin', 'mixed_port') ?? '7890');
+config['redir-port'] = int(uci.get('nikki', 'mixin', 'redir_port') ?? '7891');
+config['tproxy-port'] = int(uci.get('nikki', 'mixin', 'tproxy_port') ?? '7892');

 if (uci.get('nikki', 'mixin', 'authentication') == '1') {
 	config['authentication'] = [];
 	uci.foreach('nikki', 'authentication', (section) => {
-		if (section.enabled == '1') {
-			push(config['authentication'], `${section.username}:${section.password}`);
+		if (section.enabled != '1') {
+			return;
 		}
+		push(config['authentication'], `${section.username}:${section.password}`);
 	});
 }

 config['tun'] = {};
 if (uci.get('nikki', 'proxy', 'tcp_transparent_proxy_mode') == 'tun' || uci.get('nikki', 'proxy', 'udp_transparent_proxy_mode') == 'tun') {
 	config['tun']['enable'] = true;
-	config['tun']['device'] = uci.get('nikki', 'mixin', 'tun_device') || 'nikki';
-	config['tun']['stack'] = uci.get('nikki', 'mixin', 'tun_stack') || 'system';
-	config['tun']['mtu'] = int(uci.get('nikki', 'mixin', 'tun_mtu') || '9000');
+	config['tun']['device'] = uci.get('nikki', 'mixin', 'tun_device') ?? 'nikki';
+	config['tun']['stack'] = uci.get('nikki', 'mixin', 'tun_stack') ?? 'system';
+	config['tun']['mtu'] = int(uci.get('nikki', 'mixin', 'tun_mtu') ?? '9000');
 	config['tun']['gso'] = uci.get('nikki', 'mixin', 'tun_gso') == '1';
-	config['tun']['gso-max-size'] = int(uci.get('nikki', 'mixin', 'tun_gso_max_size') || '65536');
+	config['tun']['gso-max-size'] = int(uci.get('nikki', 'mixin', 'tun_gso_max_size') ?? '65536');
 	config['tun']['endpoint-independent-nat'] = uci.get('nikki', 'mixin', 'tun_endpoint_independent_nat') == '1';
 	config['tun']['auto-route'] = false;
 	config['tun']['auto-redirect'] = false;
@ -70,12 +71,12 @@ if (uci.get('nikki', 'proxy', 'tcp_transparent_proxy_mode') == 'tun' || uci.get(
 }

 config['dns'] = {};
-config['dns']['listen'] = '0.0.0.0' + ':' + (uci.get('nikki', 'mixin', 'dns_port') || '1053');
-config['dns']['enhanced-mode'] = uci.get('nikki', 'mixin', 'dns_mode') || 'redir-host';
-config['dns']['fake-ip-range'] = uci.get('nikki', 'mixin', 'fake_ip_range') || '198.18.0.1/16';
+config['dns']['listen'] = '0.0.0.0' + ':' + (uci.get('nikki', 'mixin', 'dns_port') ?? '1053');
+config['dns']['enhanced-mode'] = uci.get('nikki', 'mixin', 'dns_mode') ?? 'redir-host';
+config['dns']['fake-ip-range'] = uci.get('nikki', 'mixin', 'fake_ip_range') ?? '198.18.0.1/16';
 if (uci.get('nikki', 'mixin', 'fake_ip_filter') == '1') {
 	config['dns']['fake-ip-filter'] = ensure_array(uci.get('nikki', 'mixin', 'fake_ip_filters'));
-	config['dns']['fake-ip-filter-mode'] = uci.get('nikki', 'mixin', 'fake_ip_filter_mode') || 'blacklist';
+	config['dns']['fake-ip-filter-mode'] = uci.get('nikki', 'mixin', 'fake_ip_filter_mode') ?? 'blacklist';
 }
 if (mixin) {
 	config['dns']['respect-rules'] = uci.get('nikki', 'mixin', 'dns_respect_rules') == '1';
@ -86,9 +87,10 @@ if (mixin) {
 	if (uci.get('nikki', 'mixin', 'hosts') == '1') {
 		config['hosts'] = {};
 		uci.foreach('nikki', 'hosts', (section) => {
-			if (section.enabled == '1') {
-				config['hosts'][section.domain_name] = ensure_array(section.ip);
+			if (section.enabled != '1') {
+				return;
 			}
+			config['hosts'][section.domain_name] = ensure_array(section.ip);
 		});
 	}
 	if (uci.get('nikki', 'mixin', 'dns_nameserver') == '1') {
@ -98,15 +100,19 @@ if (mixin) {
 		config['dns']['nameserver'] = [];
 		config['dns']['fallback'] = [];
 		uci.foreach('nikki', 'nameserver', (section) => {
+			if (section.enabled != '1') {
+				return;
+			}
 			push(config['dns'][section.type], ...ensure_array(section.nameserver));
 		})
 	}
 	if (uci.get('nikki', 'mixin', 'dns_nameserver_policy') == '1') {
 		config['dns']['nameserver-policy'] = {};
 		uci.foreach('nikki', 'nameserver_policy', (section) => {
-			if (section.enabled == '1') {
-				config['dns']['nameserver-policy'][section.matcher] = ensure_array(section.nameserver);
+			if (section.enabled != '1') {
+				return;
 			}
+			config['dns']['nameserver-policy'][section.matcher] = ensure_array(section.nameserver);
 		});
 	}
 }
@ -129,10 +135,11 @@ if (mixin) {
 		config['sniffer']['sniff']['TLS'] = {};
 		config['sniffer']['sniff']['QUIC'] = {};
 		uci.foreach('nikki', 'sniff', (section) => {
-			if (section.enabled == '1') {
-				config['sniffer']['sniff'][section.protocol]['port'] = ensure_array(section.port);
-				config['sniffer']['sniff'][section.protocol]['override-destination'] = section.overwrite_destination == '1';
+			if (section.enabled != '1') {
+				return;
 			}
+			config['sniffer']['sniff'][section.protocol]['port'] = ensure_array(section.port);
+			config['sniffer']['sniff'][section.protocol]['override-destination'] = section.overwrite_destination == '1';
 		});
 	}
 }
@ -140,6 +147,9 @@ if (mixin) {
 if (uci.get('nikki', 'mixin', 'rule_provider') == '1') {
 	config['rule-providers'] = {};
 	uci.foreach('nikki', 'rule_provider', (section) => {
+		if (section.enabled != '1') {
+			return;
+		}
 		if (section.type == 'http') {
 			config['rule-providers'][section.name] = {
 				type: section.type,
@ -163,8 +173,11 @@ if (uci.get('nikki', 'mixin', 'rule_provider') == '1') {
 if (uci.get('nikki', 'mixin', 'rule') == '1') {
 	config['nikki-rules'] = [];
 	uci.foreach('nikki', 'rule', (section) => {
+		if (section.enabled != '1') {
+			return;
+		}
 		let rule;
-		if (section.type == null || section.type == '') {
+		if (section.type == null ?? section.type == '') {
 			rule = `${section.matcher},${section.node}`;
 		} else {
 			rule = `${section.type},${section.matcher},${section.node}`;
@ -177,15 +190,15 @@ if (uci.get('nikki', 'mixin', 'rule') == '1') {
 }

 if (mixin) {
-	config['geodata-mode'] = (uci.get('nikki', 'mixin', 'geoip_format') || 'mmdb') == 'dat';
-	config['geodata-loader'] = uci.get('nikki', 'mixin', 'geodata_loader') || 'memconservative';
+	config['geodata-mode'] = (uci.get('nikki', 'mixin', 'geoip_format') ?? 'mmdb') == 'dat';
+	config['geodata-loader'] = uci.get('nikki', 'mixin', 'geodata_loader') ?? 'memconservative';
 	config['geox-url'] = {};
 	config['geox-url']['geosite'] = uci.get('nikki', 'mixin', 'geosite_url');
 	config['geox-url']['mmdb'] = uci.get('nikki', 'mixin', 'geoip_mmdb_url');
 	config['geox-url']['geoip'] = uci.get('nikki', 'mixin', 'geoip_dat_url');
 	config['geox-url']['asn'] = uci.get('nikki', 'mixin', 'geoip_asn_url');
 	config['geo-auto-update'] = uci.get('nikki', 'mixin', 'geox_auto_update') == '1';
-	config['geo-update-interval'] = int(uci.get('nikki', 'mixin', 'geox_update_interval') || '24');
+	config['geo-update-interval'] = int(uci.get('nikki', 'mixin', 'geox_update_interval') ?? '24');
 }

 print(config);