update 2023-09-28 23:36:39

2025-01-07 07:06:58 +08:00 · 2023-09-28 23:36:39 +08:00 · 2023-09-28 23:36:39 +08:00 · d7bd9d19d7
commit d7bd9d19d7
parent 708330cbdd
10 changed files with 17 additions and 141 deletions
--- a/luci-app-mosdns/Makefile
+++ b/luci-app-mosdns/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-mosdns
-PKG_VERSION:=1.5.11
+PKG_VERSION:=1.5.12
 PKG_RELEASE:=1

 LUCI_TITLE:=LuCI Support for mosdns
--- a/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
+++ b/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
@ -120,12 +120,12 @@ o.rmempty = false
 o.default = false
 o:depends("configfile", "/etc/mosdns/config.yaml")

-o = s:taboption("advanced", Flag, "enable_http3_local", translate("Local DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for Local DNS, Upstream DNS server support is required (Experimental)"))
+o = s:taboption("advanced", Flag, "enable_http3_local", translate("China DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for China DNS, Upstream DNS server support is required (Experimental feature)"))
 o.rmempty = false
 o.default = false
 o:depends("custom_local_dns", "1")

-o = s:taboption("advanced", Flag, "enable_http3_remote", translate("Remote DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental)"))
+o = s:taboption("advanced", Flag, "enable_http3_remote", translate("Remote DNS Enable HTTP/3"), translate("Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental feature)"))
 o.rmempty = false
 o.default = false
 o:depends("configfile", "/etc/mosdns/config.yaml")
--- a/luci-app-mosdns/po/zh-cn/mosdns.po
+++ b/luci-app-mosdns/po/zh-cn/mosdns.po
@ -265,17 +265,17 @@ msgstr "禁用 TLS 证书"
 msgid "Disable TLS Servers certificate validation, Can be useful if system CA certificate expires or the system time is out of order"
 msgstr "禁用 TLS 服务器证书验证，当系统 CA 证书过期或系统时间错乱时，本选项可能会有用"

-msgid "Local DNS Enable HTTP/3"
-msgstr "本地 DNS 启用 HTTP/3"
+msgid "China DNS Enable HTTP/3"
+msgstr "国内 DNS 启用 HTTP/3"

-msgid "Enable DoH HTTP/3 protocol for Local DNS, Upstream DNS server support is required (Experimental)"
-msgstr "本地 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性，谨慎启用该功能）"
+msgid "Enable DoH HTTP/3 protocol for China DNS, Upstream DNS server support is required (Experimental feature)"
+msgstr "国内 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性功能）"

 msgid "Remote DNS Enable HTTP/3"
 msgstr "远程 DNS 启用 HTTP/3"

-msgid "Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental)"
-msgstr "远程 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性，谨慎启用该功能）"
+msgid "Enable DoH HTTP/3 protocol for Remote DNS, Upstream DNS server support is required (Experimental feature)"
+msgstr "远程 DNS 启用 DoH HTTP/3 协议，需要上游 DNS 服务器支持（实验性功能）"

 msgid "Enable EDNS client subnet"
 msgstr "启用 EDNS 客户端子网"
--- a/luci-app-mosdns/root/etc/init.d/mosdns
+++ b/luci-app-mosdns/root/etc/init.d/mosdns
@ -30,7 +30,6 @@ DUMP_FILE=/etc/mosdns/cache.dump
 DUMP_FILE_DEFAULT=/usr/share/mosdns/cache.dump
 DEFAULT_CONF=/usr/share/mosdns/default.yaml
 MOSDNS_SCRIPT=/usr/share/mosdns/mosdns.sh
-RULE_HOSTS=/etc/mosdns/rule/hosts.txt

 get_config() {
    config_get enabled $1 enabled 0
@ -73,14 +72,6 @@ init_yaml() {
    # HTTP/3
    [ $enable_http3_local -eq 1 ] && enable_http3_local=true || enable_http3_local=false
    [ $enable_http3_remote -eq 1 ] && enable_http3_remote=true || enable_http3_remote=false
-    if [ $enable_http3_local = true ]; then
-        http3_dns=$(uci get mosdns.config.local_dns)
-        echo "$http3_dns" | grep -oE 'https?://[^/]+' | while read -r domain; do
-            address=$(nslookup "${domain#*://}" ${bootstrap_dns} | grep -A2 Name | grep Address | awk '{print $2}')
-            sed -i "/${domain#*://}/d" $RULE_HOSTS
-            [ -n "$address" ] && echo ${domain#*://} $address >> $RULE_HOSTS
-        done
-    fi
    # Write parameters
    [ "$custom_local_dns" -eq 1 ] && \
    local_dns=$($MOSDNS_SCRIPT dns | awk '{for(i=1;i<=NF;i++)printf "%s- addr: \"%s\"\n%s  bootstrap: '${bootstrap_dns}'\n%s  enable_pipeline: '${enable_pipeline}'\n%s  max_conns: '${max_conns}'\n%s  insecure_skip_verify: '${insecure_skip_verify}'\n%s  idle_timeout: '${idle_timeout}'\n%s  enable_http3: '${enable_http3_local}'\n",s,$i,s,s,s,s,s,s}' s='        ') || \
--- a/tailscale/Makefile
+++ b/tailscale/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=tailscale
-PKG_VERSION:=1.44.0
+PKG_VERSION:=1.50.0
 PKG_RELEASE:=1

-PKG_SOURCE:=tailscale-$(PKG_VERSION).tar.gz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/tailscale/tailscale/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=dc230cf3ac290140e573268a6e8f17124752ef064c8d3a86765a9dbb6f1bd354
+PKG_HASH:=a7e024577854c07b793c4bbd81a497250e6a1b4536e303351a388810f13b7316

 PKG_MAINTAINER:=Jan Pavlinec <jan.pavlinec1@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
@ -63,29 +63,7 @@ Package/tailscaled/description:=$(Package/tailscale/description)

 define Package/tailscaled/conffiles
 /etc/config/tailscale
-/etc/tailscale/tailscaled.state
-endef
-
-GO_IPTABLES_VERSION:=0.6.0
-GO_IPTABLES_FILE:=$(PKG_NAME)-go-iptables-$(GO_IPTABLES_VERSION).tar.gz
-
-define Download/go-iptables
-  URL:=https://codeload.github.com/coreos/go-iptables/tar.gz/v$(GO_IPTABLES_VERSION)?
-  URL_FILE:=$(GO_IPTABLES_FILE)
-  FILE:=$(GO_IPTABLES_FILE)
-  HASH:=a784cc17fcb17879f073eae47bc4c2e899f59f6906dac5a0aa7a9cc9f95ea66d
-endef
-
-define Build/Prepare
-	$(PKG_UNPACK)
-	[ ! -d ./src/ ] || $(CP) ./src/. $(PKG_BUILD_DIR)
-	$(eval $(call Download,go-iptables))
-	( \
-		mkdir -p $(PKG_BUILD_DIR)/patched/ ; \
-		gzip -dc $(DL_DIR)/$(GO_IPTABLES_FILE) | $(HOST_TAR) -C $(PKG_BUILD_DIR)/patched $(TAR_OPTIONS) ; \
-		mv $(PKG_BUILD_DIR)/patched/go-iptables-$(GO_IPTABLES_VERSION) $(PKG_BUILD_DIR)/patched/go-iptables ; \
-	)
-	$(Build/Patch)
+/etc/tailscale/
 endef

 define Package/tailscale/install
--- a/tailscale/files/tailscale.init
+++ b/tailscale/files/tailscale.init
@ -23,6 +23,9 @@ start_service() {
  procd_open_instance
  procd_set_param command /usr/sbin/tailscaled

+  # starting with v1.48.1 ENV variable is required to enable autodetection of iptables / nftables
+  procd_set_param env TS_DEBUG_FIREWALL_MODE=auto
+
  # Set the port to listen on for incoming VPN packets.
  # Remote nodes will automatically be informed about the new port number,
  # but you might want to configure this in order to set external firewall
--- a/tailscale/patches/010-fake_iptables.patch
+++ b/tailscale/patches/010-fake_iptables.patch
@ -1,53 +0,0 @@
--- a/go.mod
-+++ b/go.mod
-@@ -2,6 +2,8 @@ module tailscale.com
- 
- go 1.20
- 
-+replace github.com/coreos/go-iptables => ./patched/go-iptables
-+
- require (
- 	filippo.io/mkcert v1.4.4
- 	github.com/Microsoft/go-winio v0.6.1
--- a/patched/go-iptables/iptables/iptables.go
-+++ b/patched/go-iptables/iptables/iptables.go
-@@ -149,12 +149,39 @@ func New(opts ...option) (*IPTables, err
- 	return ipt, nil
- }
- 
-+func NewFake(opts ...option) (*IPTables, error) {
-+
-+	ipt := &IPTables{
-+		path:		   "/bin/false",
-+		proto:		   ProtocolIPv4,
-+		hasCheck:	   false,
-+		hasWait:	   false,
-+		waitSupportSecond: false,
-+		hasRandomFully:	   false,
-+		v1:		   0,
-+		v2:		   0,
-+		v3:		   0,
-+		mode:		   "legacy",
-+		timeout:	   0,
-+	}
-+
-+	for _, opt := range opts {
-+		opt(ipt)
-+	}
-+
-+	return ipt, nil
-+}
-+
- // New creates a new IPTables for the given proto.
- // The proto will determine which command is used, either "iptables" or "ip6tables".
- func NewWithProtocol(proto Protocol) (*IPTables, error) {
- 	return New(IPFamily(proto), Timeout(0))
- }
- 
-+func NewFakeWithProtocol(proto Protocol) (*IPTables, error) {
-+	return NewFake(IPFamily(proto), Timeout(0))
-+}
-+
- // Proto returns the protocol used by this IPTables.
- func (ipt *IPTables) Proto() Protocol {
- 	return ipt.proto
--- a/tailscale/patches/020-tailscaled_fake_iptables.patch
+++ b/tailscale/patches/020-tailscaled_fake_iptables.patch
@ -1,32 +0,0 @@
--- a/wgengine/router/router_linux.go
-+++ b/wgengine/router/router_linux.go
-@@ -129,7 +129,7 @@ func newUserspaceRouter(logf logger.Logf
- 
- 	ipt4, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
- 	if err != nil {
-		return nil, err
-+		ipt4, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv4)
- 	}
- 
- 	v6err := checkIPv6(logf)
-@@ -148,7 +148,7 @@ func newUserspaceRouter(logf logger.Logf
- 		// if unavailable. We want that to be a non-fatal error.
- 		ipt6, err = iptables.NewWithProtocol(iptables.ProtocolIPv6)
- 		if err != nil {
-			return nil, err
-+			ipt6, err = iptables.NewFakeWithProtocol(iptables.ProtocolIPv6)
- 		}
- 	}
- 
-@@ -1676,11 +1676,6 @@ func checkIPv6(logf logger.Logf) error {
- 		return fmt.Errorf("kernel doesn't support IPv6 policy routing: %w", err)
- 	}
- 
-	// Some distros ship ip6tables separately from iptables.
-	if _, err := exec.LookPath("ip6tables"); err != nil {
-		return err
-	}
-
- 	return nil
- }
- 
--- a/tailscale/patches/030-default_to_netfilter_off.patch
+++ b/tailscale/patches/030-default_to_netfilter_off.patch
@ -1,11 +0,0 @@
--- a/cmd/tailscale/cli/up.go
-+++ b/cmd/tailscale/cli/up.go
-@@ -147,7 +147,7 @@ func defaultNetfilterMode() string {
- 	if distro.Get() == distro.Synology {
- 		return "off"
- 	}
-	return "on"
-+	return "off"
- }
- 
- type upArgsT struct {
--- a/vsftpd-alt/Makefile
+++ b/vsftpd-alt/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=vsftpd-alt
 PKG_VERSION:=3.0.5
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 PKG_SOURCE:=vsftpd-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://security.appspot.com/downloads/