update 2023-02-01 13:44:15

2025-01-08 11:37:36 +08:00 · 2023-02-01 13:44:15 +08:00 · 2023-02-01 13:44:15 +08:00 · af297b58fc
commit af297b58fc
parent 98b2972b75
16 changed files with 27949 additions and 293 deletions
--- a/luci-app-mosdns/Makefile
+++ b/luci-app-mosdns/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-mosdns
-PKG_VERSION:=1.4
+PKG_VERSION:=1.5
 PKG_RELEASE:=1

 LUCI_TITLE:=LuCI Support for mosdns
 LUCI_PKGARCH:=all
-LUCI_DEPENDS:=+mosdns +jsonfilter +bash +luci-compat +v2ray-geoip +v2ray-geosite +zoneinfo-asia
+LUCI_DEPENDS:=+mosdns-v5 +jsonfilter +bash +luci-compat +zoneinfo-asia

 define Package/$(PKG_NAME)/conffiles
 /etc/mosdns/cus_config.yaml
--- a/luci-app-mosdns/root/etc/mosdns/def_config_orig.yaml
+++ b/luci-app-mosdns/root/etc/mosdns/def_config_orig.yaml
@ -1,165 +1,204 @@
-# 日志设置
 log:
-  level:                   loglvl
-  file:                    logfile
-
-# 数据源设置
-data_providers:
-  - tag:                   geosite
-    file:                  "/usr/share/v2ray/geosite.dat"
-    auto_reload:           true
-
-  - tag:                   geoip
-    file:                  "/usr/share/v2ray/geoip.dat"
-    auto_reload:           true
-
-  - tag:                   adlist
-    file:                  "./rule/serverlist.txt"
-    auto_reload:           true
-
-  - tag:                   whitelist
-    file:                  "./rule/whitelist.txt"
-    auto_reload:           true
-
-  - tag:                   hosts
-    file:                  "./rule/hosts.txt"
-    auto_reload:           true
-
-  - tag:                   blocklist
-    file:                  "./rule/blocklist.txt"
-    auto_reload:           true
- 
-  - tag:                   redirect
-    file:                  "./rule/redirect.txt"
-    auto_reload:           true
-
-# 插件
+  level: loglvl
+  file: "logfile"
+  
+# api:
+#   http: "127.0.0.1:8080" # 在该地址启动 api 接口。
+  
 plugins:
-  - tag:                   "query_is_whitelist_domain"
-    type:                  query_matcher
+  # 加载配置
+  # 国内域名
+  - tag: geosite_cn
+    type: domain_set
    args:
-      domain:
-            - "provider:whitelist"
-
-  - tag:                   "query_is_blocklist_domain"
-    type:                  query_matcher
+      files:                        # 从文本文件载入
+        - "/etc/mosdns/rule/geosite_cn.txt"
+  
+  # 国内ip
+  - tag: geoip_cn
+    type: ip_set
    args:
-      domain:
-            - "provider:blocklist"
+      files:                        # 从文本文件载入
+        - "/etc/mosdns/rule/geoip_cn.txt"

-  - tag:                   "query_is_local_domain"
-    type:                  query_matcher
+  # 国外域名
+  - tag: geosite_no_cn
+    type: domain_set
    args:
-      domain:
-        - "provider:geosite:cn"
+      files:                        # 从文本文件载入
+        - "/etc/mosdns/rule/geosite_no_cn.txt"

-  - tag:                   "query_is_non_local_domain"
-    type:                  query_matcher
+  # 白名单 加入的域名始终允许使用 “本地 DNS” 进行解析
+  - tag: whitelist
+    type: domain_set
    args:
-      domain:
-        - "provider:geosite:geolocation-!cn"
+      files:                        # 从文本文件载入
+        - "/etc/mosdns/rule/whitelist.txt"

-  - tag:                   "query_is_qtype65"
-    type:                  query_matcher
+  # 黑名单 加入的域名将屏蔽 DNS 解析
+  - tag: blocklist
+    type: domain_set
    args:
-      qtype:               [65]
+      files:                        # 从文本文件载入
+        - "/etc/mosdns/rule/blocklist.txt"

-  - tag:                   "query_is_ad_domain"
-    type:                  query_matcher
+  # 自定义 Hosts 重写
+  - tag: hosts
+    type: hosts
    args:
-      domain:
-        - "provider:adlist"
+      files:                        # 从文本文件载入
+        - "/etc/mosdns/rule/hosts.txt"

-  - tag:                   "response_has_local_ip"
-    type:                  response_matcher
+  # 重定向请求的域名
+  - tag: redirect
+    type: redirect
    args:
-      ip:
-        - "provider:geoip:cn"
+      files:
+        - "/etc/mosdns/rule/redirect.txt"

-  - tag:                   "query_is_hosts_domain"
-    type:                  hosts
+  # 广告列表
+  - tag: adlist
+    type: domain_set
    args:
-      hosts:
-           - "provider:hosts"
+      files:
+        - "/etc/mosdns/rule/serverlist.txt"

-  - tag:                   "query_is_redirect_domain"
-    type:                  redirect
+  # 缓存
+  - tag: cache
+    type: cache
    args:
-      rule:
-          - "provider:redirect"
+      size: cache_size
+      lazy_cache_ttl: 259200

-  - tag:                   "reverse"
-    type:                  "reverse_lookup"
+  # 转发至本地服务器
+  - tag: forward_local
+    type: forward
    args:
-      size:                65535
-      ttl:                 1800
-      handle_ptr:          true 
-
-  - tag:                   "lazy_cache"
-    type:                  cache
+      upstreams:
+        - addr: localdns1
+        - addr: localdns2
+  
+  # 转发至远程服务器
+  - tag: forward_remote
+    type: forward
    args:
-      size:                512000
-      lazy_cache_ttl:      259200
+      upstreams:
+        - addr: remotedns1
+        - addr: remotedns2

-  - tag:                   "forward_local"
-    type:                  fast_forward
+  # 国内解析
+  - tag: local_sequence
+    type: sequence
    args:
-      upstream:
-        - addr:            localdns1
-        - addr:            localdns2
+      - exec: $forward_local

-  - tag:                   "forward_remote"
-    type:                  fast_forward
+  # 国外解析
+  - tag: remote_sequence
+    type: sequence
    args:
-      upstream:
-        - addr:            remotedns1
-          enable_pipeline: true
-        - addr:            remotedns2
-          enable_pipeline: true
-
-  - tag:                   main_sequence
-    type:                  sequence
+      - exec: prefer_ipv4
+      - exec: $forward_remote
+  
+  # 有响应终止返回
+  - tag: has_resp_sequence
+    type: sequence
    args:
-      exec:
-        - _misc_optm
-        - reverse
-        - lazy_cache
-        - query_is_hosts_domain
-        - query_is_redirect_domain
-        - _no_ecs
-        - if:              "query_is_whitelist_domain"
-          exec:
-            - forward_local
-            - _return
-        - if:              "query_is_blocklist_domain || query_is_ad_domain || query_is_qtype65"
-          exec:
-            - _new_nxdomain_response
-            - _return
-        - if:              "query_is_local_domain"
-          exec:
-            - forward_local
-            - _return
-        - if:              "query_is_non_local_domain"
-          exec:
-            - _prefer_ipv4
-            - forward_remote
-            - _return
-        - primary:
-            - forward_local
-            - if:          "(! response_has_local_ip) && [_response_valid_answer]"
-              exec:
-                - _drop_response
-          secondary:
-            - _prefer_ipv4
-            - forward_remote
-          fast_fallback:   150
-          always_standby:  true
+      - matches: has_resp
+        exec: accept

-# 服务器设置
-servers:
-  - exec:                  main_sequence
-    listeners:
-      - protocol:          udp
-        addr:              127.0.0.1:listenport
-      - protocol:          tcp
-        addr:              127.0.0.1:listenport
+
+  # fallback 用本地服务器 sequence
+  # 返回不包含本地 ip 则 reject
+  - tag: query_is_local_ip
+    type: sequence
+    args:
+      - exec: $local_sequence
+      - matches: resp_ip $geoip_cn
+        exec: accept
+      - exec: reject
+
+  # fallback 用远程服务器 sequence
+  - tag: query_is_remote
+    type: sequence
+    args:
+      - exec: $remote_sequence
+      - exec: accept
+
+  # fallback 用远程服务器 sequence
+  - tag: fallback
+    type: fallback
+    args:
+      primary: query_is_local_ip
+      secondary: query_is_remote
+      threshold: 150
+      always_standby: true
+
+
+  # 查询国内域名
+  - tag: query_is_local_domain
+    type: sequence
+    args:
+      - matches: qname $geosite_cn
+        exec: $local_sequence
+
+  # 查询国外域名
+  - tag: query_is_no_local_domain
+    type: sequence
+    args:
+      - matches: qname $geosite_no_cn
+        exec: $remote_sequence
+
+  # 查询白名单
+  - tag: query_is_whitelist_domain
+    type: sequence
+    args:
+      - matches: qname $whitelist
+        exec: $local_sequence
+      - exec: jump has_resp_sequence
+
+  # 拒绝名单
+  - tag: query_is_reject_domain
+    type: sequence
+    args:
+      - matches: qname $blocklist
+        exec: reject 3
+      - matches: qname $adlist
+        exec: reject 3
+      - matches:
+        - qtype 12
+        exec: reject 3
+      - matches: qtype 65
+        exec: reject 3
+  
+  # 主要的运行逻辑插件
+  # sequence 插件中调用的插件 tag 必须在 sequence 前定义，
+  # 否则 sequence 找不到对应插件。
+  - tag: main_sequence
+    type: sequence
+    args:
+      - exec: $hosts
+      - exec: jump has_resp_sequence
+      - exec: $redirect
+      - exec: jump has_resp_sequence
+      - exec: $query_is_whitelist_domain
+      - exec: $query_is_reject_domain
+      - exec: $cache
+      - exec: jump has_resp_sequence
+      - exec: $query_is_local_domain
+      - exec: jump has_resp_sequence
+      - exec: $query_is_no_local_domain
+      - exec: jump has_resp_sequence
+      - exec: $fallback
+
+  # 启动 udp 服务器。
+  - tag: udp_server
+    type: udp_server
+    args:
+      entry: main_sequence
+      listen: "127.0.0.1:listenport"
+  # 启动 tcp 服务器。
+  - tag: tcp_server
+    type: tcp_server
+    args:
+      entry: main_sequence
+      listen: "127.0.0.1:listenport"
--- a/luci-app-mosdns/root/etc/mosdns/mosupdater.sh
+++ b/luci-app-mosdns/root/etc/mosdns/mosupdater.sh
@ -4,26 +4,27 @@ set -o pipefail
 source /etc/mosdns/lib.sh

 TMPDIR=$(mktemp -d) || exit 1
-getdat geoip.dat
-getdat geosite.dat
-if [ "$(grep -o CN "$TMPDIR"/geoip.dat | wc -l)" -eq 0 ]; then
-  rm -rf "$TMPDIR"/geoip.dat
+getdat geosite_cn.txt
+getdat geosite_no_cn.txt
+getdat geoip_cn.txt
+if [ "$(grep -o cn "$TMPDIR"/geosite_cn.txt | wc -l)" -lt 100 ]; then
+  rm -rf "$TMPDIR"/geosite_cn.txt
 fi
-if [ "$(grep -o .com "$TMPDIR"/geosite.dat | wc -l)" -lt 1000 ]; then
-  rm -rf "$TMPDIR"/geosite.dat
+if [ "$(grep -o google "$TMPDIR"/geosite_no_cn.txt | wc -l)" -eq 0 ]; then
+  rm -rf "$TMPDIR"/geosite_no_cn.txt
 fi
-cp -rf "$TMPDIR"/* /usr/share/v2ray
+cp -rf "$TMPDIR"/* /etc/mosdns/rule
 rm -rf "$TMPDIR"

 syncconfig=$(uci -q get mosdns.mosdns.syncconfig)
 if [ "$syncconfig" -eq 1 ]; then
  TMPDIR=$(mktemp -d) || exit 2
-  getdat def_config_v4.yaml
+  getdat def_config_v5.yaml

-  if [ "$(grep -o plugin "$TMPDIR"/def_config_v4.yaml | wc -l)" -eq 0 ]; then
-    rm -rf "$TMPDIR"/def_config_v4.yaml
+  if [ "$(grep -o plugin "$TMPDIR"/def_config_v5.yaml | wc -l)" -eq 0 ]; then
+    rm -rf "$TMPDIR"/def_config_v5.yaml
  else
-    mv "$TMPDIR"/def_config_v4.yaml "$TMPDIR"/def_config_orig.yaml
+    mv "$TMPDIR"/def_config_v5.yaml "$TMPDIR"/def_config_orig.yaml
  fi
  cp -rf "$TMPDIR"/* /etc/mosdns
  rm -rf "$TMPDIR"
--- a/luci-app-mosdns/root/etc/mosdns/rule/geoip_cn.txt
+++ b/luci-app-mosdns/root/etc/mosdns/rule/geoip_cn.txt
--- a/luci-app-mosdns/root/etc/mosdns/rule/geosite_cn.txt
+++ b/luci-app-mosdns/root/etc/mosdns/rule/geosite_cn.txt
--- a/luci-app-mosdns/root/etc/mosdns/rule/geosite_no_cn.txt
+++ b/luci-app-mosdns/root/etc/mosdns/rule/geosite_no_cn.txt
--- a/luci-app-mosdns/root/etc/mosdns/rule/serverlist.txt
+++ b/luci-app-mosdns/root/etc/mosdns/rule/serverlist.txt
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=4.56
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -1377,10 +1377,11 @@ stop() {
 	stop_crontab
 	source $APP_PATH/helper_dnsmasq.sh del
 	source $APP_PATH/helper_dnsmasq.sh restart no_log=1
+	[ -s "$TMP_PATH/bridge_nf_ipt" ] && sysctl -w net.bridge.bridge-nf-call-iptables=$(cat $TMP_PATH/bridge_nf_ipt) >/dev/null 2>&1
+	[ -s "$TMP_PATH/bridge_nf_ip6t" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=$(cat $TMP_PATH/bridge_nf_ip6t) >/dev/null 2>&1
 	rm -rf ${TMP_PATH}
 	rm -rf /tmp/lock/${CONFIG}_script.lock
 	echolog "清空并关闭相关程序和缓存完成。"
-	/etc/init.d/sysctl restart
 	exit 0
 }

--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -1224,8 +1224,14 @@ add_firewall_rule() {
 	# dns_hijack "force"

 	[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
+		bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
+		echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
 		sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
-		[ "$PROXY_IPV6" == "1" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
+		[ "$PROXY_IPV6" == "1" ] && {
+			bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
+			echo -n $bridge_nf_ip6t > $TMP_PATH/bridge_nf_ip6t
+			sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
+		}
 	}
 	echolog "防火墙规则加载完成！"
 }
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@ -1226,8 +1226,14 @@ add_firewall_rule() {
 	# dns_hijack "force"

 	[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
+		bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
+		echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
 		sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
-		[ "$PROXY_IPV6" == "1" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
+		[ "$PROXY_IPV6" == "1" ] && {
+			bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
+			echo -n $bridge_nf_ip6t > $TMP_PATH/bridge_nf_ip6t
+			sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
+		}
 	}
 	echolog "防火墙规则加载完成！"
 }
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall2
 PKG_VERSION:=1.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@ -756,8 +756,14 @@ start() {
 			run_global
 			source $APP_PATH/iptables.sh start
 			source $APP_PATH/helper_dnsmasq.sh logic_restart
+			bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
+			echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
 			sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
-			[ "$PROXY_IPV6" == "1" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
+			[ "$PROXY_IPV6" == "1" ] && {
+				bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
+				echo -n $bridge_nf_ip6t > $TMP_PATH/bridge_nf_ip6t
+				sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
+			}
 		fi
 	}
 	start_crontab
@ -775,10 +781,11 @@ stop() {
 	stop_crontab
 	source $APP_PATH/helper_dnsmasq.sh del
 	source $APP_PATH/helper_dnsmasq.sh restart no_log=1
+	[ -s "$TMP_PATH/bridge_nf_ipt" ] && sysctl -w net.bridge.bridge-nf-call-iptables=$(cat $TMP_PATH/bridge_nf_ipt) >/dev/null 2>&1
+	[ -s "$TMP_PATH/bridge_nf_ip6t" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=$(cat $TMP_PATH/bridge_nf_ip6t) >/dev/null 2>&1
 	rm -rf ${TMP_PATH}
 	rm -rf /tmp/lock/${CONFIG}_script.lock
 	echolog "清空并关闭相关程序和缓存完成。"
-	/etc/init.d/sysctl restart
 	exit 0
 }

--- a/luci-theme-argon/htdocs/luci-static/argon/css/cascade.css
+++ b/luci-theme-argon/htdocs/luci-static/argon/css/cascade.css
--- a/luci-theme-argon/htdocs/luci-static/argon/less/cascade.less
+++ b/luci-theme-argon/htdocs/luci-static/argon/less/cascade.less
@ -114,6 +114,9 @@ body {
    box-sizing: border-box;
 }

+textarea {
+    padding: 0.2rem;
+}
 ::selection {
    background-color: #5e72e4;
    background-color: var(--primary);
@ -2137,6 +2140,8 @@ body:not(.Interfaces) .cbi-rowstyle-2:first-child {
 }

 .cbi-dynlist>.item {
+    display: inline-flex;
+    flex-wrap: nowrap;
    position: relative;
    max-width: 25rem;
    pointer-events: none;
@ -2149,11 +2154,6 @@ body:not(.Interfaces) .cbi-rowstyle-2:first-child {
 }

 .cbi-dynlist>.item::after {
-    position: absolute;
-    width: 2.2rem !important;
-    height: calc(100% - 0.5rem - 2px);
-    right: 0;
-    bottom: 0;
    content: "\00D7";
    pointer-events: auto;
    background-color: var(--red);
@ -2163,16 +2163,13 @@ body:not(.Interfaces) .cbi-rowstyle-2:first-child {
    align-items: center;
    justify-content: center;
    line-height: 1.5rem;
-    padding: 0;
    margin: 0.25rem 0.1rem 0.25rem 0;
    color: #fff;
    border: 1px solid #f5365c;
-    border-radius: 0.25rem;
+    border-radius: 0 0.25rem 0.25rem 0;
    outline: 0;
    background-image: none;
    box-shadow: none;
-    border-top-left-radius: 0;
-    border-bottom-left-radius: 0;
 }

 .cbi-dynlist>.item>span {
@ -2180,17 +2177,17 @@ body:not(.Interfaces) .cbi-rowstyle-2:first-child {
    word-break: break-word;
    line-height: 1.5rem;
    padding: 0.5rem 0.5rem;
-    margin: 0.25rem 0.1rem;
+    margin: 0.25rem 0 0.25rem 0.1rem;
    color: #8898aa;
    border: 1px solid #dee2e6;
-    border-radius: 0.25rem;
+    border-radius: .25rem 0 0 .25rem;
    outline: 0;
    background-image: none;
    box-shadow: none;
    display: block;
    transition: box-shadow 0.15s ease;
    box-sizing: border-box;
-    min-width: 15rem;
+    min-width: 15.5rem;
 }

 .cbi-dynlist>.add-item {
--- a/mosdns/Makefile
+++ b/mosdns/Makefile
@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=mosdns
-PKG_VERSION:=f130472
+PKG_VERSION:=e8fe435
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=mosdns-$(PKG_VERSION).tar.gz
@ -44,7 +44,7 @@ define Package/mosdns
  DEPENDS:=$(GO_ARCH_DEPENDS)
 endef

-define Package/mosdns
+define Package/mosdns-v5
  $(call Package/mosdns/Default)
  DEPENDS:=$(GO_ARCH_DEPENDS)
 endef
@ -81,10 +81,10 @@ define Package/mosdns/install
 	$(call GoPackage/Package/Install/Bin,$(1))
 endef

-define Package/mosdns/install
+define Package/mosdns-v5/install
 	$(call GoPackage/Package/Install/Bin,$(1))
 endef

 $(eval $(call GoBinPackage,mosdns))
 $(eval $(call BuildPackage,mosdns))
-$(eval $(call BuildPackage,mosdns))
+$(eval $(call BuildPackage,mosdns-v5))