update 2024-09-04 00:15:57

2025-01-09 04:29:21 +08:00 · 2024-09-04 00:15:57 +08:00 · 2024-09-04 00:15:57 +08:00 · b8c70bb096
commit b8c70bb096
parent 1f96dc75ef
11 changed files with 767 additions and 713 deletions
--- a/luci-app-homeproxy/README
+++ b/luci-app-homeproxy/README
@ -1,6 +1,5 @@
 TODO:
 - Subscription page slow response with a large number of nodes
 - Refactor nft rules
- Support Clash selector, urltest etc.
 - Move ACL settings to a dedicated page
 - Any other improvements
--- a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
+++ b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
@ -106,6 +106,17 @@ return view.extend({
 		var features = data[1],
 		    hosts = data[2]?.hosts;

+		/* Cache all configured proxy nodes, they will be called multiple times */
+		var proxy_nodes = {};
+		uci.sections(data[0], 'node', (res) => {
+			var nodeaddr = ((res.type === 'direct') ? res.override_address : res.address) || '',
+			    nodeport = ((res.type === 'direct') ? res.override_port : res.port) || '';
+
+			proxy_nodes[res['.name']] =
+				String.format('[%s] %s', res.type, res.label || ((stubValidator.apply('ip6addr', nodeaddr) ?
+					String.format('[%s]', nodeaddr) : nodeaddr) + ':' + nodeport));
+		});
+
 		m = new form.Map('homeproxy', _('HomeProxy'),
 			_('The modern ImmortalWrt proxy platform for ARM64/AMD64.'));

@ -123,17 +134,6 @@ return view.extend({
 			]);
 		}

-		/* Cache all configured proxy nodes, they will be called multiple times */
-		var proxy_nodes = {};
-		uci.sections(data[0], 'node', (res) => {
-			var nodeaddr = ((res.type === 'direct') ? res.override_address : res.address) || '',
-			    nodeport = ((res.type === 'direct') ? res.override_port : res.port) || '';
-
-			proxy_nodes[res['.name']] =
-				String.format('[%s] %s', res.type, res.label || ((stubValidator.apply('ip6addr', nodeaddr) ?
-					String.format('[%s]', nodeaddr) : nodeaddr) + ':' + nodeport));
-		});
-
 		s = m.section(form.NamedSection, 'config', 'homeproxy');

 		s.tab('routing', _('Routing Settings'));
@ -234,14 +234,11 @@ return view.extend({

 		o = s.taboption('routing', form.Value, 'routing_port', _('Routing ports'),
 			_('Specify target ports to be proxied. Multiple ports must be separated by commas.'));
-		o.value('all', _('All ports'));
+		o.value('', _('All ports'));
 		o.value('common', _('Common ports only (bypass P2P traffic)'));
 		o.default = 'common';
-		o.rmempty = false;
 		o.validate = function(section_id, value) {
-			if (section_id && value !== 'all' && value !== 'common') {
-				if (!value)
-					return _('Expecting: %s').format(_('valid port value'));
+			if (section_id && value && value !== 'common') {

 				var ports = [];
 				for (var i of value.split(',')) {
@ -383,7 +380,7 @@ return view.extend({
 		so.editable = true;

 		so = ss.option(form.ListValue, 'domain_strategy', _('Domain strategy'),
-			_('If set, the server domain name will be resolved to IP before connecting.<br/>dns.strategy will be used if empty.'));
+			_('If set, the server domain name will be resolved to IP before connecting.<br/>'));
 		for (var i in hp.dns_strategy)
 			so.value(i, hp.dns_strategy[i]);
 		so.modalonly = true;
@ -725,7 +722,7 @@ return view.extend({
 		so.modalonly = true;

 		so = ss.option(form.ListValue, 'address_strategy', _('Address strategy'),
-			_('The domain strategy for resolving the domain name in the address. dns.strategy will be used if empty.'));
+			_('The domain strategy for resolving the domain name in the address.'));
 		for (var i in hp.dns_strategy)
 			so.value(i, hp.dns_strategy[i]);
 		so.modalonly = true;
--- a/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/status.js
+++ b/luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/status.js
@ -1,4 +1,5 @@
-/* SPDX-License-Identifier: GPL-2.0-only
+/*
+ * SPDX-License-Identifier: GPL-2.0-only
 *
 * Copyright (C) 2022-2023 ImmortalWrt.org
 */
--- a/luci-app-homeproxy/po/templates/homeproxy.pot
+++ b/luci-app-homeproxy/po/templates/homeproxy.pot
--- a/luci-app-homeproxy/po/zh_Hans/homeproxy.po
+++ b/luci-app-homeproxy/po/zh_Hans/homeproxy.po
--- a/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_post.ut
+++ b/luci-app-homeproxy/root/etc/homeproxy/scripts/firewall_post.ut
@ -50,7 +50,7 @@ if (routing_mode !== 'custom') {
 	bypass_cn_traffic = uci.get(cfgname, 'routing', 'bypass_cn_traffic') || '0';
 }

-let routing_port = uci.get(cfgname, 'config', 'routing_port') || 'common';
+let routing_port = uci.get(cfgname, 'config', 'routing_port');
 if (routing_port === 'common')
 	routing_port = uci.get(cfgname, 'infra', 'common_port') || '22,53,80,143,443,465,587,853,873,993,995,8080,8443,9418';

@ -222,7 +222,7 @@ set homeproxy_wan_direct_addr_v6 {
 }
 {% endif /* ipv6_support */ %}

-{% if (routing_port !== 'all'): %}
+{% if (routing_port): %}
 set homeproxy_routing_port {
 	type inet_service
 	flags interval
@ -248,7 +248,7 @@ chain homeproxy_redirect_proxy {
 }

 chain homeproxy_redirect_proxy_port {
-	{% if (routing_port !== 'all'): %}
+	{% if (routing_port): %}
 	tcp dport != @homeproxy_routing_port counter return
 	{% endif %}
 	goto homeproxy_redirect_proxy
@ -363,14 +363,14 @@ chain homeproxy_mangle_tproxy {
 }

 chain homeproxy_mangle_tproxy_port {
-	{% if (routing_port !== 'all'): %}
+	{% if (routing_port): %}
 	udp dport != @homeproxy_routing_port counter return
 	{% endif %}
 	goto homeproxy_mangle_tproxy
 }

 chain homeproxy_mangle_mark {
-	{% if (routing_port !== 'all'): %}
+	{% if (routing_port): %}
 	udp dport != @homeproxy_routing_port counter return
 	{% endif %}
 	meta l4proto udp mark set {{ tproxy_mark }} counter accept
@ -557,7 +557,7 @@ chain homeproxy_mangle_lanac {
 }

 chain homeproxy_mangle_tun_mark {
-	{% if (routing_port !== 'all'): %}
+	{% if (routing_port): %}
 	{% if (proxy_mode === 'tun'): %}
 	tcp dport != @homeproxy_routing_port counter return
 	{% endif /* proxy_mode */ %}
--- a/luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc
+++ b/luci-app-homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc
@ -543,7 +543,10 @@ function main() {
 			log(sprintf('Removing node: %s.', cfg.label || cfg['name']));
 		} else {
 			map(keys(node_cache[cfg.grouphash][cfg['.name']]), (v) => {
-				uci.set(uciconfig, cfg['.name'], v, node_cache[cfg.grouphash][cfg['.name']][v]);
+				if (v in node_cache[cfg.grouphash][cfg['.name']])
+					uci.set(uciconfig, cfg['.name'], v, node_cache[cfg.grouphash][cfg['.name']][v]);
+				else
+					uci.delete(uciconfig, cfg['.name'], v);
 			});
 			node_cache[cfg.grouphash][cfg['.name']].isExisting = true;
 		}
--- a/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy-migration
+++ b/luci-app-homeproxy/root/etc/uci-defaults/luci-homeproxy-migration
@ -11,6 +11,11 @@ elif echo "$china_dns_server" | grep -q ","; then
 		uci -q add_list "homeproxy.config.china_dns_server"="$dns"
 	done
 fi
+
+if [ "$(uci -q get homeproxy.config.routing_port)" = "all" ]; then
+	uci -q delete "homeproxy.config.routing_port"
+fi
+
 [ -z "$(uci -q changes "homeproxy")" ] || uci -q commit "homeproxy"

 exit 0
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@ -7,6 +7,7 @@ local has_xray = api.finded_com("xray")
 local has_gfwlist = api.fs.access("/usr/share/passwall/rules/gfwlist")
 local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
 local has_chnroute = api.fs.access("/usr/share/passwall/rules/chnroute")
+local chinadns_tls = os.execute("chinadns-ng -V | grep -i wolfssl >/dev/null")

 m = Map(appname)

@ -63,8 +64,8 @@ uci:foreach(appname, "socks", function(s)
 end)

 local doh_validate = function(self, value, t)
+	value = value:gsub("%s+", "")
 	if value ~= "" then
-		value = api.trim(value)
 		local flag = 0
 		local util = require "luci.util"
 		local val = util.split(value, ",")
@ -103,8 +104,8 @@ local chinadns_dot_validate = function(self, value, t)
 		end
 		return true
 	end
+	value = value:gsub("%s+", "")
 	if value ~= "" then
-		value = api.trim(value)
 		if isValidDoTString(value) then
 			return value
 		end
@ -298,7 +299,7 @@ o.default = ""
 o:value("", translate("Auto"))
 o:value("udp", translatef("Requery DNS By %s", "UDP"))
 o:value("tcp", translatef("Requery DNS By %s", "TCP"))
-if os.execute("chinadns-ng -V | grep -i wolfssl >/dev/null") == 0 then
+if chinadns_tls == 0 then
 	o:value("dot", translatef("Requery DNS By %s", "DoT"))
 end
 --TO DO
@ -326,7 +327,7 @@ o:value("180.184.1.1")
 o:value("180.184.2.2")
 o:depends("direct_dns_mode", "tcp")

-o = s:taboption("DNS", Value, "direct_dns_dot", translate("Direct DNS"))
+o = s:taboption("DNS", Value, "direct_dns_dot", translate("Direct DNS DoT"))
 o.default = "tls://dot.pub@1.12.12.12"
 o:value("tls://dot.pub@1.12.12.12")
 o:value("tls://dot.pub@120.53.53.53")
@ -344,6 +345,9 @@ o.default = "0"
 dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
 dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
 dns_mode:value("tcp", translatef("Requery DNS By %s", "TCP"))
+if chinadns_tls == 0 then
+	dns_mode:value("dot", translatef("Requery DNS By %s", "DoT"))
+end
 if api.is_finded("dns2socks") then
 	dns_mode:value("dns2socks", "dns2socks")
 end
@ -399,8 +403,8 @@ o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
 o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
 o:value("8.8.4.4", "8.8.4.4 (Google)")
 o:value("8.8.8.8", "8.8.8.8 (Google)")
-o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
-o:value("149.112.112.112", "149.112.112.112 (Quad9-Recommended)")
+o:value("9.9.9.9", "9.9.9.9 (Quad9)")
+o:value("149.112.112.112", "149.112.112.112 (Quad9)")
 o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
 o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
 o:depends({dns_mode = "dns2socks"})
@ -410,19 +414,35 @@ o:depends({xray_dns_mode = "tcp"})
 o:depends({xray_dns_mode = "tcp+doh"})
 o:depends({singbox_dns_mode = "tcp"})

+---- DoT
+o = s:taboption("DNS", Value, "remote_dns_dot", translate("Remote DNS DoT"))
+o.default = "tls://dns.google@8.8.4.4"
+o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.0.0.1", "1.0.0.1 (CloudFlare)")
+o:value("tls://1dot1dot1dot1.cloudflare-dns.com@1.1.1.1", "1.1.1.1 (CloudFlare)")
+o:value("tls://dns.google@8.8.4.4", "8.8.4.4 (Google)")
+o:value("tls://dns.google@8.8.8.8", "8.8.8.8 (Google)")
+o:value("tls://dns.quad9.net@9.9.9.9", "9.9.9.9 (Quad9)")
+o:value("tls://dns.quad9.net@149.112.112.112", "149.112.112.112 (Quad9)")
+o:value("tls://dns.adguard.com@94.140.14.14", "94.140.14.14 (AdGuard)")
+o:value("tls://dns.adguard.com@94.140.15.15", "94.140.15.15 (AdGuard)")
+o:value("tls://dns.opendns.com@208.67.222.222", "208.67.222.222 (OpenDNS)")
+o:value("tls://dns.opendns.com@208.67.220.220", "208.67.220.220 (OpenDNS)")
+o.validate = chinadns_dot_validate
+o:depends("dns_mode", "dot")
+
 ---- DoH
 o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
 o.default = "https://1.1.1.1/dns-query"
-o:value("https://1.1.1.1/dns-query", "CloudFlare")
-o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
-o:value("https://8.8.4.4/dns-query", "Google 8844")
-o:value("https://8.8.8.8/dns-query", "Google 8888")
-o:value("https://9.9.9.9/dns-query", "Quad9-Recommended 9.9.9.9")
-o:value("https://149.112.112.112/dns-query", "Quad9-Recommended 149.112.112.112")
-o:value("https://208.67.222.222/dns-query", "OpenDNS")
-o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
-o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
-o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
+o:value("https://1.1.1.1/dns-query", "1.1.1.1 (CloudFlare)")
+o:value("https://1.1.1.2/dns-query", "1.1.1.2 (CloudFlare-Security)")
+o:value("https://8.8.4.4/dns-query", "8.8.4.4 (Google)")
+o:value("https://8.8.8.8/dns-query", "8.8.8.8 (Google)")
+o:value("https://9.9.9.9/dns-query", "9.9.9.9 (Quad9)")
+o:value("https://149.112.112.112/dns-query", "149.112.112.112 (Quad9)")
+o:value("https://208.67.222.222/dns-query", "208.67.222.222 (OpenDNS)")
+o:value("https://dns.adguard.com/dns-query,94.140.14.14", "94.140.14.14 (AdGuard)")
+o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "116.202.176.26 (LibreDNS)")
+o:value("https://doh.libredns.gr/ads,116.202.176.26", "116.202.176.26 (LibreDNS-NoAds)")
 o.validate = doh_validate
 o:depends({xray_dns_mode = "tcp+doh"})
 o:depends({singbox_dns_mode = "doh"})
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@ -124,6 +124,9 @@ msgstr "TCP 节点必须是 '%s' 类型才能使用 FakeDNS。"
 msgid "Direct DNS"
 msgstr "直连 DNS"

+msgid "Direct DNS DoT"
+msgstr "直连 DNS DoT"
+
 msgid "Remote DNS"
 msgstr "远程 DNS"

@ -154,6 +157,9 @@ msgstr "请求协议"
 msgid "Remote DNS DoH"
 msgstr "远程 DNS DoH"

+msgid "Remote DNS DoT"
+msgstr "远程 DNS DoT"
+
 msgid "Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address)."
 msgstr "用于 DNS 查询时通知 DNS 服务器，客户端所在的地理位置（不能是私有 IP 地址）。"

--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -1370,6 +1370,7 @@ stop_crontab() {
 start_dns() {
 	echolog "DNS域名解析："

+	local chinadns_tls=$(chinadns-ng -V | grep -i wolfssl)
 	local china_ng_local_dns=$(IFS=','; set -- $LOCAL_DNS; [ "${1%%[#:]*}" = "127.0.0.1" ] && echo "$1" || ([ -n "$2" ] && echo "$1,$2" || echo "$1"))
 	local sing_box_local_dns=
 	local direct_dns_mode=$(config_t_get global direct_dns_mode "auto")
@ -1392,7 +1393,7 @@ start_dns() {
 			echolog "  * 请确保上游直连 DNS 支持 TCP 查询。"
 		;;
 		dot)
-			if [ "$(chinadns-ng -V | grep -i wolfssl)" != "nil" ]; then
+			if [ "$chinadns_tls" != "nil" ]; then
 				LOCAL_DNS="127.0.0.1#${dns_listen_port}"
 				local cdns_listen_port=${dns_listen_port}
 				dns_listen_port=$(expr $dns_listen_port + 1)
@ -1489,6 +1490,39 @@ start_dns() {
 			run_xray ${_args}
 		}
 	;;
+	dot)
+		use_tcp_node_resolve_dns=1
+		if [ "$chinadns_tls" != "nil" ]; then
+			if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
+				local china_ng_listen_port=${dns_listen_port}
+				local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4")
+				local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
+				local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
+				REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}"
+			else
+				local china_ng_listen_port=${dns_listen_port}
+				local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4")
+				ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${china_ng_listen_port} -t ${china_ng_trust_dns} -d gfw
+				echolog "  - ChinaDNS-NG(${TUN_DNS}) -> ${china_ng_trust_dns}"
+
+				local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
+				local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
+				REMOTE_DNS="$tmp_dot_ip#${tmp_dot_port:-853}"
+			fi
+		else
+			echolog "  - 你的ChinaDNS-NG版本不支持DoT，远程DNS将默认使用tcp://1.1.1.1"
+
+			if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then
+				local china_ng_listen_port=${dns_listen_port}
+				local china_ng_trust_dns="tcp://1.1.1.1"
+				REMOTE_DNS="1.1.1.1"
+			else
+				REMOTE_DNS="1.1.1.1"
+				ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${TUN_DNS}" -R "$(get_first_dns REMOTE_DNS 53)" -v
+				echolog "  - dns2tcp(${TUN_DNS}) -> tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')"
+			fi
+		fi
+	;;
 	udp)
 		use_udp_node_resolve_dns=1
 		if [ "$DNS_SHUNT" = "chinadns-ng" ] && [ -n "$(first_type chinadns-ng)" ]; then