From e0e989b908aa5d2c2c7118ddb4969914a59869c6 Mon Sep 17 00:00:00 2001 From: actions-user Date: Mon, 23 Dec 2024 04:12:53 +0800 Subject: [PATCH] update 2024-12-23 04:12:53 --- chinadns-ng/Makefile | 20 +++++++-------- .../model/cbi/passwall/client/acl_config.lua | 9 +++---- .../model/cbi/passwall/client/global.lua | 3 ++- .../luasrc/passwall/util_sing-box.lua | 4 ++- .../luasrc/passwall/util_xray.lua | 4 +-- .../root/usr/share/passwall/app.sh | 25 +++++++++++-------- .../root/usr/share/passwall/iptables.sh | 2 +- .../root/usr/share/passwall/nftables.sh | 2 +- 8 files changed, 38 insertions(+), 31 deletions(-) diff --git a/chinadns-ng/Makefile b/chinadns-ng/Makefile index c7e615ee..5037d822 100644 --- a/chinadns-ng/Makefile +++ b/chinadns-ng/Makefile @@ -3,41 +3,41 @@ include $(TOPDIR)/rules.mk PKG_NAME:=chinadns-ng -PKG_VERSION:=2024.11.17 +PKG_VERSION:=2024.12.22 PKG_RELEASE:=1 ifeq ($(ARCH),aarch64) ifeq ($(BOARD),rockchip) PKG_ARCH:=chinadns-ng+wolfssl@aarch64-linux-musl@generic+v8a@fast+lto - PKG_HASH:=590627101162b2ae2fd55ad27b290745fcd9d77fe5073f0e006770388edd9103 + PKG_HASH:=2e17092170abf989c5333a021cdb6789059069a24cf06856a5805336b99fd1a7 else PKG_ARCH:=chinadns-ng+wolfssl_noasm@aarch64-linux-musl@generic+v8a@fast+lto - PKG_HASH:=b2e53d1fdc5d65b5f2a1dc26428bf15b86d84f51748ff1970d58bf301f69d2c0 + PKG_HASH:=a4d58dc9f9a6d49133f008b4f3941486396934ae2b3f9ebf9b8bf5e3d1cf656b endif else ifeq ($(ARCH),arm) ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE)))) ifeq ($(ARM_CPU_FEATURES),) PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v6+soft_float@fast+lto - PKG_HASH:=511f9700e38b1f4ba65fefccd7c4f4a77773a8ebad0600c89e315286561e9288 + PKG_HASH:=e0af25ed7516b4e2bffd8cfb22b45cc1dbdeb47bce02f6495ca8ea1c407fd75c else PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabihf@generic+v7a@fast+lto - PKG_HASH:=13244ea7b722ad117ad7aaf32187a7ac11361ddda1201c632e9b9650fb24a824 + PKG_HASH:=e7a42ed517c73c56bdd7ddf52b5e1263b7aea488ceb82c303278fc7760353b90 endif else ifeq ($(ARCH),mips) PKG_ARCH:=chinadns-ng+wolfssl@mips-linux-musl@mips32+soft_float@fast+lto - PKG_HASH:=aca11ed4c513db6970c46f54f0449c9a49722eb4f80be11a915d4d550d2726e9 + PKG_HASH:=926811e55d46ed275f678b62d9fe67e35a053243475306c391b1c3c6a61d9710 else ifeq ($(ARCH),mipsel) PKG_ARCH:=chinadns-ng+wolfssl@mipsel-linux-musl@mips32+soft_float@fast+lto - PKG_HASH:=82eed3511c11f1cb5c2e611a97d42f9264640bea1e029c04337d073788f65d19 + PKG_HASH:=071ed28e06f9306b4f25c2b9a9bb83ddcfb4dde0cc08d0b232efd772f8a8792a else ifeq ($(ARCH),mips64) PKG_ARCH:=chinadns-ng+wolfssl@mips64-linux-musl@mips64+soft_float@fast+lto - PKG_HASH:=51ca556136ec442b8af642764f9d59eaef3d3c58cf11331db7c87d5ea0825fa1 + PKG_HASH:=b79090caee28ce266829ae82edb97ac18c65c6c570625912533d46753def0515 else ifeq ($(ARCH),i386) PKG_ARCH:=chinadns-ng+wolfssl@i386-linux-musl@i686@fast+lto - PKG_HASH:=35c21309fd334d43e3f5b5e7194d6acc49ceeb358e76b6074ecc3b9e370c2bd7 + PKG_HASH:=1149d9fdcf0ca798c63624e62e6c76314aa7b0940e782cc0d064e618772c4b22 else ifeq ($(ARCH),x86_64) PKG_ARCH:=chinadns-ng+wolfssl@x86_64-linux-musl@x86_64@fast+lto - PKG_HASH:=30b02f9a6451f2a473d23210ea652b13c4ce6a1c01aadfabf34e5f47203b2628 + PKG_HASH:=4b9548191b856690182f98b721512b9a50004986ecebf6eeed71cb709acbd1f5 else PKG_HASH:=dummy endif diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua index 82a354be..6ca0a942 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua @@ -387,11 +387,10 @@ if has_singbox or has_xray then o:depends({xray_dns_mode = "tcp+doh"}) o:depends({singbox_dns_mode = "doh"}) - if has_xray then - o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet")) - o.datatype = "ipaddr" - o:depends({dns_mode = "xray"}) - end + o = s:option(Value, "remote_dns_client_ip", translate("EDNS Client Subnet")) + o.datatype = "ipaddr" + o:depends({dns_mode = "sing-box"}) + o:depends({dns_mode = "xray"}) end o = s:option(ListValue, "chinadns_ng_default_tag", translate("Default DNS")) diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 70925af6..c90372af 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -518,10 +518,11 @@ o.validate = doh_validate o:depends({xray_dns_mode = "tcp+doh"}) o:depends({singbox_dns_mode = "doh"}) -o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet")) +o = s:taboption("DNS", Value, "remote_dns_client_ip", translate("EDNS Client Subnet")) o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "
" .. translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).") o.datatype = "ipaddr" +o:depends({dns_mode = "sing-box"}) o:depends({dns_mode = "xray"}) o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy.")) diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index 4ce25bc9..bfa24b46 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -762,6 +762,7 @@ function gen_config(var) local remote_dns_tcp_server = var["-remote_dns_tcp_server"] local remote_dns_doh_url = var["-remote_dns_doh_url"] local remote_dns_doh_host = var["-remote_dns_doh_host"] + local remote_dns_client_ip = var["-remote_dns_client_ip"] local remote_dns_query_strategy = var["-remote_dns_query_strategy"] local remote_dns_fake = var["-remote_dns_fake"] local dns_cache = var["-dns_cache"] @@ -1278,6 +1279,7 @@ function gen_config(var) strategy = remote_strategy, address_resolver = "direct", detour = default_outTag, + client_subnet = (remote_dns_client_ip and remote_dns_client_ip ~= "") and remote_dns_client_ip or nil, } if remote_dns_udp_server then @@ -1317,7 +1319,7 @@ function gen_config(var) experimental.cache_file = { enabled = true, store_fakeip = true, - path = "/tmp/singbox_passwall_" .. flag .. ".db" + path = api.CACHE_PATH .. "/singbox_" .. flag .. ".db" } end diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua index 57d392b4..66344ae3 100644 --- a/luci-app-passwall/luasrc/passwall/util_xray.lua +++ b/luci-app-passwall/luasrc/passwall/util_xray.lua @@ -580,7 +580,7 @@ function gen_config(var) local remote_dns_doh_ip = var["-remote_dns_doh_ip"] local remote_dns_doh_port = var["-remote_dns_doh_port"] local dns_cache = var["-dns_cache"] - local dns_client_ip = var["-dns_client_ip"] + local remote_dns_client_ip = var["-remote_dns_client_ip"] local dns_socks_address = var["-dns_socks_address"] local dns_socks_port = var["-dns_socks_port"] local loglevel = var["-loglevel"] or "warning" @@ -1141,7 +1141,7 @@ function gen_config(var) disableFallback = true, disableFallbackIfMatch = true, servers = {}, - clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil, + clientIp = (remote_dns_client_ip and remote_dns_client_ip ~= "") and remote_dns_client_ip or nil, queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4" } diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 25f13258..adc59a66 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -413,7 +413,7 @@ run_ipt2socks() { run_singbox() { local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password - local dns_listen_port direct_dns_port direct_dns_udp_server direct_dns_tcp_server direct_dns_dot_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port + local dns_listen_port direct_dns_port direct_dns_udp_server direct_dns_tcp_server direct_dns_dot_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port local loglevel log_file config_file server_host server_port local _extra_param="" eval_set_val $@ @@ -486,6 +486,7 @@ run_singbox() { _extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}" ;; esac + [ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}" [ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1" _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way" lua $UTIL_SINGBOX gen_config ${_extra_param} > $config_file @@ -494,7 +495,7 @@ run_singbox() { run_xray() { local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password - local dns_listen_port remote_dns_udp_server remote_dns_tcp_server remote_dns_doh dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port + local dns_listen_port remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port local loglevel log_file config_file server_host server_port local _extra_param="" eval_set_val $@ @@ -523,7 +524,7 @@ run_xray() { [ -n "$dns_socks_address" ] && [ -n "$dns_socks_port" ] && _extra_param="${_extra_param} -dns_socks_address ${dns_socks_address} -dns_socks_port ${dns_socks_port}" [ -n "$dns_listen_port" ] && _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port}" [ -n "$dns_query_strategy" ] && _extra_param="${_extra_param} -dns_query_strategy ${dns_query_strategy}" - [ -n "$dns_client_ip" ] && _extra_param="${_extra_param} -dns_client_ip ${dns_client_ip}" + [ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}" [ -n "$dns_cache" ] && _extra_param="${_extra_param} -dns_cache ${dns_cache}" [ -n "${remote_dns_tcp_server}" ] && { local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g') @@ -876,6 +877,8 @@ run_redir() { config_file=$(echo $config_file | sed "s/.json/_DNS.json/g") _args="${_args} remote_dns_query_strategy=${DNS_QUERY_STRATEGY}" DNSMASQ_FILTER_PROXY_IPV6=0 + local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip) + [ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}" [ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0" resolve_dns_port=${dns_listen_port} _args="${_args} dns_listen_port=${resolve_dns_port}" @@ -952,8 +955,8 @@ run_redir() { config_file=$(echo $config_file | sed "s/.json/_DNS.json/g") _args="${_args} dns_query_strategy=${DNS_QUERY_STRATEGY}" DNSMASQ_FILTER_PROXY_IPV6=0 - local _dns_client_ip=$(config_t_get global dns_client_ip) - [ -n "${_dns_client_ip}" ] && _args="${_args} dns_client_ip=${_dns_client_ip}" + local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip) + [ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}" [ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0" resolve_dns_port=${dns_listen_port} _args="${_args} dns_listen_port=${resolve_dns_port}" @@ -1437,6 +1440,8 @@ start_dns() { [ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0" _args="${_args} remote_dns_query_strategy=${DNS_QUERY_STRATEGY}" DNSMASQ_FILTER_PROXY_IPV6=0 + local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip) + [ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}" use_tcp_node_resolve_dns=1 local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp) _args="${_args} dns_listen_port=${dns_listen_port}" @@ -1470,8 +1475,8 @@ start_dns() { [ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0" _args="${_args} dns_query_strategy=${DNS_QUERY_STRATEGY}" DNSMASQ_FILTER_PROXY_IPV6=0 - local _dns_client_ip=$(config_t_get global dns_client_ip) - [ -n "${_dns_client_ip}" ] && _args="${_args} dns_client_ip=${_dns_client_ip}" + local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip) + [ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}" use_tcp_node_resolve_dns=1 _args="${_args} dns_listen_port=${dns_listen_port}" _args="${_args} remote_dns_tcp_server=${REMOTE_DNS}" @@ -1787,7 +1792,7 @@ acl_app() { local type=${dns_mode} [ "${dns_mode}" = "sing-box" ] && type="singbox" dnsmasq_filter_proxy_ipv6=0 - run_${type} flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns_doh}" remote_dns_query_strategy=${DNS_QUERY_STRATEGY} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file + run_${type} flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns_doh}" remote_dns_query_strategy=${DNS_QUERY_STRATEGY} remote_dns_client_ip=${remote_dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file fi set_cache_var "node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)" "${_dns_port}" } @@ -1882,7 +1887,7 @@ acl_app() { remote_dns_doh=${remote_dns} dnsmasq_filter_proxy_ipv6=0 [ "$dns_mode" = "xray" ] && [ "$v2ray_dns_mode" = "tcp+doh" ] && remote_dns_doh=${remote_dns_doh:-https://1.1.1.1/dns-query} - _extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns_doh} remote_dns_query_strategy=${DNS_QUERY_STRATEGY} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}" + _extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns_doh} remote_dns_query_strategy=${DNS_QUERY_STRATEGY} remote_dns_client_ip=${remote_dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}" fi [ -n "$udp_node" ] && ([ "$udp_node" = "tcp" ] || [ "$udp_node" = "$tcp_node" ]) && { config_file=$(echo $config_file | sed "s/TCP_/TCP_UDP_/g") @@ -1961,7 +1966,7 @@ acl_app() { } fi } - unset enabled sid remarks sources interface tcp_no_redir_ports udp_no_redir_ports use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip + unset enabled sid remarks sources interface tcp_no_redir_ports udp_no_redir_ports use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh remote_dns_client_ip unset _ip _mac _iprange _ipset _ip_or_mac source_list tcp_port udp_port config_file _extra_param unset _china_ng_listen _chinadns_local_dns _direct_dns_mode chinadns_ng_default_tag dnsmasq_filter_proxy_ipv6 done diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index b510f2fe..af6ee0fb 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -1276,7 +1276,7 @@ flush_ipset() { flush_ipset_reload() { del_firewall_rule flush_ipset - rm -rf /tmp/singbox_passwall* + rm -rf /tmp/etc/passwall_tmp/singbox* rm -rf /tmp/etc/passwall_tmp/smartdns* rm -rf /tmp/etc/passwall_tmp/dnsmasq* /etc/init.d/passwall reload diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 1f8126d8..ff34c83c 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -1337,7 +1337,7 @@ flush_table() { flush_nftset_reload() { del_firewall_rule flush_table - rm -rf /tmp/singbox_passwall* + rm -rf /tmp/etc/passwall_tmp/singbox* rm -rf /tmp/etc/passwall_tmp/smartdns* rm -rf /tmp/etc/passwall_tmp/dnsmasq* /etc/init.d/passwall reload