mirror of
https://github.com/roacn/openwrt-packages.git
synced 2025-01-08 11:57:31 +08:00
⛄ Sync 2024-11-05 00:30
This commit is contained in:
github-actions[bot]
parent
948c8a0330
commit
b16e54d6dc
@ -174,6 +174,12 @@ define Package/$(PKG_NAME)/conffiles
|
||||
/www/luci-static/resources/qrcode.min.js
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/postrm
|
||||
#!/bin/sh
|
||||
rm -f $${IPKG_INSTROOT}/usr/share/passwall/rules/*.nft
|
||||
exit 0
|
||||
endef
|
||||
|
||||
include $(TOPDIR)/feeds/luci/luci.mk
|
||||
|
||||
# call BuildPackage - OpenWrt buildroot signature
|
||||
|
||||
@ -544,141 +544,18 @@ run_dns2socks() {
|
||||
|
||||
run_chinadns_ng() {
|
||||
local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag
|
||||
local _extra_param=""
|
||||
eval_set_val $@
|
||||
|
||||
lua $APP_PATH/helper_chinadns_add.lua -FLAG $_flag -USE_DIRECT_LIST $_use_direct_list -USE_PROXY_LIST $_use_proxy_list
|
||||
|
||||
local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf
|
||||
local _LOG_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.log
|
||||
_LOG_FILE="/dev/null"
|
||||
|
||||
cat <<-EOF > ${_CONF_FILE}
|
||||
verbose
|
||||
bind-addr 127.0.0.1
|
||||
bind-port ${_listen_port}
|
||||
china-dns ${_dns_local}
|
||||
trust-dns ${_dns_trust}
|
||||
filter-qtype 65
|
||||
EOF
|
||||
|
||||
# This function may be called multiple times, so add a condition here to avoid repeated execution.
|
||||
[ ! -f "${TMP_PATH}/vpslist" ] && {
|
||||
servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2 | grep -v "engage.cloudflareclient.com")
|
||||
hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u > "${TMP_PATH}/vpslist"
|
||||
}
|
||||
[ -s "${TMP_PATH}/vpslist" ] && {
|
||||
local vpslist4_set="passwall_vpslist"
|
||||
local vpslist6_set="passwall_vpslist6"
|
||||
[ "$nftflag" = "1" ] && {
|
||||
vpslist4_set="inet@passwall@${vpslist4_set}"
|
||||
vpslist6_set="inet@passwall@${vpslist6_set}"
|
||||
}
|
||||
cat <<-EOF >> ${_CONF_FILE}
|
||||
group vpslist
|
||||
group-dnl ${TMP_PATH}/vpslist
|
||||
group-upstream ${_dns_local}
|
||||
group-ipset ${vpslist4_set},${vpslist6_set}
|
||||
EOF
|
||||
}
|
||||
|
||||
[ "${_use_direct_list}" = "1" ] && [ -s "${TMP_PATH}/direct_host" ] && {
|
||||
local whitelist4_set="passwall_whitelist"
|
||||
local whitelist6_set="passwall_whitelist6"
|
||||
[ "$nftflag" = "1" ] && {
|
||||
whitelist4_set="inet@passwall@${whitelist4_set}"
|
||||
whitelist6_set="inet@passwall@${whitelist6_set}"
|
||||
}
|
||||
cat <<-EOF >> ${_CONF_FILE}
|
||||
group directlist
|
||||
group-dnl ${TMP_PATH}/direct_host
|
||||
group-upstream ${_dns_local}
|
||||
group-ipset ${whitelist4_set},${whitelist6_set}
|
||||
EOF
|
||||
}
|
||||
|
||||
[ "${_use_proxy_list}" = "1" ] && [ -s "${TMP_PATH}/proxy_host" ] && {
|
||||
local blacklist4_set="passwall_blacklist"
|
||||
local blacklist6_set="passwall_blacklist6"
|
||||
[ "$nftflag" = "1" ] && {
|
||||
blacklist4_set="inet@passwall@${blacklist4_set}"
|
||||
blacklist6_set="inet@passwall@${blacklist6_set}"
|
||||
}
|
||||
cat <<-EOF >> ${_CONF_FILE}
|
||||
group proxylist
|
||||
group-dnl ${TMP_PATH}/proxy_host
|
||||
group-upstream ${_dns_trust}
|
||||
group-ipset ${blacklist4_set},${blacklist6_set}
|
||||
EOF
|
||||
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE}
|
||||
}
|
||||
|
||||
[ "${_gfwlist}" = "1" ] && [ -s "${RULES_PATH}/gfwlist" ] && {
|
||||
local gfwlist4_set="passwall_gfwlist"
|
||||
local gfwlist6_set="passwall_gfwlist6"
|
||||
[ "$nftflag" = "1" ] && {
|
||||
gfwlist4_set="inet@passwall@${gfwlist4_set}"
|
||||
gfwlist6_set="inet@passwall@${gfwlist6_set}"
|
||||
}
|
||||
cat <<-EOF >> ${_CONF_FILE}
|
||||
gfwlist-file ${RULES_PATH}/gfwlist
|
||||
add-taggfw-ip ${gfwlist4_set},${gfwlist6_set}
|
||||
EOF
|
||||
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE}
|
||||
}
|
||||
|
||||
[ "${_chnlist}" != "0" ] && [ -s "${RULES_PATH}/chnlist" ] && {
|
||||
local chnroute4_set="passwall_chnroute"
|
||||
local chnroute6_set="passwall_chnroute6"
|
||||
[ "$nftflag" = "1" ] && {
|
||||
chnroute4_set="inet@passwall@${chnroute4_set}"
|
||||
chnroute6_set="inet@passwall@${chnroute6_set}"
|
||||
}
|
||||
|
||||
[ "${_chnlist}" = "direct" ] && {
|
||||
cat <<-EOF >> ${_CONF_FILE}
|
||||
chnlist-file ${RULES_PATH}/chnlist
|
||||
ipset-name4 ${chnroute4_set}
|
||||
ipset-name6 ${chnroute6_set}
|
||||
add-tagchn-ip
|
||||
chnlist-first
|
||||
EOF
|
||||
}
|
||||
|
||||
#回中国模式
|
||||
[ "${_chnlist}" = "proxy" ] && {
|
||||
cat <<-EOF >> ${_CONF_FILE}
|
||||
group chn_proxy
|
||||
group-dnl ${RULES_PATH}/chnlist
|
||||
group-upstream ${_dns_trust}
|
||||
group-ipset ${chnroute4_set},${chnroute6_set}
|
||||
EOF
|
||||
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE}
|
||||
}
|
||||
}
|
||||
|
||||
#只使用gfwlist模式,GFW列表以外的域名及默认使用本地DNS
|
||||
[ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn"
|
||||
#回中国模式,中国列表以外的域名及默认使用本地DNS
|
||||
[ "${_chnlist}" = "proxy" ] && _default_tag="chn"
|
||||
#全局模式,默认使用远程DNS
|
||||
[ "${_default_mode}" = "proxy" ] && [ "${_chnlist}" = "0" ] && [ "${_gfwlist}" = "0" ] && {
|
||||
_default_tag="gfw"
|
||||
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6" >> ${_CONF_FILE}
|
||||
}
|
||||
|
||||
# 是否接受直连 DNS 空响应
|
||||
[ "${_default_tag}" = "none_noip" ] && echo "noip-as-chnip" >> ${_CONF_FILE}
|
||||
|
||||
([ -z "${_default_tag}" ] || [ "${_default_tag}" = "smart" ] || [ "${_default_tag}" = "none_noip" ]) && _default_tag="none"
|
||||
echo "default-tag ${_default_tag}" >> ${_CONF_FILE}
|
||||
|
||||
echo "cache 4096" >> ${_CONF_FILE}
|
||||
echo "cache-stale 3600" >> ${_CONF_FILE}
|
||||
|
||||
[ "${_flag}" = "default" ] && [ "${_default_tag}" = "none" ] && {
|
||||
echo "verdict-cache 5000" >> ${_CONF_FILE}
|
||||
}
|
||||
_extra_param="-FLAG ${_flag} -LISTEN_PORT ${_listen_port} -DNS_LOCAL ${_dns_local} -DNS_TRUST ${_dns_trust}"
|
||||
_extra_param="${_extra_param} -USE_DIRECT_LIST ${_use_direct_list} -USE_PROXY_LIST ${_use_proxy_list} -GFWLIST ${_gfwlist} -CHNLIST ${_chnlist}"
|
||||
_extra_param="${_extra_param} -NO_IPV6_TRUST ${_no_ipv6_trust} -DEFAULT_MODE ${_default_mode} -DEFAULT_TAG ${_default_tag} -NFTFLAG ${nftflag}"
|
||||
|
||||
lua $APP_PATH/helper_chinadns_add.lua ${_extra_param} > ${_CONF_FILE}
|
||||
ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE}
|
||||
}
|
||||
|
||||
|
||||
@ -1,50 +1,206 @@
|
||||
require 'nixio'
|
||||
local sys = require "luci.sys"
|
||||
local api = require "luci.passwall.api"
|
||||
local appname = "passwall"
|
||||
|
||||
local var = api.get_args(arg)
|
||||
local FLAG = var["-FLAG"]
|
||||
local LISTEN_PORT = var["-LISTEN_PORT"]
|
||||
local DNS_LOCAL = var["-DNS_LOCAL"]
|
||||
local DNS_TRUST = var["-DNS_TRUST"]
|
||||
local USE_DIRECT_LIST = var["-USE_DIRECT_LIST"]
|
||||
local USE_PROXY_LIST = var["-USE_PROXY_LIST"]
|
||||
local GFWLIST = var["-GFWLIST"]
|
||||
local CHNLIST = var["-CHNLIST"]
|
||||
local NO_IPV6_TRUST = var["-NO_IPV6_TRUST"]
|
||||
local DEFAULT_MODE = var["-DEFAULT_MODE"]
|
||||
local DEFAULT_TAG = var["-DEFAULT_TAG"]
|
||||
local NFTFLAG = var["-NFTFLAG"]
|
||||
|
||||
local uci = api.uci
|
||||
local sys = api.sys
|
||||
local fs = api.fs
|
||||
local datatypes = api.datatypes
|
||||
|
||||
local TMP_PATH = "/tmp/etc/" .. appname
|
||||
local TMP_ACL_PATH = TMP_PATH .. "/acl"
|
||||
local RULES_PATH = "/usr/share/" .. appname .. "/rules"
|
||||
local config_lines = {}
|
||||
local tmp_lines = {}
|
||||
|
||||
if not nixio.fs.access(TMP_PATH) then
|
||||
nixio.fs.mkdir(TMP_PATH, 493)
|
||||
local function is_file_nonzero(path)
|
||||
if path and #path > 1 then
|
||||
if sys.exec('[ -s "%s" ] && echo -n 1' % path) == "1" then
|
||||
return true
|
||||
end
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
local tmp_direct_host = TMP_PATH .. "/direct_host"
|
||||
if USE_DIRECT_LIST == "1" and not nixio.fs.access(tmp_direct_host) then
|
||||
local function merge_array(lines1, lines2)
|
||||
for i, line in ipairs(lines2) do
|
||||
table.insert(lines1, #lines1 + 1, line)
|
||||
end
|
||||
end
|
||||
|
||||
if not fs.access(TMP_ACL_PATH) then
|
||||
fs.mkdir(TMP_ACL_PATH, 493)
|
||||
end
|
||||
|
||||
local setflag= (NFTFLAG == "1") and "inet@passwall@" or ""
|
||||
|
||||
config_lines = {
|
||||
--"verbose",
|
||||
"bind-addr 127.0.0.1",
|
||||
"bind-port " .. LISTEN_PORT,
|
||||
"china-dns " .. DNS_LOCAL,
|
||||
"trust-dns " .. DNS_TRUST,
|
||||
"filter-qtype 65"
|
||||
}
|
||||
|
||||
--始终用国内DNS解析节点域名
|
||||
local file_vpslist = TMP_ACL_PATH .. "/vpslist"
|
||||
if not is_file_nonzero(file_vpslist) then
|
||||
local vpslist_out = io.open(file_vpslist, "w")
|
||||
uci:foreach(appname, "nodes", function(t)
|
||||
local address = t.address
|
||||
if address == "engage.cloudflareclient.com" then return end
|
||||
if datatypes.hostname(address) then
|
||||
vpslist_out:write(address .. "\n")
|
||||
end
|
||||
end)
|
||||
vpslist_out:close()
|
||||
end
|
||||
if is_file_nonzero(file_vpslist) then
|
||||
tmp_lines = {
|
||||
"group vpslist",
|
||||
"group-dnl " .. file_vpslist,
|
||||
"group-upstream " .. DNS_LOCAL,
|
||||
"group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6"
|
||||
}
|
||||
merge_array(config_lines, tmp_lines)
|
||||
end
|
||||
|
||||
--直连(白名单)列表
|
||||
local file_direct_host = TMP_ACL_PATH .. "/direct_host"
|
||||
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗
|
||||
local direct_domain = {}
|
||||
for line in io.lines("/usr/share/passwall/rules/direct_host") do
|
||||
for line in io.lines(RULES_PATH .. "/direct_host") do
|
||||
line = api.get_std_domain(line)
|
||||
if line ~= "" and not line:find("#") then
|
||||
table.insert(direct_domain, line)
|
||||
end
|
||||
end
|
||||
if #direct_domain > 0 then
|
||||
local direct_out = io.open(tmp_direct_host, "a")
|
||||
local direct_out = io.open(file_direct_host, "w")
|
||||
for i = 1, #direct_domain do
|
||||
direct_out:write(direct_domain[i] .. "\n")
|
||||
end
|
||||
direct_out:close()
|
||||
end
|
||||
end
|
||||
if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
|
||||
tmp_lines = {
|
||||
"group directlist",
|
||||
"group-dnl " .. file_direct_host,
|
||||
"group-upstream " .. DNS_LOCAL,
|
||||
"group-ipset " .. setflag .. "passwall_whitelist," .. setflag .. "passwall_whitelist6"
|
||||
}
|
||||
merge_array(config_lines, tmp_lines)
|
||||
end
|
||||
|
||||
local tmp_proxy_host = TMP_PATH .. "/proxy_host"
|
||||
if USE_PROXY_LIST == "1" and not nixio.fs.access(tmp_proxy_host) then
|
||||
--代理(黑名单)列表
|
||||
local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
|
||||
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗
|
||||
local proxy_domain = {}
|
||||
for line in io.lines("/usr/share/passwall/rules/proxy_host") do
|
||||
for line in io.lines(RULES_PATH .. "/proxy_host") do
|
||||
line = api.get_std_domain(line)
|
||||
if line ~= "" and not line:find("#") then
|
||||
table.insert(proxy_domain, line)
|
||||
end
|
||||
end
|
||||
if #proxy_domain > 0 then
|
||||
local proxy_out = io.open(tmp_proxy_host, "a")
|
||||
local proxy_out = io.open(file_proxy_host, "w")
|
||||
for i = 1, #proxy_domain do
|
||||
proxy_out:write(proxy_domain[i] .. "\n")
|
||||
end
|
||||
proxy_out:close()
|
||||
end
|
||||
end
|
||||
if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
|
||||
tmp_lines = {
|
||||
"group proxylist",
|
||||
"group-dnl " .. file_proxy_host,
|
||||
"group-upstream " .. DNS_TRUST,
|
||||
"group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6"
|
||||
}
|
||||
merge_array(config_lines, tmp_lines)
|
||||
if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:proxylist") end
|
||||
end
|
||||
|
||||
--GFW列表
|
||||
if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then
|
||||
tmp_lines = {
|
||||
"gfwlist-file " .. RULES_PATH .. "/gfwlist",
|
||||
"add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6"
|
||||
}
|
||||
merge_array(config_lines, tmp_lines)
|
||||
if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:gfw") end
|
||||
end
|
||||
|
||||
--中国列表
|
||||
if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then
|
||||
if CHNLIST == "direct" then
|
||||
tmp_lines = {
|
||||
"chnlist-file " .. RULES_PATH .. "/chnlist",
|
||||
"ipset-name4 " .. setflag .. "passwall_chnroute",
|
||||
"ipset-name6 " .. setflag .. "passwall_chnroute6",
|
||||
"add-tagchn-ip",
|
||||
"chnlist-first"
|
||||
}
|
||||
merge_array(config_lines, tmp_lines)
|
||||
end
|
||||
|
||||
--回中国模式
|
||||
if CHNLIST == "proxy" then
|
||||
tmp_lines = {
|
||||
"group chn_proxy",
|
||||
"group-dnl " .. RULES_PATH .. "/chnlist",
|
||||
"group-upstream " .. DNS_TRUST,
|
||||
"group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6"
|
||||
}
|
||||
merge_array(config_lines, tmp_lines)
|
||||
if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:chn_proxy") end
|
||||
end
|
||||
end
|
||||
|
||||
--只使用gfwlist模式,GFW列表以外的域名及默认使用本地DNS
|
||||
if GFWLIST == "1" and CHNLIST == "0" then DEFAULT_TAG = "chn" end
|
||||
|
||||
--回中国模式,中国列表以外的域名及默认使用本地DNS
|
||||
if CHNLIST == "proxy" then DEFAULT_TAG = "chn" end
|
||||
|
||||
--全局模式,默认使用远程DNS
|
||||
if DEFAULT_MODE == "proxy" and CHNLIST == "0" and GFWLIST == "0" then
|
||||
DEFAULT_TAG = "gfw"
|
||||
if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6") end
|
||||
end
|
||||
|
||||
--是否接受直连 DNS 空响应
|
||||
if DEFAULT_TAG == "none_noip" then table.insert(config_lines, "noip-as-chnip") end
|
||||
|
||||
if DEFAULT_TAG == nil or DEFAULT_TAG == "smart" or DEFAULT_TAG == "none_noip" then DEFAULT_TAG = "none" end
|
||||
|
||||
table.insert(config_lines, "default-tag " .. DEFAULT_TAG)
|
||||
table.insert(config_lines, "cache 4096")
|
||||
table.insert(config_lines, "cache-stale 3600")
|
||||
|
||||
if DEFAULT_TAG == "none" then
|
||||
table.insert(config_lines, "verdict-cache 5000")
|
||||
end
|
||||
|
||||
--输出配置文件
|
||||
if #config_lines > 0 then
|
||||
for i = 1, #config_lines do
|
||||
print(config_lines[i])
|
||||
end
|
||||
end
|
||||
|
||||
Loading…
Reference in New Issue
Block a user