From b16e54d6dcf8a15672a31060ba1800424e316727 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 00:30:20 +0800 Subject: [PATCH] =?UTF-8?q?=E2=9B=84=20Sync=202024-11-05=2000:30?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- luci-app-passwall/Makefile | 6 + .../root/usr/share/passwall/app.sh | 133 +------------ .../share/passwall/helper_chinadns_add.lua | 178 ++++++++++++++++-- 3 files changed, 178 insertions(+), 139 deletions(-) diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index 3a668e2f..db377831 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -174,6 +174,12 @@ define Package/$(PKG_NAME)/conffiles /www/luci-static/resources/qrcode.min.js endef +define Package/$(PKG_NAME)/postrm +#!/bin/sh +rm -f $${IPKG_INSTROOT}/usr/share/passwall/rules/*.nft +exit 0 +endef + include $(TOPDIR)/feeds/luci/luci.mk # call BuildPackage - OpenWrt buildroot signature diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 49d2ad57..406ccab9 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -544,141 +544,18 @@ run_dns2socks() { run_chinadns_ng() { local _flag _listen_port _dns_local _dns_trust _no_ipv6_trust _use_direct_list _use_proxy_list _gfwlist _chnlist _default_mode _default_tag + local _extra_param="" eval_set_val $@ - lua $APP_PATH/helper_chinadns_add.lua -FLAG $_flag -USE_DIRECT_LIST $_use_direct_list -USE_PROXY_LIST $_use_proxy_list - local _CONF_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.conf local _LOG_FILE=$TMP_ACL_PATH/$_flag/chinadns_ng.log _LOG_FILE="/dev/null" - cat <<-EOF > ${_CONF_FILE} - verbose - bind-addr 127.0.0.1 - bind-port ${_listen_port} - china-dns ${_dns_local} - trust-dns ${_dns_trust} - filter-qtype 65 - EOF - - # This function may be called multiple times, so add a condition here to avoid repeated execution. - [ ! -f "${TMP_PATH}/vpslist" ] && { - servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2 | grep -v "engage.cloudflareclient.com") - hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u > "${TMP_PATH}/vpslist" - } - [ -s "${TMP_PATH}/vpslist" ] && { - local vpslist4_set="passwall_vpslist" - local vpslist6_set="passwall_vpslist6" - [ "$nftflag" = "1" ] && { - vpslist4_set="inet@passwall@${vpslist4_set}" - vpslist6_set="inet@passwall@${vpslist6_set}" - } - cat <<-EOF >> ${_CONF_FILE} - group vpslist - group-dnl ${TMP_PATH}/vpslist - group-upstream ${_dns_local} - group-ipset ${vpslist4_set},${vpslist6_set} - EOF - } - - [ "${_use_direct_list}" = "1" ] && [ -s "${TMP_PATH}/direct_host" ] && { - local whitelist4_set="passwall_whitelist" - local whitelist6_set="passwall_whitelist6" - [ "$nftflag" = "1" ] && { - whitelist4_set="inet@passwall@${whitelist4_set}" - whitelist6_set="inet@passwall@${whitelist6_set}" - } - cat <<-EOF >> ${_CONF_FILE} - group directlist - group-dnl ${TMP_PATH}/direct_host - group-upstream ${_dns_local} - group-ipset ${whitelist4_set},${whitelist6_set} - EOF - } - - [ "${_use_proxy_list}" = "1" ] && [ -s "${TMP_PATH}/proxy_host" ] && { - local blacklist4_set="passwall_blacklist" - local blacklist6_set="passwall_blacklist6" - [ "$nftflag" = "1" ] && { - blacklist4_set="inet@passwall@${blacklist4_set}" - blacklist6_set="inet@passwall@${blacklist6_set}" - } - cat <<-EOF >> ${_CONF_FILE} - group proxylist - group-dnl ${TMP_PATH}/proxy_host - group-upstream ${_dns_trust} - group-ipset ${blacklist4_set},${blacklist6_set} - EOF - [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE} - } - - [ "${_gfwlist}" = "1" ] && [ -s "${RULES_PATH}/gfwlist" ] && { - local gfwlist4_set="passwall_gfwlist" - local gfwlist6_set="passwall_gfwlist6" - [ "$nftflag" = "1" ] && { - gfwlist4_set="inet@passwall@${gfwlist4_set}" - gfwlist6_set="inet@passwall@${gfwlist6_set}" - } - cat <<-EOF >> ${_CONF_FILE} - gfwlist-file ${RULES_PATH}/gfwlist - add-taggfw-ip ${gfwlist4_set},${gfwlist6_set} - EOF - [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:gfw" >> ${_CONF_FILE} - } - - [ "${_chnlist}" != "0" ] && [ -s "${RULES_PATH}/chnlist" ] && { - local chnroute4_set="passwall_chnroute" - local chnroute6_set="passwall_chnroute6" - [ "$nftflag" = "1" ] && { - chnroute4_set="inet@passwall@${chnroute4_set}" - chnroute6_set="inet@passwall@${chnroute6_set}" - } - - [ "${_chnlist}" = "direct" ] && { - cat <<-EOF >> ${_CONF_FILE} - chnlist-file ${RULES_PATH}/chnlist - ipset-name4 ${chnroute4_set} - ipset-name6 ${chnroute6_set} - add-tagchn-ip - chnlist-first - EOF - } - - #回中国模式 - [ "${_chnlist}" = "proxy" ] && { - cat <<-EOF >> ${_CONF_FILE} - group chn_proxy - group-dnl ${RULES_PATH}/chnlist - group-upstream ${_dns_trust} - group-ipset ${chnroute4_set},${chnroute6_set} - EOF - [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE} - } - } - - #只使用gfwlist模式,GFW列表以外的域名及默认使用本地DNS - [ "${_gfwlist}" = "1" ] && [ "${_chnlist}" = "0" ] && _default_tag="chn" - #回中国模式,中国列表以外的域名及默认使用本地DNS - [ "${_chnlist}" = "proxy" ] && _default_tag="chn" - #全局模式,默认使用远程DNS - [ "${_default_mode}" = "proxy" ] && [ "${_chnlist}" = "0" ] && [ "${_gfwlist}" = "0" ] && { - _default_tag="gfw" - [ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6" >> ${_CONF_FILE} - } - - # 是否接受直连 DNS 空响应 - [ "${_default_tag}" = "none_noip" ] && echo "noip-as-chnip" >> ${_CONF_FILE} - - ([ -z "${_default_tag}" ] || [ "${_default_tag}" = "smart" ] || [ "${_default_tag}" = "none_noip" ]) && _default_tag="none" - echo "default-tag ${_default_tag}" >> ${_CONF_FILE} - - echo "cache 4096" >> ${_CONF_FILE} - echo "cache-stale 3600" >> ${_CONF_FILE} - - [ "${_flag}" = "default" ] && [ "${_default_tag}" = "none" ] && { - echo "verdict-cache 5000" >> ${_CONF_FILE} - } + _extra_param="-FLAG ${_flag} -LISTEN_PORT ${_listen_port} -DNS_LOCAL ${_dns_local} -DNS_TRUST ${_dns_trust}" + _extra_param="${_extra_param} -USE_DIRECT_LIST ${_use_direct_list} -USE_PROXY_LIST ${_use_proxy_list} -GFWLIST ${_gfwlist} -CHNLIST ${_chnlist}" + _extra_param="${_extra_param} -NO_IPV6_TRUST ${_no_ipv6_trust} -DEFAULT_MODE ${_default_mode} -DEFAULT_TAG ${_default_tag} -NFTFLAG ${nftflag}" + lua $APP_PATH/helper_chinadns_add.lua ${_extra_param} > ${_CONF_FILE} ln_run "$(first_type chinadns-ng)" chinadns-ng "${_LOG_FILE}" -C ${_CONF_FILE} } diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index b45ad507..e4a73542 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -1,50 +1,206 @@ -require 'nixio' +local sys = require "luci.sys" local api = require "luci.passwall.api" local appname = "passwall" local var = api.get_args(arg) local FLAG = var["-FLAG"] +local LISTEN_PORT = var["-LISTEN_PORT"] +local DNS_LOCAL = var["-DNS_LOCAL"] +local DNS_TRUST = var["-DNS_TRUST"] local USE_DIRECT_LIST = var["-USE_DIRECT_LIST"] local USE_PROXY_LIST = var["-USE_PROXY_LIST"] +local GFWLIST = var["-GFWLIST"] +local CHNLIST = var["-CHNLIST"] +local NO_IPV6_TRUST = var["-NO_IPV6_TRUST"] +local DEFAULT_MODE = var["-DEFAULT_MODE"] +local DEFAULT_TAG = var["-DEFAULT_TAG"] +local NFTFLAG = var["-NFTFLAG"] + +local uci = api.uci +local sys = api.sys +local fs = api.fs +local datatypes = api.datatypes local TMP_PATH = "/tmp/etc/" .. appname +local TMP_ACL_PATH = TMP_PATH .. "/acl" +local RULES_PATH = "/usr/share/" .. appname .. "/rules" +local config_lines = {} +local tmp_lines = {} -if not nixio.fs.access(TMP_PATH) then - nixio.fs.mkdir(TMP_PATH, 493) +local function is_file_nonzero(path) + if path and #path > 1 then + if sys.exec('[ -s "%s" ] && echo -n 1' % path) == "1" then + return true + end + end + return nil end -local tmp_direct_host = TMP_PATH .. "/direct_host" -if USE_DIRECT_LIST == "1" and not nixio.fs.access(tmp_direct_host) then +local function merge_array(lines1, lines2) + for i, line in ipairs(lines2) do + table.insert(lines1, #lines1 + 1, line) + end +end + +if not fs.access(TMP_ACL_PATH) then + fs.mkdir(TMP_ACL_PATH, 493) +end + +local setflag= (NFTFLAG == "1") and "inet@passwall@" or "" + +config_lines = { + --"verbose", + "bind-addr 127.0.0.1", + "bind-port " .. LISTEN_PORT, + "china-dns " .. DNS_LOCAL, + "trust-dns " .. DNS_TRUST, + "filter-qtype 65" +} + +--始终用国内DNS解析节点域名 +local file_vpslist = TMP_ACL_PATH .. "/vpslist" +if not is_file_nonzero(file_vpslist) then + local vpslist_out = io.open(file_vpslist, "w") + uci:foreach(appname, "nodes", function(t) + local address = t.address + if address == "engage.cloudflareclient.com" then return end + if datatypes.hostname(address) then + vpslist_out:write(address .. "\n") + end + end) + vpslist_out:close() +end +if is_file_nonzero(file_vpslist) then + tmp_lines = { + "group vpslist", + "group-dnl " .. file_vpslist, + "group-upstream " .. DNS_LOCAL, + "group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6" + } + merge_array(config_lines, tmp_lines) +end + +--直连(白名单)列表 +local file_direct_host = TMP_ACL_PATH .. "/direct_host" +if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗 local direct_domain = {} - for line in io.lines("/usr/share/passwall/rules/direct_host") do + for line in io.lines(RULES_PATH .. "/direct_host") do line = api.get_std_domain(line) if line ~= "" and not line:find("#") then table.insert(direct_domain, line) end end if #direct_domain > 0 then - local direct_out = io.open(tmp_direct_host, "a") + local direct_out = io.open(file_direct_host, "w") for i = 1, #direct_domain do direct_out:write(direct_domain[i] .. "\n") end direct_out:close() end end +if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then + tmp_lines = { + "group directlist", + "group-dnl " .. file_direct_host, + "group-upstream " .. DNS_LOCAL, + "group-ipset " .. setflag .. "passwall_whitelist," .. setflag .. "passwall_whitelist6" + } + merge_array(config_lines, tmp_lines) +end -local tmp_proxy_host = TMP_PATH .. "/proxy_host" -if USE_PROXY_LIST == "1" and not nixio.fs.access(tmp_proxy_host) then +--代理(黑名单)列表 +local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" +if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 local proxy_domain = {} - for line in io.lines("/usr/share/passwall/rules/proxy_host") do + for line in io.lines(RULES_PATH .. "/proxy_host") do line = api.get_std_domain(line) if line ~= "" and not line:find("#") then table.insert(proxy_domain, line) end end if #proxy_domain > 0 then - local proxy_out = io.open(tmp_proxy_host, "a") + local proxy_out = io.open(file_proxy_host, "w") for i = 1, #proxy_domain do proxy_out:write(proxy_domain[i] .. "\n") end proxy_out:close() end end +if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then + tmp_lines = { + "group proxylist", + "group-dnl " .. file_proxy_host, + "group-upstream " .. DNS_TRUST, + "group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6" + } + merge_array(config_lines, tmp_lines) + if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:proxylist") end +end + +--GFW列表 +if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then + tmp_lines = { + "gfwlist-file " .. RULES_PATH .. "/gfwlist", + "add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6" + } + merge_array(config_lines, tmp_lines) + if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:gfw") end +end + +--中国列表 +if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then + if CHNLIST == "direct" then + tmp_lines = { + "chnlist-file " .. RULES_PATH .. "/chnlist", + "ipset-name4 " .. setflag .. "passwall_chnroute", + "ipset-name6 " .. setflag .. "passwall_chnroute6", + "add-tagchn-ip", + "chnlist-first" + } + merge_array(config_lines, tmp_lines) + end + + --回中国模式 + if CHNLIST == "proxy" then + tmp_lines = { + "group chn_proxy", + "group-dnl " .. RULES_PATH .. "/chnlist", + "group-upstream " .. DNS_TRUST, + "group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6" + } + merge_array(config_lines, tmp_lines) + if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:chn_proxy") end + end +end + +--只使用gfwlist模式,GFW列表以外的域名及默认使用本地DNS +if GFWLIST == "1" and CHNLIST == "0" then DEFAULT_TAG = "chn" end + +--回中国模式,中国列表以外的域名及默认使用本地DNS +if CHNLIST == "proxy" then DEFAULT_TAG = "chn" end + +--全局模式,默认使用远程DNS +if DEFAULT_MODE == "proxy" and CHNLIST == "0" and GFWLIST == "0" then + DEFAULT_TAG = "gfw" + if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6") end +end + +--是否接受直连 DNS 空响应 +if DEFAULT_TAG == "none_noip" then table.insert(config_lines, "noip-as-chnip") end + +if DEFAULT_TAG == nil or DEFAULT_TAG == "smart" or DEFAULT_TAG == "none_noip" then DEFAULT_TAG = "none" end + +table.insert(config_lines, "default-tag " .. DEFAULT_TAG) +table.insert(config_lines, "cache 4096") +table.insert(config_lines, "cache-stale 3600") + +if DEFAULT_TAG == "none" then + table.insert(config_lines, "verdict-cache 5000") +end + +--输出配置文件 +if #config_lines > 0 then + for i = 1, #config_lines do + print(config_lines[i]) + end +end