diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile
index d1c04285cc..8adffdeb60 100644
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=3.9
-PKG_RELEASE:=19
-PKG_DATE:=20200717
+PKG_RELEASE:=20
+PKG_DATE:=20200719
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua
index 2ee08bd4c4..1a6fed51c2 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua
@@ -58,13 +58,13 @@ if node.type == "Trojan-Go" then
} or nil
trojan.websocket = node.trojan_transport and node.trojan_transport:find('ws') and {
enabled = true,
- path = (node.ws_path ~= nil) and node.ws_path or "/",
- host = (node.ws_host ~= nil) and node.ws_host or (node.tls_serverName ~= nil and node.tls_serverName or node.address)
+ path = node.ws_path or "/",
+ host = node.ws_host or (node.tls_serverName or node.address)
} or nil
trojan.shadowsocks = (node.ss_aead == "1") and {
enabled = true,
- method = (node.ss_aead_method ~= nil) and node.ss_aead_method or "aead_aes_128_gcm",
- password = (node.ss_aead_pwd ~= nil) and node.ss_aead_pwd or ""
+ method = node.ss_aead_method or "aead_aes_128_gcm",
+ password = node.ss_aead_pwd or ""
} or nil
end
print(json.stringify(trojan, 1))
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
index be5a53e73b..8929d77a1f 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
@@ -72,7 +72,7 @@ s = m:section(NamedSection, arg[1], "nodes", "")
s.addremove = false
s.dynamic = false
-share = s:option(DummyValue, "share_url", translate("Share Current"))
+share = s:option(DummyValue, "passwall", translate("Share Current"))
share.rawhtml = true
share.template = "passwall/node_list/link_share_man"
share.value = arg[1]
@@ -484,7 +484,7 @@ ss_aead:depends("type", "Trojan-Go")
ss_aead.default = "0"
ss_aead_method = s:option(ListValue, "ss_aead_method", translate("Encrypt Method"))
-for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v:upper()) end
+for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v) end
ss_aead_method.default = "aead_aes_128_gcm"
ss_aead_method:depends("ss_aead", "1")
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
index 76c7937e1b..1c4948e388 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua
@@ -82,6 +82,9 @@ local function start()
elseif type == "Trojan" then
config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user)
bin = ln_start("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file)
+ elseif type == "Trojan-Go" then
+ config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user)
+ bin = ln_start(_api.get_trojan_go_path(), "trojan-go", "-config " .. config_file)
elseif type == "Brook" then
local brook_protocol = user.brook_protocol
local brook_password = user.password
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua
index e9a5734ca0..b1c80c3333 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua
@@ -8,16 +8,16 @@ function gen_config(user)
local_port = tonumber(user.port),
remote_addr = (user.remote_enable == "1" and user.remote_address) and user.remote_address or nil,
remote_port = (user.remote_enable == "1" and user.remote_port) and user.remote_port or nil,
- password = { user.password },
+ password = user.type == "Trojan-Go" and user.passwords or { user.password },
log_level = 1,
- (user.stream_security == nil or user.stream_security == "tls") and ssl = {
+ ssl = (user.stream_security == nil or user.stream_security == "tls") and {
cert = user.tls_certificateFile,
key = user.tls_keyFile,
key_password = "",
cipher = user.fingerprint == nil and cipher or (user.fingerprint == "disable" and cipher13 .. ":" .. cipher or ""),
cipher_tls13 = user.fingerprint == nil and cipher13 or nil,
- sni = "",
- verify = false,
+ sni = user.tls_serverName,
+ verify = (user.tls_allowInsecure ~= "1") and true or false,
verify_hostname = false,
reuse_session = true,
session_ticket = (user.tls_sessionTicket == "1") and true or false,
@@ -29,7 +29,6 @@ function gen_config(user)
} or nil,
udp_timeout = 60,
disable_http_check = true,
- tcp = {
transport_plugin = user.stream_security == "none" and user.trojan_transport == "original" and {
enabled = user.plugin_type ~= nil,
type = user.plugin_type or "plaintext",
@@ -40,13 +39,13 @@ function gen_config(user)
} or nil,
websocket = user.trojan_transport and user.trojan_transport:find('ws') and {
enabled = true,
- path = (user.ws_path ~= nil) and user.ws_path or "/",
- hostname = (user.ws_host ~= nil) and user.ws_host or (user.tls_serverName ~= nil and user.tls_serverName or user.address)
+ path = user.ws_path or "/",
+ host = user.ws_host or (user.tls_serverName or user.address)
} or nil,
shadowsocks = (user.ss_aead == "1") and {
enabled = true,
- method = (user.ss_aead_method ~= nil) and user.ss_aead_method or "aead_aes_128_gcm",
- password = (user.ss_aead_pwd ~= nil) and user.ss_aead_pwd or ""
+ method = user.ss_aead_method or "aead_aes_128_gcm",
+ password = user.ss_aead_pwd or ""
} or nil,
tcp = {
prefer_ipv4 = false,
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
index b44d4e2490..bda28b2bbc 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
@@ -56,6 +56,11 @@ s = map:section(NamedSection, arg[1], "user", "")
s.addremove = false
s.dynamic = false
+share = s:option(DummyValue, "passwall_server", translate("Share Current"))
+share.rawhtml = true
+share.template = "passwall/node_list/link_share_man"
+share.value = arg[1]
+
enable = s:option(Flag, "enable", translate("Enable"))
enable.default = "1"
enable.rmempty = false
@@ -111,12 +116,18 @@ password.password = true
password:depends("type", "SSR")
password:depends("type", "Brook")
password:depends("type", "Trojan")
-password:depends("type", "Trojan-Go")
password:depends({ type = "V2ray", protocol = "http" })
password:depends({ type = "V2ray", protocol = "socks" })
password:depends({ type = "V2ray", protocol = "shadowsocks" })
password:depends({ type = "V2ray", protocol = "mtproto" })
+passwords = s:option(DynamicList, "passwords", translate("Password"))
+for i = 1, 3 do
+ local uuid = luci.sys.exec("echo -n $(cat /proc/sys/kernel/random/uuid)")
+ passwords:value(uuid)
+end
+passwords:depends("type", "Trojan-Go")
+
ssr_encrypt_method = s:option(ListValue, "ssr_encrypt_method", translate("Encrypt Method"))
for a, t in ipairs(ssr_encrypt_method_list) do ssr_encrypt_method:value(t) end
ssr_encrypt_method:depends("type", "SSR")
@@ -192,14 +203,27 @@ stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "ws" }
stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "h2" })
stream_security:depends({ type = "V2ray", protocol = "socks" })
stream_security:depends({ type = "V2ray", protocol = "shadowsocks" })
+stream_security:depends("type", "Trojan")
stream_security:depends("type", "Trojan-Go")
-
+stream_security.validate = function(self, value)
+ if value == "none" and type:formvalue(arg[1]) == "Trojan" then
+ return nil, translate("'none' not supported for original Trojan.")
+ end
+ return value
+end
-- [[ TLS部分 ]] --
tls_sessionTicket = s:option(Flag, "tls_sessionTicket", translate("Session Ticket"))
tls_sessionTicket.default = "0"
tls_sessionTicket:depends("stream_security", "tls")
+tls_serverName = s:option(Value, "tls_serverName", translate("Domain"))
+tls_serverName:depends("stream_security", "tls")
+
+tls_allowInsecure = s:option(Flag, "tls_allowInsecure", translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, V2Ray does not check the validity of the TLS certificate provided by the remote host."))
+tls_allowInsecure.default = "0"
+tls_allowInsecure:depends("stream_security", "tls")
+
tls_certificateFile = s:option(Value, "tls_certificateFile", translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
tls_certificateFile:depends("stream_security", "tls")
@@ -213,9 +237,9 @@ transport:value("ws", "WebSocket")
transport:value("h2", "HTTP/2")
transport:value("ds", "DomainSocket")
transport:value("quic", "QUIC")
-stream_security:depends({ type = "V2ray", protocol = "vmess" })
-stream_security:depends({ type = "V2ray", protocol = "socks" })
-stream_security:depends({ type = "V2ray", protocol = "shadowsocks" })
+transport:depends({ type = "V2ray", protocol = "vmess" })
+transport:depends({ type = "V2ray", protocol = "socks" })
+transport:depends({ type = "V2ray", protocol = "shadowsocks" })
trojan_transport = s:option(ListValue, "trojan_transport", translate("Transport"))
trojan_transport:value("original", "Original")
@@ -341,6 +365,7 @@ remote_enable = s:option(Flag, "remote_enable", translate("Enable Remote"), tran
remote_enable.default = "1"
remote_enable.rmempty = false
remote_enable:depends("type", "Trojan")
+remote_enable:depends("type", "Trojan-Go")
remote_address = s:option(Value, "remote_address", translate("Remote Address"))
remote_address.default = "127.0.0.1"
@@ -356,7 +381,7 @@ ss_aead:depends("type", "Trojan-Go")
ss_aead.default = "0"
ss_aead_method = s:option(ListValue, "ss_aead_method", translate("Encrypt Method"))
-for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v:upper()) end
+for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v) end
ss_aead_method.default = "aead_aes_128_gcm"
ss_aead_method.rmempty = false
ss_aead_method:depends("ss_aead", "1")
diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
index 5357de4cef..7c43c8faaf 100644
--- a/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
+++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
@@ -100,16 +100,19 @@ local dsp = require "luci.dispatcher"
function buildUrl(btn, urlname, sid) {
var opt = {
base: "cbid.passwall",
+ client : true,
fallback: "dummy",
get: function(opt) {
var id = this.base + "." + opt;
- var obj = document.getElementsByName(id) || document.getElementById(id);
+ var obj = document.getElementsByName(id)[0] || document.getElementsByClassName(id)[0] || document.getElementById(id)
if (obj) {
- if (obj.length === 1) obj = obj[0];
return obj;
} else {
- alert("<%:Faltal on get option, please help in debug: %>" + opt);
- return document.getElementById(this.fallback);
+ obj = document.getElementById(this.fallback);
+ if (opt === "address") obj.value = "0.0.0.0";
+ else if (opt === "mux") obj.value = "0";
+ if (this.client || (opt !== "address" && opt !== "mux")) alert("<%:Faltal on get option, please help in debug: %>" + opt);
+ return obj;
}
},
getlist: function(opt) {
@@ -144,7 +147,8 @@ local dsp = require "luci.dispatcher"
alert("Never");
return false;
}
- opt.base = "cbid.passwall." + sid;
+ opt.base = "cbid." + urlname + "." + sid;
+ opt.client = urlname.indexOf("server") === -1;
opt.fallback = urlname + "-dummy";
var v_type = opt.get("type").value;
var v_alias = opt.get("remarks");
@@ -169,7 +173,7 @@ local dsp = require "luci.dispatcher"
"&remarks=" + b64encutf8safe(v_alias.value);
url = b64encsafe(ssr_str);
} else if (v_type === "Trojan" || v_type === "Trojan-Go") {
- var v_password = opt.get("password");
+ var v_password = opt.get(!opt.client && v_type === "Trojan-Go" ? "passwords" : "password");
var v_server = opt.get("address");
var v_port = opt.get("port");
url = encodeURIComponent(v_password.value) +
@@ -239,6 +243,7 @@ local dsp = require "luci.dispatcher"
function fromUrl(btn, urlname, sid) {
var opt = {
base: 'cbid.passwall',
+ client : true,
fallback: 'dummy',
get: function(opt) {
var obj;
@@ -247,7 +252,7 @@ local dsp = require "luci.dispatcher"
if (obj) {
return obj;
} else {
- alert('<%:Faltal on get option, please help in debug: %>' + opt);
+ if (this.client || (opt !== "address" && opt !== "mux")) alert('<%:Faltal on get option, please help in debug: %>' + opt);
return document.getElementById(this.fallback);
}
},
@@ -287,7 +292,8 @@ local dsp = require "luci.dispatcher"
alert("Never");
return false;
}
- opt.base = 'cbid.passwall.' + sid
+ opt.base = "cbid." + urlname + "." + sid;
+ opt.client = urlname.indexOf("server") === -1;
opt.fallback = urlname + '-dummy';
var ssrurl = prompt('<%:Paste Share URL Here%>', '');
if (ssrurl === null || ssrurl === "") {
@@ -333,7 +339,7 @@ local dsp = require "luci.dispatcher"
opt.set('protocol_param', dictvalue(pdict, 'protoparam'));
var rem = pdict['remarks'];
if (typeof(rem) !== 'undefined' && rem !== '' && rem.length > 0)
- opt.set('remark', b64decutf8safe(rem));
+ opt.set('remarks', b64decutf8safe(rem));
} else if (ssu[0] === "ss") {
var url0 = "", param = "";
var sipIndex = ssu[1].indexOf("@");
@@ -374,7 +380,7 @@ local dsp = require "luci.dispatcher"
opt.set('ss_plugin', plugin || "");
opt.set('ss_plugin_opts', pluginOpts || "");
if (param !== undefined) {
- opt.set('remark', decodeURI(param));
+ opt.set('remarks', decodeURI(param));
}
} else {
var sstr = b64decsafe(url0);
@@ -390,7 +396,7 @@ local dsp = require "luci.dispatcher"
opt.set('ss_plugin', "");
opt.set('ss_plugin_opts', "");
if (param !== undefined) {
- opt.set('remark', decodeURI(param));
+ opt.set('remarks', decodeURI(param));
}
}
} else if (ssu[0] === "trojan") {
@@ -420,7 +426,7 @@ local dsp = require "luci.dispatcher"
opt.get('type').dispatchEvent(event);
opt.set('address', m.hostname);
opt.set('port', m.port || "443");
- opt.set('password', decodeURIComponent(password));
+ opt.set(!opt.client && stype === "Trojan-Go" ? 'passwords' : 'password', decodeURIComponent(password));
var tls = true;
if (stype === "Trojan-Go") {
tls = queryParam.plugin === undefined;
@@ -454,12 +460,12 @@ local dsp = require "luci.dispatcher"
var ss = queryParam.ss === '1';
opt.set('ss_aead', ss);
if (ss) {
- opt.set('ss_aead_method', queryParam.ssmethod.toUpperCase() || '');
+ opt.set('ss_aead_method', queryParam.ssmethod.toLowerCase() || '');
opt.set('ss_aead_pwd', queryParam.sspasswd || '');
}
opt.set('mux', queryParam.mux === '1');
if (m.hash) {
- opt.set('remark', decodeURI(m.hash.substr(1)));
+ opt.set('remarks', decodeURI(m.hash.substr(1)));
}
} else if (ssu[0] === "trojan-go") {
var m = parseNodeUrl(ssrurl);
@@ -483,7 +489,7 @@ local dsp = require "luci.dispatcher"
opt.get('type').dispatchEvent(event);
opt.set('address', m.hostname);
opt.set('port', m.port || "443");
- opt.set('password', decodeURIComponent(password));
+ opt.set(opt.client ? 'password' : 'passwords', decodeURIComponent(password));
opt.set('stream_security', (queryParam.tls && queryParam.tls === '1') ? 'tls' : 'none');
opt.get('stream_security').dispatchEvent(event);
var plugin = queryParam.plugin !== undefined;
@@ -538,12 +544,12 @@ local dsp = require "luci.dispatcher"
ss = enc.type === 'ss';
opt.set('ss_aead', ss);
if (ss) {
- opt.set('ss_aead_method', enc.method.toUpperCase() || '');
+ opt.set('ss_aead_method', enc.method.toLowerCase() || '');
opt.set('ss_aead_pwd', enc.password || '');
}
opt.set('mux', queryParam.mux === '1');
if (m.hash) {
- opt.set('remark', decodeURI(m.hash));
+ opt.set('remarks', decodeURI(m.hash.substr(1)));
}
} else if (ssu[0] === "vmess") {
var sstr = b64DecodeUnicode(ssu[1]);
@@ -556,7 +562,7 @@ local dsp = require "luci.dispatcher"
param = sstr.substr(ploc + 2);
}
var ssm = JSON.parse(sstr);
- opt.set('remark', ssm.ps);
+ opt.set('remarks', ssm.ps);
opt.set('address', ssm.add);
opt.set('port', ssm.port);
opt.set('alter_id', ssm.aid);
@@ -597,7 +603,7 @@ local dsp = require "luci.dispatcher"
}
//]]>
-
+
diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall
index 41d1bd6bef..26814a0e07 100644
--- a/package/lienol/luci-app-passwall/root/etc/config/passwall
+++ b/package/lienol/luci-app-passwall/root/etc/config/passwall
@@ -11,6 +11,7 @@ config global
option udp_proxy_mode 'chnroute'
option localhost_tcp_proxy_mode 'gfwlist'
option localhost_udp_proxy_mode 'gfwlist'
+ option socks_server '0.0.0.0:1080'
config global_haproxy
option balancing_enable '0'
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
index 357fa925a9..822f0f7a95 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -20,7 +20,6 @@ LUA_API_PATH=/usr/lib/lua/luci/model/cbi/$CONFIG/api
API_GEN_SS=$LUA_API_PATH/gen_shadowsocks.lua
API_GEN_V2RAY=$LUA_API_PATH/gen_v2ray.lua
API_GEN_TROJAN=$LUA_API_PATH/gen_trojan.lua
-
echolog() {
local d="$(date "+%Y-%m-%d %H:%M:%S")"
echo -e "$d: $1" >>$LOG_FILE
@@ -85,6 +84,46 @@ get_node_host_ip() {
echo $ip
}
+hosts_foreach() {
+ local __hosts
+ eval "__hosts=\$${1}"; shift 1
+ local __func=${1}; shift 1
+ local __default_port=${1}; shift 1
+ local __ret=1
+
+ [ -z "${__hosts}" ] && return 0
+ local __ip __port
+ for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do
+ __ip=$(echo $__host | sed -n 's/\(^[^:#]*\).*$/\1/p')
+ [ -n "${__default_port}" ] && __port=$(echo $__host | sed -n 's/^[^:#]*[:#]\([0-9]*\).*$/\1/p')
+ eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" $@"
+ __ret=$?
+ [ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret}
+ done
+}
+
+get_first_dns() {
+ local __hosts_val=${1}; shift 1
+ __first() {
+ [ -z "${2}" ] && return 0
+ echo "${2}#${3}"
+ return 1
+ }
+ eval "hosts_foreach \"${__hosts_val}\" __first $@"
+}
+
+get_last_dns() {
+ local __hosts_val=${1}; shift 1
+ local __first __last
+ __every() {
+ [ -z "${2}" ] && return 0
+ __last="${2}#${3}"
+ __first=${__first:-${__last}}
+ }
+ eval "hosts_foreach \"${__hosts_val}\" __every $@"
+ [ "${__first}" == "${__last}" ] || echo "${__last}"
+}
+
check_port_exists() {
port=$1
protocol=$2
@@ -123,13 +162,13 @@ ln_start_bin() {
local file=$1
[ "$file" != "null" ] && {
local bin=$2
- local cmd=$3
+ shift 2
if [ -n "${TMP_BIN_PATH}/$bin" -a -f "${TMP_BIN_PATH}/$bin" ];then
- ${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
+ ${TMP_BIN_PATH}/$bin $@ >/dev/null 2>&1 &
else
if [ -n "$file" -a -f "$file" ];then
ln -s $file ${TMP_BIN_PATH}/$bin
- ${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
+ ${TMP_BIN_PATH}/$bin $@ >/dev/null 2>&1 &
else
echolog "找不到$bin主程序,无法启动!"
fi
@@ -192,7 +231,7 @@ load_config() {
}
DNS_MODE=$(config_t_get global dns_mode pdnsd)
- DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4)
+ DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53)
DNS_CACHE=$(config_t_get global dns_cache 1)
use_tcp_node_resolve_dns=0
use_udp_node_resolve_dns=0
@@ -213,9 +252,9 @@ load_config() {
UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
[ -n "$UP_CHINA_DNS1" -a -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="$UP_CHINA_DNS1,$UP_CHINA_DNS2"
else
- UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $1}')
+ UP_CHINA_DNS1=$(get_first_dns UP_CHINA_DNS 53)
if [ -n "$UP_CHINA_DNS1" ]; then
- UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $2}')
+ UP_CHINA_DNS2=$(get_last_dns UP_CHINA_DNS 53)
[ -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="${UP_CHINA_DNS1},${UP_CHINA_DNS2}"
else
UP_CHINA_DNS1="119.29.29.29"
@@ -522,6 +561,8 @@ stop_crontab() {
}
start_dns() {
+ DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g")
+ DNS2SOCKS_FORWARD=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
case "$DNS_MODE" in
nonuse)
echolog "DNS:不使用,将会直接使用上级DNS!"
@@ -530,13 +571,10 @@ start_dns() {
echolog "DNS:使用本机7913端口DNS服务器解析域名..."
;;
dns2socks)
- DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g")
[ "$DNS2SOCKS_SOCKS_SERVER" != "nil" ] && {
- DNS2SOCKS_FORWARD=$(echo $DNS_FORWARD | awk -F ',' '{print $1}')
- [ -z "$DNS2SOCKS_FORWARD" ] && DNS2SOCKS_FORWARD="8.8.4.4"
[ "$DNS_CACHE" == "0" ] && local _cache="/d"
ln_start_bin $(find_bin dns2socks) dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$DNS_PORT $_cache"
- echolog "DNS:dns2socks($DNS2SOCKS_FORWARD)..."
+ echolog "DNS:dns2socks(${DNS2SOCKS_FORWARD-D46.182.19.48:53})..."
}
;;
pdnsd)
@@ -546,11 +584,12 @@ start_dns() {
else
gen_pdnsd_config $DNS_PORT
ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
- echolog "DNS:pdnsd + 使用TCP节点解析DNS($DNS_FORWARD)..."
- DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
+ echolog "DNS:pdnsd + 使用TCP节点解析DNS..."
fi
;;
chinadns-ng)
+ local china_ng_chn=$(echo $UP_CHINA_DNS | sed 's/:/#/g')
+ local china_ng_gfw=$(echo $DNS_FORWARD | sed 's/:/#/g')
other_port=$(expr $DNS_PORT + 1)
[ -f "$RULES_PATH/gfwlist.conf" ] && cat $RULES_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt
[ -f "$TMP_PATH/gfwlist.txt" ] && {
@@ -578,25 +617,20 @@ start_dns() {
else
gen_pdnsd_config $other_port
ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
- ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
- echolog "DNS:ChinaDNS-NG + pdnsd($DNS_FORWARD),国内DNS:$UP_CHINA_DNS"
- DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
+ ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
+ echolog "DNS:ChinaDNS-NG + pdnsd($china_ng_gfw),国内DNS:$china_ng_chn"
fi
elif [ "$up_trust_chinadns_ng_dns" == "dns2socks" ]; then
- DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g")
[ "$DNS2SOCKS_SOCKS_SERVER" != "nil" ] && {
- DNS2SOCKS_FORWARD=$(echo $DNS_FORWARD | awk -F ',' '{print $1}')
- [ -z "$DNS2SOCKS_FORWARD" ] && DNS2SOCKS_FORWARD="8.8.4.4"
[ "$DNS_CACHE" == "0" ] && local _cache="/d"
ln_start_bin $(find_bin dns2socks) dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$other_port $_cache"
- ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
- echolog "DNS:ChinaDNS-NG + dns2socks($DNS2SOCKS_FORWARD),国内DNS:$UP_CHINA_DNS"
+ ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
+ echolog "DNS:ChinaDNS-NG + dns2socks(${DNS2SOCKS_FORWARD:-D46.182.19.48:53}),国内DNS:$china_ng_chn"
}
elif [ "$up_trust_chinadns_ng_dns" == "udp" ]; then
use_udp_node_resolve_dns=1
- ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t $DNS_FORWARD $gfwlist_param $chnlist_param $fair_mode"
- echolog "DNS:ChinaDNS-NG,国内DNS:$UP_CHINA_DNS,可信DNS:$up_trust_chinadns_ng_dns,如果不能使用,请确保UDP节点已打开并且支持UDP转发。"
- DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
+ ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t $china_ng_gfw $gfwlist_param $chnlist_param $fair_mode"
+ echolog "DNS:ChinaDNS-NG,国内DNS:$china_ng_chn,可信DNS:$up_trust_chinadns_ng_dns[$china_ng_gfw],如果不能使用,请确保UDP节点已打开并且支持UDP转发。"
fi
;;
esac
@@ -707,22 +741,26 @@ gen_pdnsd_config() {
}
EOF
-
- cat >> $pdnsd_dir/pdnsd.conf <<-EOF
- server {
- label = "node";
- ip = $DNS_FORWARD;
- edns_query = on;
- port = 53;
- timeout = 4;
- interval = 10m;
- uptest = none;
- purge_cache = off;
- caching = $_cache;
- }
-
- EOF
-
+
+ append_pdnsd_updns() {
+ [ -z "${2}" ] && echolog "略过错误配置的 DNS : [${1}]" && return 0
+ echolog "配置 pdnsd 的上游DNS[${2}:${3}]"
+ cat >> $pdnsd_dir/pdnsd.conf <<-EOF
+ server {
+ label = "node-${2}_${3}";
+ ip = ${2};
+ edns_query = on;
+ port = ${3};
+ timeout = 4;
+ interval = 10m;
+ uptest = none;
+ purge_cache = off;
+ caching = $_cache;
+ }
+ EOF
+ }
+ hosts_foreach DNS_FORWARD append_pdnsd_updns 53
+
use_tcp_node_resolve_dns=1
}
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 3e0f226be4..3eb8cce870 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -347,17 +347,14 @@ add_firewall_rule() {
blist_r=$(REDIRECT 1 MARK)
p_r=$(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE 1 MARK)
fi
- [ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
- for dns in $DNS_FORWARD ; do
- local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
- ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
- [ $? == 0 ] && continue
- local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
- [ -z "$dns_port" ] && dns_port=53
- $ipt_tmp -I $dns_l 2 -p tcp -d $dns_ip --dport $dns_port $dns_r
- [ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d $dns_ip --dport $dns_port $(REDIRECT 1 MARK)
- done
+ _proxy_tcp_access() {
+ [ -n "${2}" ] && return 0
+ ipset test $IPSET_LANIPLIST ${2} 2>/dev/null
+ [ $? == 0 ] && return 0
+ $ipt_tmp -I $dns_l 2 -p tcp -d ${2} --dport ${3} $dns_r
+ [ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
}
+ [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r
@@ -402,18 +399,15 @@ add_firewall_rule() {
# 加载路由器自身代理 UDP
if [ "$UDP_NODE1" != "nil" ]; then
local UDP_NODE1_TYPE=$(echo $(config_n_get $UDP_NODE1 type) | tr 'A-Z' 'a-z')
- [ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
- for dns in $DNS_FORWARD ; do
- local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
- ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
- [ $? == 0 ] && continue
- local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
- [ -z "$dns_port" ] && dns_port=53
- local ADD_INDEX=2
- $ipt_m -I PSW $ADD_INDEX -p udp -d $dns_ip --dport $dns_port $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
- $ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d $dns_ip --dport $dns_port $(REDIRECT 1 MARK)
- done
+ _proxy_udp_access() {
+ [ -n "${2}" ] && return 0
+ ipset test $IPSET_LANIPLIST ${2} 2>/dev/null
+ [ $? == 0 ] && return 0
+ local ADD_INDEX=2
+ $ipt_m -I PSW $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
+ $ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
}
+ [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host
index 50c4253470..f3f716ef58 100644
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host
@@ -1,10 +1,124 @@
+abc.com
+abema.tv
+acast.com
+adblockplus.org
+adswizz.com
+agkn.com
+akadns.net
+akam.net
+akamai.com
+akamai.net
+akamaiedge.net
+akamaihd.net
+akamaistream.net
+akamaitech.net
+akamaitechnologies.com
+akamaitechnologies.fr
+akamaized.net
+amazon-adsystem.com
+amazon.co.jp
+amazon.co.uk
+amazon.com
+amazon.de
+amazonvideo.com
+amctv.com
+bahamut.com.tw
+beinsportsconnect.net
+beinsportsconnect.tv
+blinkbox.com
+brightcove.com
+caddyserver.com
+cbs.com
+cloudfront.net
+conviva.com
+crackle.com
+crunchyroll.com
+crwdcntrl.net
+cwtv.com
+disney.com
+disneyjunior.com
+easylist-downloads.adblockplus.org
+edgecastcdn.net
+edgekey.net
+edgesuite.net
+fast.com
+fig.bbc.co.uk
+footprint.net
formyip.com
-msi.com
+fox.com
+gamer.com.tw
+ggpht.com
+github-production-release-asset-2e65be.s3.amazonaws.com
github.com
github.io
githubusercontent.com
-github-production-release-asset-2e65be.s3.amazonaws.com
+go.com
+googleapis.com
+googletagmanager.com
+googleusercontent.com
+googlevideo.com
+gstatic.com
+happyon.jp
+hbo.com
+hbogo.com
+hbonow.com
+hinet.net
+hulu.com
+hulu.jp
+huluad.com
+huluim.com
+hulustream.com
+ifconfig.co
+imrworldwide.com
+ip2location.com
+level3.net
+line.me
+llnwd.net
+lovefilm.com
+maxmind.com
+mog.com
+movetv.com
+msi.com
+mtv.com
+mtvnservices.com
+naver.com
+naver.jp
+nbc.com
+nbcuni.com
+netflix.com
+netflix.net
+nflxext.com
+nflximg.net
+nflxso.net
+nflxvideo.net
+omtrdc.net
+open.live.bbc.co.uk
openwrt.proxy.ustclug.org
-easylist-downloads.adblockplus.org
-adblockplus.org
-caddyserver.com
\ No newline at end of file
+openx.net
+optus.com.au
+optusnet.com.au
+pandora.com
+pbs.org
+playstation.net
+primevideo.com
+pubmatic.com
+radiotime.com
+sa.bbc.co.uk
+sho.com
+sling.com
+southpark.cc.com
+spike.com
+srip.net
+theplatform.com
+ttvnw.net
+turner.com
+turnin.com
+twitch.tv
+uplynk.com
+vudu.com
+warnerbros.com
+wdtvlive.com
+www.bbc.co.uk
+xboxlive.com
+youtube.com
+ytimg.com
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host
index 42e62a2c1f..a71733fefd 100644
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host
@@ -1,3 +1,4 @@
apple.com
microsoft.com
-dyndns.com
\ No newline at end of file
+dyndns.com
+rrys.tv