From 20ef96075caa72426a9461bbbb35bde3bd325589 Mon Sep 17 00:00:00 2001 From: CN_SZTL Date: Thu, 23 Jul 2020 01:59:24 +0800 Subject: [PATCH] luci-app-passwal: sync with upstream source --- package/lienol/luci-app-passwall/Makefile | 4 +- .../model/cbi/passwall/api/gen_trojan.lua | 8 +- .../luasrc/model/cbi/passwall/node_config.lua | 4 +- .../model/cbi/passwall/server/api/app.lua | 3 + .../model/cbi/passwall/server/api/trojan.lua | 17 ++- .../luasrc/model/cbi/passwall/server/user.lua | 37 +++++- .../passwall/node_list/link_share_man.htm | 44 ++++--- .../root/etc/config/passwall | 1 + .../root/usr/share/passwall/app.sh | 118 +++++++++++------ .../root/usr/share/passwall/iptables.sh | 36 +++-- .../usr/share/passwall/rules/blacklist_host | 124 +++++++++++++++++- .../usr/share/passwall/rules/whitelist_host | 3 +- 12 files changed, 290 insertions(+), 109 deletions(-) diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile index d1c04285cc..8adffdeb60 100644 --- a/package/lienol/luci-app-passwall/Makefile +++ b/package/lienol/luci-app-passwall/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=3.9 -PKG_RELEASE:=19 -PKG_DATE:=20200717 +PKG_RELEASE:=20 +PKG_DATE:=20200719 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua index 2ee08bd4c4..1a6fed51c2 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua @@ -58,13 +58,13 @@ if node.type == "Trojan-Go" then } or nil trojan.websocket = node.trojan_transport and node.trojan_transport:find('ws') and { enabled = true, - path = (node.ws_path ~= nil) and node.ws_path or "/", - host = (node.ws_host ~= nil) and node.ws_host or (node.tls_serverName ~= nil and node.tls_serverName or node.address) + path = node.ws_path or "/", + host = node.ws_host or (node.tls_serverName or node.address) } or nil trojan.shadowsocks = (node.ss_aead == "1") and { enabled = true, - method = (node.ss_aead_method ~= nil) and node.ss_aead_method or "aead_aes_128_gcm", - password = (node.ss_aead_pwd ~= nil) and node.ss_aead_pwd or "" + method = node.ss_aead_method or "aead_aes_128_gcm", + password = node.ss_aead_pwd or "" } or nil end print(json.stringify(trojan, 1)) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua index be5a53e73b..8929d77a1f 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua @@ -72,7 +72,7 @@ s = m:section(NamedSection, arg[1], "nodes", "") s.addremove = false s.dynamic = false -share = s:option(DummyValue, "share_url", translate("Share Current")) +share = s:option(DummyValue, "passwall", translate("Share Current")) share.rawhtml = true share.template = "passwall/node_list/link_share_man" share.value = arg[1] @@ -484,7 +484,7 @@ ss_aead:depends("type", "Trojan-Go") ss_aead.default = "0" ss_aead_method = s:option(ListValue, "ss_aead_method", translate("Encrypt Method")) -for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v:upper()) end +for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v) end ss_aead_method.default = "aead_aes_128_gcm" ss_aead_method:depends("ss_aead", "1") diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua index 76c7937e1b..1c4948e388 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua @@ -82,6 +82,9 @@ local function start() elseif type == "Trojan" then config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user) bin = ln_start("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file) + elseif type == "Trojan-Go" then + config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user) + bin = ln_start(_api.get_trojan_go_path(), "trojan-go", "-config " .. config_file) elseif type == "Brook" then local brook_protocol = user.brook_protocol local brook_password = user.password diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua index e9a5734ca0..b1c80c3333 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua @@ -8,16 +8,16 @@ function gen_config(user) local_port = tonumber(user.port), remote_addr = (user.remote_enable == "1" and user.remote_address) and user.remote_address or nil, remote_port = (user.remote_enable == "1" and user.remote_port) and user.remote_port or nil, - password = { user.password }, + password = user.type == "Trojan-Go" and user.passwords or { user.password }, log_level = 1, - (user.stream_security == nil or user.stream_security == "tls") and ssl = { + ssl = (user.stream_security == nil or user.stream_security == "tls") and { cert = user.tls_certificateFile, key = user.tls_keyFile, key_password = "", cipher = user.fingerprint == nil and cipher or (user.fingerprint == "disable" and cipher13 .. ":" .. cipher or ""), cipher_tls13 = user.fingerprint == nil and cipher13 or nil, - sni = "", - verify = false, + sni = user.tls_serverName, + verify = (user.tls_allowInsecure ~= "1") and true or false, verify_hostname = false, reuse_session = true, session_ticket = (user.tls_sessionTicket == "1") and true or false, @@ -29,7 +29,6 @@ function gen_config(user) } or nil, udp_timeout = 60, disable_http_check = true, - tcp = { transport_plugin = user.stream_security == "none" and user.trojan_transport == "original" and { enabled = user.plugin_type ~= nil, type = user.plugin_type or "plaintext", @@ -40,13 +39,13 @@ function gen_config(user) } or nil, websocket = user.trojan_transport and user.trojan_transport:find('ws') and { enabled = true, - path = (user.ws_path ~= nil) and user.ws_path or "/", - hostname = (user.ws_host ~= nil) and user.ws_host or (user.tls_serverName ~= nil and user.tls_serverName or user.address) + path = user.ws_path or "/", + host = user.ws_host or (user.tls_serverName or user.address) } or nil, shadowsocks = (user.ss_aead == "1") and { enabled = true, - method = (user.ss_aead_method ~= nil) and user.ss_aead_method or "aead_aes_128_gcm", - password = (user.ss_aead_pwd ~= nil) and user.ss_aead_pwd or "" + method = user.ss_aead_method or "aead_aes_128_gcm", + password = user.ss_aead_pwd or "" } or nil, tcp = { prefer_ipv4 = false, diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua index b44d4e2490..bda28b2bbc 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua @@ -56,6 +56,11 @@ s = map:section(NamedSection, arg[1], "user", "") s.addremove = false s.dynamic = false +share = s:option(DummyValue, "passwall_server", translate("Share Current")) +share.rawhtml = true +share.template = "passwall/node_list/link_share_man" +share.value = arg[1] + enable = s:option(Flag, "enable", translate("Enable")) enable.default = "1" enable.rmempty = false @@ -111,12 +116,18 @@ password.password = true password:depends("type", "SSR") password:depends("type", "Brook") password:depends("type", "Trojan") -password:depends("type", "Trojan-Go") password:depends({ type = "V2ray", protocol = "http" }) password:depends({ type = "V2ray", protocol = "socks" }) password:depends({ type = "V2ray", protocol = "shadowsocks" }) password:depends({ type = "V2ray", protocol = "mtproto" }) +passwords = s:option(DynamicList, "passwords", translate("Password")) +for i = 1, 3 do + local uuid = luci.sys.exec("echo -n $(cat /proc/sys/kernel/random/uuid)") + passwords:value(uuid) +end +passwords:depends("type", "Trojan-Go") + ssr_encrypt_method = s:option(ListValue, "ssr_encrypt_method", translate("Encrypt Method")) for a, t in ipairs(ssr_encrypt_method_list) do ssr_encrypt_method:value(t) end ssr_encrypt_method:depends("type", "SSR") @@ -192,14 +203,27 @@ stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "ws" } stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "h2" }) stream_security:depends({ type = "V2ray", protocol = "socks" }) stream_security:depends({ type = "V2ray", protocol = "shadowsocks" }) +stream_security:depends("type", "Trojan") stream_security:depends("type", "Trojan-Go") - +stream_security.validate = function(self, value) + if value == "none" and type:formvalue(arg[1]) == "Trojan" then + return nil, translate("'none' not supported for original Trojan.") + end + return value +end -- [[ TLS部分 ]] -- tls_sessionTicket = s:option(Flag, "tls_sessionTicket", translate("Session Ticket")) tls_sessionTicket.default = "0" tls_sessionTicket:depends("stream_security", "tls") +tls_serverName = s:option(Value, "tls_serverName", translate("Domain")) +tls_serverName:depends("stream_security", "tls") + +tls_allowInsecure = s:option(Flag, "tls_allowInsecure", translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, V2Ray does not check the validity of the TLS certificate provided by the remote host.")) +tls_allowInsecure.default = "0" +tls_allowInsecure:depends("stream_security", "tls") + tls_certificateFile = s:option(Value, "tls_certificateFile", translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem") tls_certificateFile:depends("stream_security", "tls") @@ -213,9 +237,9 @@ transport:value("ws", "WebSocket") transport:value("h2", "HTTP/2") transport:value("ds", "DomainSocket") transport:value("quic", "QUIC") -stream_security:depends({ type = "V2ray", protocol = "vmess" }) -stream_security:depends({ type = "V2ray", protocol = "socks" }) -stream_security:depends({ type = "V2ray", protocol = "shadowsocks" }) +transport:depends({ type = "V2ray", protocol = "vmess" }) +transport:depends({ type = "V2ray", protocol = "socks" }) +transport:depends({ type = "V2ray", protocol = "shadowsocks" }) trojan_transport = s:option(ListValue, "trojan_transport", translate("Transport")) trojan_transport:value("original", "Original") @@ -341,6 +365,7 @@ remote_enable = s:option(Flag, "remote_enable", translate("Enable Remote"), tran remote_enable.default = "1" remote_enable.rmempty = false remote_enable:depends("type", "Trojan") +remote_enable:depends("type", "Trojan-Go") remote_address = s:option(Value, "remote_address", translate("Remote Address")) remote_address.default = "127.0.0.1" @@ -356,7 +381,7 @@ ss_aead:depends("type", "Trojan-Go") ss_aead.default = "0" ss_aead_method = s:option(ListValue, "ss_aead_method", translate("Encrypt Method")) -for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v:upper()) end +for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v) end ss_aead_method.default = "aead_aes_128_gcm" ss_aead_method.rmempty = false ss_aead_method:depends("ss_aead", "1") diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm index 5357de4cef..7c43c8faaf 100644 --- a/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm +++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm @@ -100,16 +100,19 @@ local dsp = require "luci.dispatcher" function buildUrl(btn, urlname, sid) { var opt = { base: "cbid.passwall", + client : true, fallback: "dummy", get: function(opt) { var id = this.base + "." + opt; - var obj = document.getElementsByName(id) || document.getElementById(id); + var obj = document.getElementsByName(id)[0] || document.getElementsByClassName(id)[0] || document.getElementById(id) if (obj) { - if (obj.length === 1) obj = obj[0]; return obj; } else { - alert("<%:Faltal on get option, please help in debug: %>" + opt); - return document.getElementById(this.fallback); + obj = document.getElementById(this.fallback); + if (opt === "address") obj.value = "0.0.0.0"; + else if (opt === "mux") obj.value = "0"; + if (this.client || (opt !== "address" && opt !== "mux")) alert("<%:Faltal on get option, please help in debug: %>" + opt); + return obj; } }, getlist: function(opt) { @@ -144,7 +147,8 @@ local dsp = require "luci.dispatcher" alert("Never"); return false; } - opt.base = "cbid.passwall." + sid; + opt.base = "cbid." + urlname + "." + sid; + opt.client = urlname.indexOf("server") === -1; opt.fallback = urlname + "-dummy"; var v_type = opt.get("type").value; var v_alias = opt.get("remarks"); @@ -169,7 +173,7 @@ local dsp = require "luci.dispatcher" "&remarks=" + b64encutf8safe(v_alias.value); url = b64encsafe(ssr_str); } else if (v_type === "Trojan" || v_type === "Trojan-Go") { - var v_password = opt.get("password"); + var v_password = opt.get(!opt.client && v_type === "Trojan-Go" ? "passwords" : "password"); var v_server = opt.get("address"); var v_port = opt.get("port"); url = encodeURIComponent(v_password.value) + @@ -239,6 +243,7 @@ local dsp = require "luci.dispatcher" function fromUrl(btn, urlname, sid) { var opt = { base: 'cbid.passwall', + client : true, fallback: 'dummy', get: function(opt) { var obj; @@ -247,7 +252,7 @@ local dsp = require "luci.dispatcher" if (obj) { return obj; } else { - alert('<%:Faltal on get option, please help in debug: %>' + opt); + if (this.client || (opt !== "address" && opt !== "mux")) alert('<%:Faltal on get option, please help in debug: %>' + opt); return document.getElementById(this.fallback); } }, @@ -287,7 +292,8 @@ local dsp = require "luci.dispatcher" alert("Never"); return false; } - opt.base = 'cbid.passwall.' + sid + opt.base = "cbid." + urlname + "." + sid; + opt.client = urlname.indexOf("server") === -1; opt.fallback = urlname + '-dummy'; var ssrurl = prompt('<%:Paste Share URL Here%>', ''); if (ssrurl === null || ssrurl === "") { @@ -333,7 +339,7 @@ local dsp = require "luci.dispatcher" opt.set('protocol_param', dictvalue(pdict, 'protoparam')); var rem = pdict['remarks']; if (typeof(rem) !== 'undefined' && rem !== '' && rem.length > 0) - opt.set('remark', b64decutf8safe(rem)); + opt.set('remarks', b64decutf8safe(rem)); } else if (ssu[0] === "ss") { var url0 = "", param = ""; var sipIndex = ssu[1].indexOf("@"); @@ -374,7 +380,7 @@ local dsp = require "luci.dispatcher" opt.set('ss_plugin', plugin || ""); opt.set('ss_plugin_opts', pluginOpts || ""); if (param !== undefined) { - opt.set('remark', decodeURI(param)); + opt.set('remarks', decodeURI(param)); } } else { var sstr = b64decsafe(url0); @@ -390,7 +396,7 @@ local dsp = require "luci.dispatcher" opt.set('ss_plugin', ""); opt.set('ss_plugin_opts', ""); if (param !== undefined) { - opt.set('remark', decodeURI(param)); + opt.set('remarks', decodeURI(param)); } } } else if (ssu[0] === "trojan") { @@ -420,7 +426,7 @@ local dsp = require "luci.dispatcher" opt.get('type').dispatchEvent(event); opt.set('address', m.hostname); opt.set('port', m.port || "443"); - opt.set('password', decodeURIComponent(password)); + opt.set(!opt.client && stype === "Trojan-Go" ? 'passwords' : 'password', decodeURIComponent(password)); var tls = true; if (stype === "Trojan-Go") { tls = queryParam.plugin === undefined; @@ -454,12 +460,12 @@ local dsp = require "luci.dispatcher" var ss = queryParam.ss === '1'; opt.set('ss_aead', ss); if (ss) { - opt.set('ss_aead_method', queryParam.ssmethod.toUpperCase() || ''); + opt.set('ss_aead_method', queryParam.ssmethod.toLowerCase() || ''); opt.set('ss_aead_pwd', queryParam.sspasswd || ''); } opt.set('mux', queryParam.mux === '1'); if (m.hash) { - opt.set('remark', decodeURI(m.hash.substr(1))); + opt.set('remarks', decodeURI(m.hash.substr(1))); } } else if (ssu[0] === "trojan-go") { var m = parseNodeUrl(ssrurl); @@ -483,7 +489,7 @@ local dsp = require "luci.dispatcher" opt.get('type').dispatchEvent(event); opt.set('address', m.hostname); opt.set('port', m.port || "443"); - opt.set('password', decodeURIComponent(password)); + opt.set(opt.client ? 'password' : 'passwords', decodeURIComponent(password)); opt.set('stream_security', (queryParam.tls && queryParam.tls === '1') ? 'tls' : 'none'); opt.get('stream_security').dispatchEvent(event); var plugin = queryParam.plugin !== undefined; @@ -538,12 +544,12 @@ local dsp = require "luci.dispatcher" ss = enc.type === 'ss'; opt.set('ss_aead', ss); if (ss) { - opt.set('ss_aead_method', enc.method.toUpperCase() || ''); + opt.set('ss_aead_method', enc.method.toLowerCase() || ''); opt.set('ss_aead_pwd', enc.password || ''); } opt.set('mux', queryParam.mux === '1'); if (m.hash) { - opt.set('remark', decodeURI(m.hash)); + opt.set('remarks', decodeURI(m.hash.substr(1))); } } else if (ssu[0] === "vmess") { var sstr = b64DecodeUnicode(ssu[1]); @@ -556,7 +562,7 @@ local dsp = require "luci.dispatcher" param = sstr.substr(ploc + 2); } var ssm = JSON.parse(sstr); - opt.set('remark', ssm.ps); + opt.set('remarks', ssm.ps); opt.set('address', ssm.add); opt.set('port', ssm.port); opt.set('alter_id', ssm.aid); @@ -597,7 +603,7 @@ local dsp = require "luci.dispatcher" } //]]> - + diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall index 41d1bd6bef..26814a0e07 100644 --- a/package/lienol/luci-app-passwall/root/etc/config/passwall +++ b/package/lienol/luci-app-passwall/root/etc/config/passwall @@ -11,6 +11,7 @@ config global option udp_proxy_mode 'chnroute' option localhost_tcp_proxy_mode 'gfwlist' option localhost_udp_proxy_mode 'gfwlist' + option socks_server '0.0.0.0:1080' config global_haproxy option balancing_enable '0' diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 357fa925a9..822f0f7a95 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -20,7 +20,6 @@ LUA_API_PATH=/usr/lib/lua/luci/model/cbi/$CONFIG/api API_GEN_SS=$LUA_API_PATH/gen_shadowsocks.lua API_GEN_V2RAY=$LUA_API_PATH/gen_v2ray.lua API_GEN_TROJAN=$LUA_API_PATH/gen_trojan.lua - echolog() { local d="$(date "+%Y-%m-%d %H:%M:%S")" echo -e "$d: $1" >>$LOG_FILE @@ -85,6 +84,46 @@ get_node_host_ip() { echo $ip } +hosts_foreach() { + local __hosts + eval "__hosts=\$${1}"; shift 1 + local __func=${1}; shift 1 + local __default_port=${1}; shift 1 + local __ret=1 + + [ -z "${__hosts}" ] && return 0 + local __ip __port + for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do + __ip=$(echo $__host | sed -n 's/\(^[^:#]*\).*$/\1/p') + [ -n "${__default_port}" ] && __port=$(echo $__host | sed -n 's/^[^:#]*[:#]\([0-9]*\).*$/\1/p') + eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" $@" + __ret=$? + [ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret} + done +} + +get_first_dns() { + local __hosts_val=${1}; shift 1 + __first() { + [ -z "${2}" ] && return 0 + echo "${2}#${3}" + return 1 + } + eval "hosts_foreach \"${__hosts_val}\" __first $@" +} + +get_last_dns() { + local __hosts_val=${1}; shift 1 + local __first __last + __every() { + [ -z "${2}" ] && return 0 + __last="${2}#${3}" + __first=${__first:-${__last}} + } + eval "hosts_foreach \"${__hosts_val}\" __every $@" + [ "${__first}" == "${__last}" ] || echo "${__last}" +} + check_port_exists() { port=$1 protocol=$2 @@ -123,13 +162,13 @@ ln_start_bin() { local file=$1 [ "$file" != "null" ] && { local bin=$2 - local cmd=$3 + shift 2 if [ -n "${TMP_BIN_PATH}/$bin" -a -f "${TMP_BIN_PATH}/$bin" ];then - ${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 & + ${TMP_BIN_PATH}/$bin $@ >/dev/null 2>&1 & else if [ -n "$file" -a -f "$file" ];then ln -s $file ${TMP_BIN_PATH}/$bin - ${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 & + ${TMP_BIN_PATH}/$bin $@ >/dev/null 2>&1 & else echolog "找不到$bin主程序,无法启动!" fi @@ -192,7 +231,7 @@ load_config() { } DNS_MODE=$(config_t_get global dns_mode pdnsd) - DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4) + DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53) DNS_CACHE=$(config_t_get global dns_cache 1) use_tcp_node_resolve_dns=0 use_udp_node_resolve_dns=0 @@ -213,9 +252,9 @@ load_config() { UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P') [ -n "$UP_CHINA_DNS1" -a -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="$UP_CHINA_DNS1,$UP_CHINA_DNS2" else - UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $1}') + UP_CHINA_DNS1=$(get_first_dns UP_CHINA_DNS 53) if [ -n "$UP_CHINA_DNS1" ]; then - UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $2}') + UP_CHINA_DNS2=$(get_last_dns UP_CHINA_DNS 53) [ -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="${UP_CHINA_DNS1},${UP_CHINA_DNS2}" else UP_CHINA_DNS1="119.29.29.29" @@ -522,6 +561,8 @@ stop_crontab() { } start_dns() { + DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g") + DNS2SOCKS_FORWARD=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g') case "$DNS_MODE" in nonuse) echolog "DNS:不使用,将会直接使用上级DNS!" @@ -530,13 +571,10 @@ start_dns() { echolog "DNS:使用本机7913端口DNS服务器解析域名..." ;; dns2socks) - DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g") [ "$DNS2SOCKS_SOCKS_SERVER" != "nil" ] && { - DNS2SOCKS_FORWARD=$(echo $DNS_FORWARD | awk -F ',' '{print $1}') - [ -z "$DNS2SOCKS_FORWARD" ] && DNS2SOCKS_FORWARD="8.8.4.4" [ "$DNS_CACHE" == "0" ] && local _cache="/d" ln_start_bin $(find_bin dns2socks) dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$DNS_PORT $_cache" - echolog "DNS:dns2socks($DNS2SOCKS_FORWARD)..." + echolog "DNS:dns2socks(${DNS2SOCKS_FORWARD-D46.182.19.48:53})..." } ;; pdnsd) @@ -546,11 +584,12 @@ start_dns() { else gen_pdnsd_config $DNS_PORT ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d" - echolog "DNS:pdnsd + 使用TCP节点解析DNS($DNS_FORWARD)..." - DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g') + echolog "DNS:pdnsd + 使用TCP节点解析DNS..." fi ;; chinadns-ng) + local china_ng_chn=$(echo $UP_CHINA_DNS | sed 's/:/#/g') + local china_ng_gfw=$(echo $DNS_FORWARD | sed 's/:/#/g') other_port=$(expr $DNS_PORT + 1) [ -f "$RULES_PATH/gfwlist.conf" ] && cat $RULES_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt [ -f "$TMP_PATH/gfwlist.txt" ] && { @@ -578,25 +617,20 @@ start_dns() { else gen_pdnsd_config $other_port ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d" - ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode" - echolog "DNS:ChinaDNS-NG + pdnsd($DNS_FORWARD),国内DNS:$UP_CHINA_DNS" - DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g') + ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode" + echolog "DNS:ChinaDNS-NG + pdnsd($china_ng_gfw),国内DNS:$china_ng_chn" fi elif [ "$up_trust_chinadns_ng_dns" == "dns2socks" ]; then - DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g") [ "$DNS2SOCKS_SOCKS_SERVER" != "nil" ] && { - DNS2SOCKS_FORWARD=$(echo $DNS_FORWARD | awk -F ',' '{print $1}') - [ -z "$DNS2SOCKS_FORWARD" ] && DNS2SOCKS_FORWARD="8.8.4.4" [ "$DNS_CACHE" == "0" ] && local _cache="/d" ln_start_bin $(find_bin dns2socks) dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$other_port $_cache" - ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode" - echolog "DNS:ChinaDNS-NG + dns2socks($DNS2SOCKS_FORWARD),国内DNS:$UP_CHINA_DNS" + ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode" + echolog "DNS:ChinaDNS-NG + dns2socks(${DNS2SOCKS_FORWARD:-D46.182.19.48:53}),国内DNS:$china_ng_chn" } elif [ "$up_trust_chinadns_ng_dns" == "udp" ]; then use_udp_node_resolve_dns=1 - ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t $DNS_FORWARD $gfwlist_param $chnlist_param $fair_mode" - echolog "DNS:ChinaDNS-NG,国内DNS:$UP_CHINA_DNS,可信DNS:$up_trust_chinadns_ng_dns,如果不能使用,请确保UDP节点已打开并且支持UDP转发。" - DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g') + ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t $china_ng_gfw $gfwlist_param $chnlist_param $fair_mode" + echolog "DNS:ChinaDNS-NG,国内DNS:$china_ng_chn,可信DNS:$up_trust_chinadns_ng_dns[$china_ng_gfw],如果不能使用,请确保UDP节点已打开并且支持UDP转发。" fi ;; esac @@ -707,22 +741,26 @@ gen_pdnsd_config() { } EOF - - cat >> $pdnsd_dir/pdnsd.conf <<-EOF - server { - label = "node"; - ip = $DNS_FORWARD; - edns_query = on; - port = 53; - timeout = 4; - interval = 10m; - uptest = none; - purge_cache = off; - caching = $_cache; - } - - EOF - + + append_pdnsd_updns() { + [ -z "${2}" ] && echolog "略过错误配置的 DNS : [${1}]" && return 0 + echolog "配置 pdnsd 的上游DNS[${2}:${3}]" + cat >> $pdnsd_dir/pdnsd.conf <<-EOF + server { + label = "node-${2}_${3}"; + ip = ${2}; + edns_query = on; + port = ${3}; + timeout = 4; + interval = 10m; + uptest = none; + purge_cache = off; + caching = $_cache; + } + EOF + } + hosts_foreach DNS_FORWARD append_pdnsd_updns 53 + use_tcp_node_resolve_dns=1 } diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh index 3e0f226be4..3eb8cce870 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -347,17 +347,14 @@ add_firewall_rule() { blist_r=$(REDIRECT 1 MARK) p_r=$(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE 1 MARK) fi - [ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && { - for dns in $DNS_FORWARD ; do - local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}') - ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null - [ $? == 0 ] && continue - local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}') - [ -z "$dns_port" ] && dns_port=53 - $ipt_tmp -I $dns_l 2 -p tcp -d $dns_ip --dport $dns_port $dns_r - [ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d $dns_ip --dport $dns_port $(REDIRECT 1 MARK) - done + _proxy_tcp_access() { + [ -n "${2}" ] && return 0 + ipset test $IPSET_LANIPLIST ${2} 2>/dev/null + [ $? == 0 ] && return 0 + $ipt_tmp -I $dns_l 2 -p tcp -d ${2} --dport ${3} $dns_r + [ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d ${2} --dport ${3} $(REDIRECT 1 MARK) } + [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53 $ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT [ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r @@ -402,18 +399,15 @@ add_firewall_rule() { # 加载路由器自身代理 UDP if [ "$UDP_NODE1" != "nil" ]; then local UDP_NODE1_TYPE=$(echo $(config_n_get $UDP_NODE1 type) | tr 'A-Z' 'a-z') - [ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && { - for dns in $DNS_FORWARD ; do - local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}') - ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null - [ $? == 0 ] && continue - local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}') - [ -z "$dns_port" ] && dns_port=53 - local ADD_INDEX=2 - $ipt_m -I PSW $ADD_INDEX -p udp -d $dns_ip --dport $dns_port $(REDIRECT $UDP_REDIR_PORT1 TPROXY) - $ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d $dns_ip --dport $dns_port $(REDIRECT 1 MARK) - done + _proxy_udp_access() { + [ -n "${2}" ] && return 0 + ipset test $IPSET_LANIPLIST ${2} 2>/dev/null + [ $? == 0 ] && return 0 + local ADD_INDEX=2 + $ipt_m -I PSW $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT1 TPROXY) + $ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT 1 MARK) } + [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53 $ipt_m -A OUTPUT -p udp -j PSW_OUTPUT [ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK) diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host index 50c4253470..f3f716ef58 100644 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host @@ -1,10 +1,124 @@ +abc.com +abema.tv +acast.com +adblockplus.org +adswizz.com +agkn.com +akadns.net +akam.net +akamai.com +akamai.net +akamaiedge.net +akamaihd.net +akamaistream.net +akamaitech.net +akamaitechnologies.com +akamaitechnologies.fr +akamaized.net +amazon-adsystem.com +amazon.co.jp +amazon.co.uk +amazon.com +amazon.de +amazonvideo.com +amctv.com +bahamut.com.tw +beinsportsconnect.net +beinsportsconnect.tv +blinkbox.com +brightcove.com +caddyserver.com +cbs.com +cloudfront.net +conviva.com +crackle.com +crunchyroll.com +crwdcntrl.net +cwtv.com +disney.com +disneyjunior.com +easylist-downloads.adblockplus.org +edgecastcdn.net +edgekey.net +edgesuite.net +fast.com +fig.bbc.co.uk +footprint.net formyip.com -msi.com +fox.com +gamer.com.tw +ggpht.com +github-production-release-asset-2e65be.s3.amazonaws.com github.com github.io githubusercontent.com -github-production-release-asset-2e65be.s3.amazonaws.com +go.com +googleapis.com +googletagmanager.com +googleusercontent.com +googlevideo.com +gstatic.com +happyon.jp +hbo.com +hbogo.com +hbonow.com +hinet.net +hulu.com +hulu.jp +huluad.com +huluim.com +hulustream.com +ifconfig.co +imrworldwide.com +ip2location.com +level3.net +line.me +llnwd.net +lovefilm.com +maxmind.com +mog.com +movetv.com +msi.com +mtv.com +mtvnservices.com +naver.com +naver.jp +nbc.com +nbcuni.com +netflix.com +netflix.net +nflxext.com +nflximg.net +nflxso.net +nflxvideo.net +omtrdc.net +open.live.bbc.co.uk openwrt.proxy.ustclug.org -easylist-downloads.adblockplus.org -adblockplus.org -caddyserver.com \ No newline at end of file +openx.net +optus.com.au +optusnet.com.au +pandora.com +pbs.org +playstation.net +primevideo.com +pubmatic.com +radiotime.com +sa.bbc.co.uk +sho.com +sling.com +southpark.cc.com +spike.com +srip.net +theplatform.com +ttvnw.net +turner.com +turnin.com +twitch.tv +uplynk.com +vudu.com +warnerbros.com +wdtvlive.com +www.bbc.co.uk +xboxlive.com +youtube.com +ytimg.com diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host index 42e62a2c1f..a71733fefd 100644 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host @@ -1,3 +1,4 @@ apple.com microsoft.com -dyndns.com \ No newline at end of file +dyndns.com +rrys.tv