diff --git a/package/ctcgfw/luci-app-unblockneteasemusic-mini/root/etc/init.d/unblockneteasemusic-mini b/package/ctcgfw/luci-app-unblockneteasemusic-mini/root/etc/init.d/unblockneteasemusic-mini index 80efd64b5f..5c1300fa89 100755 --- a/package/ctcgfw/luci-app-unblockneteasemusic-mini/root/etc/init.d/unblockneteasemusic-mini +++ b/package/ctcgfw/luci-app-unblockneteasemusic-mini/root/etc/init.d/unblockneteasemusic-mini @@ -24,7 +24,7 @@ ipset=/interface.music.163.com/music ipset=/interface3.music.163.com/music ipset=/apm.music.163.com/music ipset=/apm3.music.163.com/music -EOF + EOF /etc/init.d/dnsmasq restart >/dev/null 2>&1 if ! ipset list music >/dev/null; then ipset create music hash:ip; fi diff --git a/package/jsda/smartdns/Makefile b/package/jsda/smartdns/Makefile index cda45f4bcb..2d5523e723 100644 --- a/package/jsda/smartdns/Makefile +++ b/package/jsda/smartdns/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=smartdns -PKG_VERSION:=1 +PKG_VERSION:=2019.11.02 PKG_RELEASE:=1 include $(INCLUDE_DIR)/package.mk @@ -14,8 +14,6 @@ define Package/$(PKG_NAME) SECTION:=net CATEGORY:=Network TITLE:=smartdns - URL:= - DEPENDS:=+libopenssl endef define Package/$(PKG_NAME)/description @@ -46,9 +44,6 @@ endif ifeq ($(ARCH),aarch64) PKG_ARCH_SMARTDNS:=arm64 endif -ifeq ($(BOARD),bcm53xx) - PKG_ARCH_SMARTDNS:=bcm53xx -endif define Package/$(PKG_NAME)/install $(INSTALL_DIR) $(1)/usr/sbin diff --git a/package/jsda/smartdns/files/etc/init.d/smartdns b/package/jsda/smartdns/files/etc/init.d/smartdns index 4d29c986e6..18aef9a34c 100755 --- a/package/jsda/smartdns/files/etc/init.d/smartdns +++ b/package/jsda/smartdns/files/etc/init.d/smartdns @@ -160,6 +160,7 @@ load_server() config_get "port" "$section" "port" "" config_get "type" "$section" "type" "udp" config_get "ip" "$section" "ip" "" + config_get "tls_host_verify" "$section" "tls_host_verify" "" config_get "host_name" "$section" "host_name" "" config_get "http_host" "$section" "http_host" "" config_get "server_group" "$section" "server_group" "" @@ -191,6 +192,10 @@ load_server() fi fi + if [ ! -z "$tls_host_verify" ]; then + ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-verify $tls_host_verify" + fi + if [ ! -z "$host_name" ]; then ADDITIONAL_ARGS="$ADDITIONAL_ARGS -host-name $host_name" fi @@ -228,7 +233,75 @@ load_server() conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS $addition_arg" } -load_service() { +load_second_server() +{ + local section="$1" + local ARGS="" + local ADDR="" + + config_get_bool "seconddns_enabled" "$section" "seconddns_enabled" "0" + if [ "$seconddns_enabled" = "0" ]; then + return + fi + + config_get "seconddns_port" "$section" "seconddns_port" "7053" + + config_get_bool "seconddns_no_speed_check" "$section" "seconddns_no_speed_check" "0" + if [ "$seconddns_no_speed_check" = "1" ]; then + ARGS="$ARGS -no-speed-check" + fi + + config_get "seconddns_server_group" "$section" "seconddns_server_group" "" + if [ ! -z "$seconddns_server_group" ]; then + ARGS="$ARGS -group $seconddns_server_group" + fi + + config_get_bool "seconddns_no_rule_addr" "$section" "seconddns_no_rule_addr" "0" + if [ "$seconddns_no_rule_addr" = "1" ]; then + ARGS="$ARGS -no-rule-addr" + fi + + config_get_bool "seconddns_no_rule_nameserver" "$section" "seconddns_no_rule_nameserver" "0" + if [ "$seconddns_no_rule_nameserver" = "1" ]; then + ARGS="$ARGS -no-rule-nameserver" + fi + + config_get_bool "seconddns_no_rule_ipset" "$section" "seconddns_no_rule_ipset" "0" + if [ "$seconddns_no_rule_ipset" = "1" ]; then + ARGS="$ARGS -no-rule-ipset" + fi + + config_get_bool "seconddns_no_rule_soa" "$section" "seconddns_no_rule_soa" "0" + if [ "$seconddns_no_rule_soa" = "1" ]; then + ARGS="$ARGS -no-rule-soa" + fi + + config_get_bool "seconddns_no_dualstack_selection" "$section" "seconddns_no_dualstack_selection" "0" + if [ "$seconddns_no_dualstack_selection" = "1" ]; then + ARGS="$ARGS -no-dualstack-selection" + fi + + config_get_bool "seconddns_no_cache" "$section" "seconddns_no_cache" "0" + if [ "$seconddns_no_cache" = "1" ]; then + ARGS="$ARGS -no-cache" + fi + + config_get "ipv6_server" "$section" "ipv6_server" "1" + if [ "$ipv6_server" = "1" ]; then + ADDR="[::]" + else + ADDR="" + fi + + conf_append "bind" "$ADDR:$seconddns_port $ARGS" + config_get_bool "seconddns_tcp_server" "$section" "seconddns_tcp_server" "1" + if [ "$seconddns_tcp_server" = "1" ]; then + conf_append "bind-tcp" "$ADDR:$seconddns_port $ARGS" + fi +} + +load_service() +{ local section="$1" args="" @@ -347,6 +420,8 @@ load_service() { set_forward_dnsmasq "$SMARTDNS_PORT" fi + load_second_server $section + config_foreach load_server "server" echo "conf-file $ADDRESS_CONF" >> $SMARTDNS_CONF_TMP @@ -373,12 +448,14 @@ load_service() { procd_close_instance } -start_service() { +start_service() +{ config_load "smartdns" config_foreach load_service "smartdns" } -reload_service(){ +reload_service() +{ stop start } diff --git a/package/jsda/smartdns/files/etc/smartdns/smartdns.conf b/package/jsda/smartdns/files/etc/smartdns/smartdns.conf index 1b3625f4b9..98a1e9ae73 100644 --- a/package/jsda/smartdns/files/etc/smartdns/smartdns.conf +++ b/package/jsda/smartdns/files/etc/smartdns/smartdns.conf @@ -8,14 +8,27 @@ # conf-file [file] # conf-file blacklist-ip.conf -# dns server bind ip and port, default dns server port is 53. -# bind [IP]:port, udp server -# bind-tcp [IP]:port, tcp server +# dns server bind ip and port, default dns server port is 53, support binding multi ip and port +# bind udp server +# bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection] +# bind tcp server +# bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection] +# option: +# -group: set domain request to use the appropriate server group. +# -no-rule-addr: skip address rule. +# -no-rule-nameserver: skip nameserver rule. +# -no-rule-ipset: skip ipset rule. +# -no-speed-check: do not check speed. +# -no-cache: skip cache. +# -no-rule-soa: Skip address SOA(#) rules. +# -no-dualstack-selection: Disable dualstack ip selection. # example: -# IPV4: :53 -# IPV6 [::]:53 -# bind-tcp [::]:53 - +# IPV4: +# bind :53 +# bind :6053 -group office -no-speed-check +# IPV6: +# bind [::]:53 +# bind-tcp [::]:53 bind [::]:6053 # tcp connection idle timeout @@ -42,6 +55,13 @@ cache-size 512 # List of IPs that will be ignored # ignore-ip [ip/subnet] +# speed check mode +# speed-check-mode [ping|tcp:port|none|,] +# example: +# speed-check-mode ping,tcp:80 +# speed-check-mode tcp:443,ping +# speed-check-mode none + # force AAAA query return SOA # force-AAAA-SOA [yes|no] @@ -75,8 +95,9 @@ log-level info # log-num 2 # dns audit -# audit-enable: enable or disable audit [yes|no] +# audit-enable [yes|no]: enable or disable audit. # audit-enable yes +# audit-SOA [yes|no]: enable or disalbe log soa result. # audit-size size of each audit file, support k,m,g # audit-file /var/log/smartdns-audit.log # audit-size 128k @@ -100,6 +121,8 @@ log-level info # remote tls dns server list # server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group] # -spki-pin: TLS spki pin to verify. +# -tls-host-check: cert hostname to verify. +# -hostname: TLS sni hostname. # Get SPKI with this command: # echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 # default port is 853 @@ -109,6 +132,9 @@ log-level info # remote https dns server list # server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group] # -spki-pin: TLS spki pin to verify. +# -tls-host-check: cert hostname to verify. +# -hostname: TLS sni hostname. +# -http-host: http host. # default port is 443 # server-https https://cloudflare-dns.com/dns-query diff --git a/package/jsda/smartdns/files/usr/sbin/arm b/package/jsda/smartdns/files/usr/sbin/arm index 893be542af..43ed7e8133 100755 Binary files a/package/jsda/smartdns/files/usr/sbin/arm and b/package/jsda/smartdns/files/usr/sbin/arm differ diff --git a/package/jsda/smartdns/files/usr/sbin/arm64 b/package/jsda/smartdns/files/usr/sbin/arm64 index 3b3c7c8e66..e59d9039e0 100755 Binary files a/package/jsda/smartdns/files/usr/sbin/arm64 and b/package/jsda/smartdns/files/usr/sbin/arm64 differ diff --git a/package/jsda/smartdns/files/usr/sbin/bcm53xx b/package/jsda/smartdns/files/usr/sbin/bcm53xx deleted file mode 100755 index f39c71a571..0000000000 Binary files a/package/jsda/smartdns/files/usr/sbin/bcm53xx and /dev/null differ diff --git a/package/jsda/smartdns/files/usr/sbin/mips b/package/jsda/smartdns/files/usr/sbin/mips index 22f06c3165..10d3c944d2 100755 Binary files a/package/jsda/smartdns/files/usr/sbin/mips and b/package/jsda/smartdns/files/usr/sbin/mips differ diff --git a/package/jsda/smartdns/files/usr/sbin/mipsel b/package/jsda/smartdns/files/usr/sbin/mipsel index 9ee77c5bd2..9c6e180472 100755 Binary files a/package/jsda/smartdns/files/usr/sbin/mipsel and b/package/jsda/smartdns/files/usr/sbin/mipsel differ diff --git a/package/jsda/smartdns/files/usr/sbin/x86 b/package/jsda/smartdns/files/usr/sbin/x86 index 9064b2e1ce..3ca2b8a358 100755 Binary files a/package/jsda/smartdns/files/usr/sbin/x86 and b/package/jsda/smartdns/files/usr/sbin/x86 differ diff --git a/package/jsda/smartdns/files/usr/sbin/x86_64 b/package/jsda/smartdns/files/usr/sbin/x86_64 index 4577499b26..298348448d 100755 Binary files a/package/jsda/smartdns/files/usr/sbin/x86_64 and b/package/jsda/smartdns/files/usr/sbin/x86_64 differ