OpenWrt
/
packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

adblock: update 4.4.1-2 

* init improvements
* jail mode fixes and improvements
* small code cleanups
* update the readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken 2025-05-03 14:37:13 +02:00
parent 8df8700a13
commit 52b51e30f4
No known key found for this signature in database
GPG Key ID: 9D71CD547BFAE684
4 changed files with 108 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/adblock/Makefile
View File

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
PKG_VERSION:=4.4.1
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

29
net/adblock/files/README.md
View File

@ -88,7 +88,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but
* Supports a wide range of router modes, even AP modes are supported
* Full IPv4 and IPv6 support
* Provides top level domain compression ('tld compression'), this feature removes thousands of needless host entries from the blocklist and lowers the memory footprint for the DNS backend
* Provides a 'DNS Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save disk space.
* Provides a 'DNS Blocklist Shift', where the generated final DNS blocklist is moved to the backup directory and only a soft link to this file is set in memory. As long as your backup directory is located on an external drive, you should activate this option to save valuable RAM.
* Source parsing by fast & flexible regex rulesets, all rules and feed information are placed in an external JSON file ('/etc/adblock/adblock.feeds')
* Overall duplicate removal in generated blocklist file 'adb_list.overall'
* Additional local allowlist for manual overrides, located in '/etc/adblock/adblock.allowlist' (only exact matches).
@ -169,12 +169,13 @@ Available commands:
| adb_fetchparm | -, auto-detected | manually override the config options for the selected download utility |
| adb_fetchinsecure | 0, disabled | don't check SSL server certificates during download |
| adb_trigger | -, not set | trigger network interface or 'not set' to use a time-based startup |
| adb_triggerdelay | 2 | additional trigger delay in seconds before adblock processing begins |
| adb_triggerdelay | 5 | additional trigger delay in seconds before adblock processing begins |
| adb_debug | 0, disabled | set to 1 to enable the debug output |
| adb_nice | 0, standard prio. | valid nice level range 0-19 of the adblock processes |
| adb_dnsshift | 0, disabled | shift the blocklist to the backup directory and only set a soft link to this file in memory |
| adb_dnsforce | 0, disabled | set to 1 to force DNS requests to the local resolver |
| adb_dnsdir | -, auto-detected | path for the generated blocklist file 'adb_list.overall' |
| adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart |
| adb_dnstimeout | 20 | timeout in seconds to wait for a successful DNS backend restart |
| adb_dnsinstance | 0, first instance | set to the relevant dns backend instance used by adblock (dnsmasq only) |
| adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing |
| adb_lookupdomain | localhost | domain to check for a successful DNS backend restart |
@ -196,7 +197,7 @@ Available commands:
| adb_mailsender | no-reply@adblock | sender address for adblock notification E-Mails |
| adb_mailtopic | adblock notification | topic for adblock notification E-Mails |
| adb_mailprofile | adb_notify | mail profile used in 'msmtp' for adblock notification E-Mails |
| adb_jail | 0 | set to 1 to enable the additional, restrictive 'adb_list.jail' creation |
| adb_jail | 0 | create the additional restrictive 'adb_list.jail' |
| adb_jaildir | /tmp | path for the generated jail list |
<a id="examples"></a>
@ -230,8 +231,8 @@ Adblock deposits the final blocklist 'adb_list.overall' in '/tmp/kresd', no furt
**Change the DNS backend to 'smartdns':**
No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/tmp/smartdns' by default.
**Use restrictive jail modes:**
You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, adblock enables the restrictive jail mode automatically (jail mode only).
**Use the jail mode, a restrictive DNS blocklist:**
You can enable a restrictive 'adb_list.jail' to block access to all domains except those listed in the allowlist file. Usually this list will be generated as an additional list for guest or kidsafe configurations (for a separate dns server instance). If the jail directory points to your primary dns directory, the jail blocklist replaces your default blocklist.
**Manually override the download options:**
By default adblock uses the following pre-configured download options:
@ -281,19 +282,19 @@ In LuCI you'll see the realtime status in the 'Runtime' section on the overview
To get the status in the CLI, just call _/etc/init.d/adblock status_ or _/etc/init.d/adblock status\_service_:
```
~#@blackhole:~# /etc/init.d/adblock status
~# /etc/init.d/adblock status
::: adblock runtime information
+ adblock_status : enabled
+ adblock_version : 4.4.0-r1
+ blocked_domains : 1 154 208
+ adblock_version : 4.4.1-r2
+ blocked_domains : 881 753
+ active_feeds : 1hosts, certpl, cpbl, doh_blocklist, hagezi, winspy
+ dns_backend : dnsmasq (-), /mnt/data/adblock/backup, 92.87 MB
+ dns_backend : dnsmasq (2.92_alpha5-r1), /mnt/data/adblock/backup, 73.12 MB
+ run_utils : download: /usr/bin/curl, sort: /usr/libexec/sort-coreutils, awk: /usr/bin/gawk
+ run_ifaces : trigger: trm_wwan, report: br-lan
+ run_directories : base: /mnt/data/adblock, backup: /mnt/data/adblock/backup, report: /mnt/data/adblock/report, jail: -
+ run_ifaces : trigger: trm_wwan , report: br-lan
+ run_directories : base: /mnt/data/adblock, backup: /mnt/data/adblock/backup, report: /mnt/data/adblock/report, jail: /tmp
+ run_flags : shift: ✔, force: ✔, flush: ✘, tld: ✔, search: ✘, report: ✔, mail: ✘, jail: ✘
+ last_run : mode: reload, 2025-04-10T20:34:17+02:00, duration: 0m 55s, 682.52 MB available
+ system_info : OpenWrt One, mediatek/filogic, OpenWrt 24.10-SNAPSHOT r28584-a51b1a98e0
+ last_run : mode: restart, 2025-05-03T11:43:03+02:00, duration: 0m 44s, 707.25 MB available
+ system_info : OpenWrt One, mediatek/filogic, OpenWrt 24.10-SNAPSHOT r28628-cc1b909a6b
```
**Change/add adblock feeds**

13
net/adblock/files/adblock.init
View File

@ -30,7 +30,7 @@ fi
boot() {
: >"${adb_pidfile}"
rc_procd start_service
rc_procd start_service boot
}
start_service() {
@ -39,7 +39,7 @@ start_service() {
[ -n "$(uci_get adblock global adb_trigger)" ] && return 0
fi
procd_open_instance "adblock"
procd_set_param command "${adb_script}" "${@}"
procd_set_param command "${adb_script}" "${@:-"${action}"}"
procd_set_param pidfile "${adb_pidfile}"
procd_set_param nice "$(uci_get adblock global adb_nice "0")"
procd_set_param stdout 0
@ -49,6 +49,7 @@ start_service() {
}
restart() {
stop_service "restart"
rc_procd start_service restart
}
@ -57,7 +58,7 @@ reload_service() {
}
stop_service() {
rc_procd "${adb_script}" stop
[ -z "${1}" ] && rc_procd "${adb_script}" stop
}
suspend() {
@ -104,9 +105,11 @@ status_service() {
service_triggers() {
local iface delay
iface="$(uci_get adblock global adb_trigger)"
delay="$(uci_get adblock global adb_triggerdelay "5")"
trigger="$(uci_get adblock global adb_trigger)"
PROCD_RELOAD_DELAY="$((delay * 1000))"
[ -n "${iface}" ] && procd_add_interface_trigger "interface.*.up" "${iface}" "${adb_init}" start
for iface in ${trigger}; do
procd_add_interface_trigger "interface.*.up" "${iface}" "${adb_init}" start
done
}

143
net/adblock/files/adblock.sh
View File

@ -31,7 +31,7 @@ adb_tmpbase="/tmp"
adb_finaldir=""
adb_backupdir="/tmp/adblock-backup"
adb_reportdir="/tmp/adblock-report"
adb_jaildir=""
adb_jaildir="/tmp"
adb_pidfile="/var/run/adblock.pid"
adb_allowlist="/etc/adblock/adblock.allowlist"
adb_blocklist="/etc/adblock/adblock.blocklist"
@ -50,7 +50,7 @@ adb_repchunkcnt="5"
adb_repchunksize="1"
adb_represolve="0"
adb_lookupdomain="localhost"
adb_action="${1:-"start"}"
adb_action="${1}"
adb_packages=""
adb_cnt=""
@ -202,35 +202,35 @@ f_char() {
# load dns backend config
#
f_dns() {
local util utils dns_section dns_info mem_free dir
local dns dns_list dns_section dns_info free_mem dir
mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
if [ "${adb_action}" = "start" ] && [ -z "${adb_trigger}" ]; then
sleep ${adb_triggerdelay}
free_mem="$("${adb_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
if [ "${adb_action}" = "boot" ] && [ -z "${adb_trigger}" ]; then
sleep ${adb_triggerdelay:-"5"}
fi
if [ -z "${adb_dns}" ]; then
utils="knot-resolver bind-server unbound-daemon smartdns dnsmasq-full dnsmasq-dhcpv6 dnsmasq"
for util in ${utils}; do
if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then
case "${util}" in
dns_list="knot-resolver bind-server unbound-daemon smartdns dnsmasq-full dnsmasq-dhcpv6 dnsmasq"
for dns in ${dns_list}; do
if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${dns}\"]" >/dev/null 2>&1; then
case "${dns}" in
"knot-resolver")
util="kresd"
dns="kresd"
;;
"bind-server")
util="named"
dns="named"
;;
"unbound-daemon")
util="unbound"
dns="unbound"
;;
"dnsmasq-full" | "dnsmasq-dhcpv6")
util="dnsmasq"
dns="dnsmasq"
;;
esac
if [ -x "$(command -v "${util}")" ]; then
adb_dns="${util}"
uci_set adblock global adb_dns "${util}"
if [ -x "$(command -v "${dns}")" ]; then
adb_dns="${dns}"
uci_set adblock global adb_dns "${dns}"
f_uci "adblock"
break
fi
@ -332,7 +332,7 @@ f_dns() {
for dir in "${adb_dnsdir:-"/tmp"}" "${adb_backupdir:-"/tmp"}" "${adb_jaildir:-"/tmp"}"; do
[ ! -d "${dir}" ] && mkdir -p "${dir}"
done
if [ "${adb_dnsflush}" = "1" ] || [ "${mem_free}" -lt "64" ]; then
if [ "${adb_dnsflush}" = "1" ] || [ "${free_mem}" -lt "64" ]; then
printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}"
f_dnsup
elif [ ! -f "${adb_finaldir}/${adb_dnsfile}" ]; then
@ -346,26 +346,26 @@ f_dns() {
# load fetch utility
#
f_fetch() {
local util utils insecure update="0"
local fetch fetch_list insecure update="0"
adb_fetchcmd="$(command -v "${adb_fetchcmd}")"
if [ ! -x "${adb_fetchcmd}" ]; then
utils="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
for util in ${utils}; do
if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then
case "${util}" in
fetch_list="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
for fetch in ${fetch_list}; do
if printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${fetch}\"]" >/dev/null 2>&1; then
case "${fetch}" in
"wget-ssl")
util="wget"
fetch="wget"
;;
"libustream-openssl" | "libustream-wolfssl" | "libustream-mbedtls")
util="uclient-fetch"
fetch="uclient-fetch"
;;
esac
if [ -x "$(command -v "${util}")" ]; then
if [ -x "$(command -v "${fetch}")" ]; then
update="1"
adb_fetchcmd="$(command -v "${util}")"
uci_set adblock global adb_fetchcmd "${util}"
adb_fetchcmd="$(command -v "${fetch}")"
uci_set adblock global adb_fetchcmd "${fetch}"
f_uci "adblock"
break
fi
@ -709,10 +709,9 @@ f_list() {
out_rc="${?}"
eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${src_name}" >"${adb_tmpdir}/tmp.add.${src_name}"
if [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then
rm -f "${adb_jaildir}/${adb_dnsjail}"
[ -n "${adb_dnsheader}" ] && printf "%b" "${adb_dnsheader}" >>"${adb_jaildir}/${adb_dnsjail}"
"${adb_catcmd}" "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_jaildir}/${adb_dnsjail}"
printf "%b\n" "${adb_dnsstop}" >>"${adb_jaildir}/${adb_dnsjail}"
printf "%b" "${adb_dnsheader}" >"${adb_tmpdir}/${adb_dnsjail}"
"${adb_catcmd}" "${adb_tmpdir}/tmp.add.${src_name}" >>"${adb_tmpdir}/${adb_dnsjail}"
printf "%b\n" "${adb_dnsstop}" >>"${adb_tmpdir}/${adb_dnsjail}"
fi
fi
;;
@ -793,7 +792,7 @@ f_list() {
out_rc="${?}"
if [ "${out_rc}" = "0" ] && [ -s "${src_tmpfile}" ]; then
f_list backup
elif [ "${adb_action}" != "start" ]; then
elif [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ]; then
f_log "info" "preparation of '${src_name}' failed, rc: ${src_rc}"
f_list restore
out_rc="${?}"
@ -801,7 +800,7 @@ f_list() {
fi
else
f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}"
if [ "${adb_action}" != "start" ]; then
if [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ]; then
f_list restore
out_rc="${?}"
fi
@ -830,7 +829,8 @@ f_list() {
else
out_rc=4
fi
if [ "${adb_action}" != "start" ] && [ "${adb_action}" != "restart" ] && [ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" != "0" ]; then
if [ "${adb_action}" != "boot" ] && [ "${adb_action}" != "start" ] && [ "${adb_action}" != "restart" ] &&
[ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" != "0" ]; then
adb_feed="${adb_feed/${src_name}}"
fi
;;
@ -1026,16 +1026,31 @@ f_query() {
# update runtime information
#
f_jsnup() {
local pids object feeds end_time runtime utils mem_dns mem_free status="${1:-"enabled"}"
local pids object feeds end_time runtime utils dns dns_ver dns_mem free_mem status="${1:-"enabled"}"
if [ -n "${adb_dnspid}" ]; then
pids="$("${adb_pgrepcmd}" -P "${adb_dnspid}" 2>/dev/null)"
for pid in ${adb_dnspid} ${pids}; do
mem_dns="$((mem_dns + $("${adb_awkcmd}" '/^VmSize/{printf "%s", $2}' "/proc/${pid}/status" 2>/dev/null)))"
dns_mem="$((dns_mem + $("${adb_awkcmd}" '/^VmSize/{printf "%s", $2}' "/proc/${pid}/status" 2>/dev/null)))"
done
mem_dns="$("${adb_awkcmd}" -v mem="${mem_dns}" 'BEGIN{printf "%.2f", mem/1024}' 2>/dev/null)"
case "${adb_dns}" in
"kresd")
dns="knot-resolver"
;;
"named")
dns="bind-server"
;;
"unbound")
dns="unbound-daemon"
;;
"dnsmasq")
dns="dnsmasq\", \"dnsmasq-full\", \"dnsmasq-dhcpv6"
;;
esac
dns_ver="$(printf "%s" "${adb_packages}" | "${adb_jsoncmd}" -ql1 -e "@.packages[\"${dns:-"${adb_dns}"}\"]")"
dns_mem="$("${adb_awkcmd}" -v mem="${dns_mem}" 'BEGIN{printf "%.2f", mem/1024}' 2>/dev/null)"
fi
mem_free="$("${adb_awkcmd}" '/^MemAvailable/{printf "%.2f", $2/1024}' "/proc/meminfo" 2>/dev/null)"
free_mem="$("${adb_awkcmd}" '/^MemAvailable/{printf "%.2f", $2/1024}' "/proc/meminfo" 2>/dev/null)"
adb_cnt="$("${adb_awkcmd}" -v cnt="${adb_cnt}" 'BEGIN{res="";pos=0;for(i=length(cnt);i>0;i--){res=substr(cnt,i,1)res;pos++;if(pos==3&&i>1){res=" "res;pos=0;}}; printf"%s",res}')"
case "${status}" in
@ -1044,10 +1059,7 @@ f_jsnup() {
end_time="$(date "+%s")"
duration="$(((end_time - adb_starttime) / 60))m $(((end_time - adb_starttime) % 60))s"
fi
runtime="mode: ${adb_action}, $(date -Iseconds), duration: ${duration:-"-"}, ${mem_free:-0} MB available"
;;
"error"|"stopped")
adb_cnt="0"
runtime="mode: ${adb_action}, $(date -Iseconds), duration: ${duration:-"-"}, ${free_mem:-0} MB available"
;;
"resume")
status="enabled"
@ -1056,6 +1068,9 @@ f_jsnup() {
adb_cnt="0"
status="paused"
;;
*)
adb_cnt="0"
;;
esac
json_init
@ -1083,10 +1098,10 @@ f_jsnup() {
json_add_string "${object}" "${object}"
done
json_close_array
json_add_string "dns_backend" "${adb_dns:-"-"} (${adb_dnscachecmd##*/}), ${adb_finaldir:-"-"}, ${mem_dns:-"0"} MB"
json_add_string "dns_backend" "${adb_dns:-"-"} (${dns_ver:-"-"}), ${adb_finaldir:-"-"}, ${dns_mem:-"0"} MB"
json_add_string "run_utils" "${utils:-"-"}"
json_add_string "run_ifaces" "trigger: ${adb_trigger:-"-"}, report: ${adb_repiface:-"-"}"
json_add_string "run_directories" "base: ${adb_tmpbase}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir:-"-"}"
json_add_string "run_directories" "base: ${adb_tmpbase}, dns: ${adb_dnsdir}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir:-"-"}"
json_add_string "run_flags" "shift: $(f_char ${adb_dnsshift}), force: $(f_char ${adb_dnsforce}), flush: $(f_char ${adb_dnsflush}), tld: $(f_char ${adb_tld}), search: $(f_char ${adb_safesearch}), report: $(f_char ${adb_report}), mail: $(f_char ${adb_mail}), jail: $(f_char ${adb_jail})"
json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system_info" "${adb_sysver}"
@ -1130,22 +1145,32 @@ f_main() {
done
wait
if [ "${adb_dns}" != "raw" ] && [ "${adb_jail}" = "1" ] && [ "${adb_jaildir}" = "${adb_dnsdir}" ]; then
printf "%b" "${adb_dnsheader}" >"${adb_finaldir}/${adb_dnsfile}"
chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null
if f_dnsup; then
if [ "${adb_action}" != "resume" ]; then
f_jsnup "enabled"
# jail mode preparation
#
if [ "${adb_jail}" = "1" ] && [ "${adb_dnsstop}" != "0" ]; then
if [ "${adb_jaildir}" = "${adb_dnsdir}" ]; then
"${adb_catcmd}" "${adb_tmpdir}/${adb_dnsjail}" >"${adb_finaldir}/${adb_dnsfile}"
chown "${adb_dnsuser}" "${adb_finaldir}/${adb_dnsfile}" 2>/dev/null
if [ "${adb_dnsshift}" = "1" ] && [ ! -L "${adb_dnsdir}/${adb_dnsfile}" ]; then
ln -fs "${adb_finaldir}/${adb_dnsfile}" "${adb_dnsdir}/${adb_dnsfile}"
elif [ "${adb_dnsshift}" = "0" ] && [ -s "${adb_backupdir}/${adb_dnsfile}" ]; then
rm -f "${adb_backupdir}/${adb_dnsfile}"
fi
f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})"
if f_dnsup; then
if [ "${adb_action}" != "resume" ]; then
f_jsnup "enabled"
fi
f_log "info" "restrictive jail mode enabled successfully (${adb_sysver})"
else
f_log "err" "dns backend restart in jail mode failed"
fi
f_rmtemp
return
else
f_log "err" "dns backend restart in jail mode failed"
"${adb_catcmd}" "${adb_tmpdir}/${adb_dnsjail}" >"${adb_jaildir}/${adb_dnsjail}"
chown "${adb_dnsuser}" "${adb_jaildir}/${adb_dnsjail}" 2>/dev/null
f_log "info" "additional restrictive jail blocklist placed in ${adb_jaildir}"
fi
f_rmtemp
return
elif [ -f "${adb_finaldir}/${adb_dnsjail}" ]; then
rm -f "${adb_finaldir}/${adb_dnsjail}"
f_dnsup
fi
# safe search preparation
@ -1510,7 +1535,7 @@ case "${adb_action}" in
"query")
f_query "${2}"
;;
"start" | "reload")
"boot" | "start" | "reload")
f_env
f_main
;;