OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 04-13 20:35

This commit is contained in:
github-actions[bot] 2022-04-13 20:35:44 +08:00
parent cceca1dd69
commit 83b7bbe8ba
8 changed files with 230 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-passwall2/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2 PKG_NAME:=luci-app-passwall2
PKG_VERSION:=1.3 PKG_VERSION:=1.3
PKG_RELEASE:=4 PKG_RELEASE:=5
PKG_CONFIG_DEPENDS:= \ PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \ CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \

279
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_v2ray.lua
View File

@ -26,6 +26,8 @@ local direct_dns_doh_url = var["-direct_dns_doh_url"]
local direct_dns_doh_host = var["-direct_dns_doh_host"] local direct_dns_doh_host = var["-direct_dns_doh_host"]
local remote_dns_server = var["-remote_dns_server"] local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"] local remote_dns_port = var["-remote_dns_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_udp_local = var["-remote_dns_udp_local"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"] local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_doh_url = var["-remote_dns_doh_url"] local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"] local remote_dns_doh_host = var["-remote_dns_doh_host"]
@ -483,6 +485,7 @@ if true then
end) end)
end end
local rule = { local rule = {
_flag = e.remarks,
type = "field", type = "field",
outboundTag = outboundTag, outboundTag = outboundTag,
network = e["network"] or "tcp,udp", network = e["network"] or "tcp,udp",
@ -493,11 +496,13 @@ if true then
} }
if domains then if domains then
local _rule = api.clone(rule) local _rule = api.clone(rule)
_rule["_flag"] = _rule["_flag"] .. "_domains"
_rule.domains = domains _rule.domains = domains
table.insert(rules, _rule) table.insert(rules, _rule)
end end
if ip then if ip then
local _rule = api.clone(rule) local _rule = api.clone(rule)
_rule["_flag"] = _rule["_flag"] .. "_ip"
_rule.ip = ip _rule.ip = ip
table.insert(rules, _rule) table.insert(rules, _rule)
end end
@ -510,6 +515,7 @@ if true then
if default_outboundTag then if default_outboundTag then
table.insert(rules, { table.insert(rules, {
_flag = "defalut",
type = "field", type = "field",
outboundTag = default_outboundTag, outboundTag = default_outboundTag,
network = "tcp,udp" network = "tcp,udp"
@ -547,105 +553,153 @@ if true then
domainMatcher = "hybrid", domainMatcher = "hybrid",
rules = {} rules = {}
} }
table.insert(routing.rules, {
_flag = "defalut",
type = "field",
outboundTag = node_id,
network = "tcp,udp"
})
end end
end end
end end
if remote_dns_server or remote_dns_fake then if remote_dns_server or remote_dns_doh_url or remote_dns_fake then
local rules = {} local rules = {}
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
end
dns = { dns = {
tag = "dns-in1", tag = "dns-in1",
hosts = {}, hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false, disableCache = (dns_cache and dns_cache == "0") and true or false,
disableFallback = true, disableFallback = true,
disableFallbackIfMatch = true, disableFallbackIfMatch = true,
servers = { servers = {},
--remote_dns_server
},
clientIp = (remote_dns_client_ip and remote_dns_client_ip ~= "") and remote_dns_client_ip or nil, clientIp = (remote_dns_client_ip and remote_dns_client_ip ~= "") and remote_dns_client_ip or nil,
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or nil queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
} }
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then local dns_host = ""
table.insert(dns.hosts, { if flag == "global" then
[remote_dns_doh_host] = remote_dns_server dns_host = uci:get(appname, "@global[0]", "dns_hosts") or ""
}) else
flag = flag:gsub("acl_", "")
local dns_hosts_mode = uci:get(appname, flag, "dns_hosts_mode") or "default"
if dns_hosts_mode == "default" then
dns_host = uci:get(appname, "@global[0]", "dns_hosts") or ""
elseif dns_hosts_mode == "disable" then
dns_host = ""
elseif dns_hosts_mode == "custom" then
dns_host = uci:get(appname, flag, "dns_hosts") or ""
end end
table.insert(dns.servers, { end
tag = "remote", if #dns_host > 0 then
address = remote_dns_doh_url, string.gsub(dns_host, '[^' .. "\r\n" .. ']+', function(w)
port = tonumber(remote_dns_port) or 443, local host = sys.exec(string.format("echo -n $(echo %s | awk -F ' ' '{print $1}')", w))
domains = #dns_remote_domains > 0 and dns_remote_domains or nil, local key = sys.exec(string.format("echo -n $(echo %s | awk -F ' ' '{print $2}')", w))
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil if host ~= "" and key ~= "" then
}) dns.hosts[host] = key
end
end)
end end
if remote_dns_tcp_server then if true then
table.insert(dns.servers, { local _remote_dns = {
tag = "remote", _flag = "remote",
address = remote_dns_tcp_server,
port = tonumber(remote_dns_port) or 53,
domains = #dns_remote_domains > 0 and dns_remote_domains or nil,
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
})
end
if remote_dns_fake then
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
remote_dns_server = "1.1.1.1"
table.insert(dns.servers, {
tag = "remote",
address = "fakedns",
domains = #dns_remote_domains > 0 and dns_remote_domains or nil domains = #dns_remote_domains > 0 and dns_remote_domains or nil
}) --expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
}
if remote_dns_udp_server then
_remote_dns.address = remote_dns_udp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
if remote_dns_udp_local == "1" then
table.insert(routing.rules, 1, {
type = "field",
ip = {
remote_dns_udp_server
},
outboundTag = "direct"
})
end
end
if remote_dns_tcp_server then
_remote_dns.address = remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
end
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_server
end
_remote_dns.address = remote_dns_doh_url
_remote_dns.port = tonumber(remote_dns_port) or 443
end
if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
table.insert(dns.servers, _remote_dns)
end end
local nodes_domain = {} if true then
local nodes_domain_text = sys.exec('uci show passwall2 | grep ".address=" | cut -d "\'" -f 2 | grep "[a-zA-Z]$" | sort -u') local nodes_domain_text = sys.exec('uci show passwall2 | grep ".address=" | cut -d "\'" -f 2 | grep "[a-zA-Z]$" | sort -u')
string.gsub(nodes_domain_text, '[^' .. "\r\n" .. ']+', function(w) string.gsub(nodes_domain_text, '[^' .. "\r\n" .. ']+', function(w)
table.insert(nodes_domain, w) table.insert(dns_direct_domains, "full:" .. w)
table.insert(dns_direct_domains, w) end)
end)
if direct_dns_udp_server then local _direct_dns = {
table.insert(dns.servers, { _flag = "direct",
tag = "direct", domains = #dns_direct_domains > 0 and dns_direct_domains or nil
address = direct_dns_udp_server,
port = tonumber(direct_dns_port) or 53,
domains = #dns_direct_domains > 0 and dns_direct_domains or nil,
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil --expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil
}) }
end
if direct_dns_tcp_server then if direct_dns_udp_server then
table.insert(dns.servers, { _direct_dns.address = direct_dns_udp_server
tag = "direct", _direct_dns.port = tonumber(direct_dns_port) or 53
address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://"), table.insert(routing.rules, 1, {
port = tonumber(direct_dns_port) or 53, type = "field",
domains = #dns_direct_domains > 0 and dns_direct_domains or nil, ip = {
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil direct_dns_udp_server
}) },
end outboundTag = "direct"
if direct_dns_doh_url and direct_dns_doh_host then
if direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
table.insert(dns.hosts, {
[direct_dns_doh_host] = direct_dns_server
}) })
end end
table.insert(dns.servers, {
tag = "direct", if direct_dns_tcp_server then
address = direct_dns_doh_url:gsub("https://", "https+local://"), _direct_dns.address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://")
port = tonumber(direct_dns_port) or 443, _direct_dns.port = tonumber(direct_dns_port) or 53
domains = #dns_direct_domains > 0 and dns_direct_domains or nil, end
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil
}) if direct_dns_doh_url and direct_dns_doh_host then
if direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = direct_dns_server
end
_direct_dns.address = direct_dns_doh_url:gsub("https://", "https+local://")
_direct_dns.port = tonumber(direct_dns_port) or 443
end
table.insert(dns.servers, _direct_dns)
end end
if dns_listen_port then if dns_listen_port then
@ -655,20 +709,29 @@ if remote_dns_server or remote_dns_fake then
protocol = "dokodemo-door", protocol = "dokodemo-door",
tag = "dns-in", tag = "dns-in",
settings = { settings = {
address = remote_dns_server, address = remote_dns_server or "1.1.1.1",
port = 53, port = 53,
network = "tcp,udp" network = "tcp,udp"
} }
}) })
end
table.insert(rules, { table.insert(outbounds, {
type = "field", tag = "dns-out",
inboundTag = { protocol = "dns",
"dns-in" settings = {
}, address = remote_dns_server or "1.1.1.1",
outboundTag = "dns-out" network = "tcp"
}) }
})
table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
end
local default_dns_flag = "remote" local default_dns_flag = "remote"
if node_id and redir_port then if node_id and redir_port then
@ -691,32 +754,16 @@ if remote_dns_server or remote_dns_fake then
end end
end end
if nodes_domain and #nodes_domain > 0 then
table.insert(rules, {
type = "field",
domains = nodes_domain,
outboundTag = "direct"
})
end
if direct_dns_udp_server then
table.insert(rules, {
type = "field",
ip = {
direct_dns_udp_server
},
outboundTag = "direct"
})
end
if dns.servers and #dns.servers > 0 then if dns.servers and #dns.servers > 0 then
local dns_servers = nil local dns_servers = nil
for index, value in ipairs(dns.servers) do for index, value in ipairs(dns.servers) do
if not dns_servers and value.tag == default_dns_flag then if not dns_servers and value["_flag"] == default_dns_flag then
dns_servers = { dns_servers = {
_flag = "default",
address = value.address, address = value.address,
port = value.port port = value.port
} }
break
end end
end end
if dns_servers then if dns_servers then
@ -724,18 +771,24 @@ if remote_dns_server or remote_dns_fake then
end end
end end
if not routing then local default_rule_index = #routing.rules > 0 and #routing.rules or 1
routing = { for index, value in ipairs(routing.rules) do
domainStrategy = "IPOnDemand", if value["_flag"] == "default" then
rules = rules default_rule_index = index
} break
else
for index, value in ipairs(rules) do
table.insert(routing.rules, 1, value)
end end
end end
for index, value in ipairs(rules) do
local t = rules[#rules + 1 - index]
table.insert(routing.rules, default_rule_index, t)
end
if #dns.hosts == 0 then local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil dns.hosts = nil
end end
end end
@ -778,15 +831,11 @@ if inbounds or outbounds then
} }
]]-- ]]--
} }
table.insert(outbounds, {
protocol = "dns",
tag = "dns-out"
})
table.insert(outbounds, { table.insert(outbounds, {
protocol = "freedom", protocol = "freedom",
tag = "direct", tag = "direct",
settings = { settings = {
domainStrategy = "UseIPv4" domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}, },
streamSettings = { streamSettings = {
sockopt = { sockopt = {

21
luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua
View File

@ -233,4 +233,25 @@ o.datatype = "ipaddr"
o:depends("remote_dns_protocol", "tcp") o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh") o:depends("remote_dns_protocol", "doh")
o = s:option(ListValue, "dns_query_strategy", translate("Query Strategy"))
o.default = "UseIPv4"
o:value("UseIP")
o:value("UseIPv4")
--o:value("UseIPv6")
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh")
o = s:option(ListValue, "dns_hosts_mode", translate("Domain Override"))
o.default = "default"
o:value("default", translate("Default"))
o:value("disable", translate("Disable"))
o:value("custom", translate("Custom"))
o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh")
hosts = s:option(TextValue, "dns_hosts", translate("Domain Override"))
hosts.rows = 5
hosts.wrap = "off"
hosts:depends("dns_hosts_mode", "custom")
return m return m

14
luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua
View File

@ -175,6 +175,8 @@ o:depends("direct_dns_protocol", "doh")
o = s:taboption("DNS", ListValue, "remote_dns_protocol", translate("Remote DNS Protocol")) o = s:taboption("DNS", ListValue, "remote_dns_protocol", translate("Remote DNS Protocol"))
o:value("tcp", "TCP") o:value("tcp", "TCP")
o:value("doh", "DoH") o:value("doh", "DoH")
o:value("udp", "UDP")
o:value("udp+local", "UDP+Local")
o:value("fakedns", "FakeDNS") o:value("fakedns", "FakeDNS")
---- DNS Forward ---- DNS Forward
@ -189,6 +191,8 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS)") o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)") o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends("remote_dns_protocol", "tcp") o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "udp")
o:depends("remote_dns_protocol", "udp+local")
---- DoH ---- DoH
o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH")) o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
@ -212,6 +216,16 @@ o.datatype = "ipaddr"
o:depends("remote_dns_protocol", "tcp") o:depends("remote_dns_protocol", "tcp")
o:depends("remote_dns_protocol", "doh") o:depends("remote_dns_protocol", "doh")
o = s:taboption("DNS", ListValue, "dns_query_strategy", translate("Query Strategy"))
o.default = "UseIPv4"
o:value("UseIP")
o:value("UseIPv4")
--o:value("UseIPv6")
hosts = s:taboption("DNS", TextValue, "dns_hosts", translate("Domain Override"))
hosts.rows = 5
hosts.wrap = "off"
s:tab("log", translate("Log")) s:tab("log", translate("Log"))
o = s:taboption("log", Flag, "close_log", translate("Close Node Log")) o = s:taboption("log", Flag, "close_log", translate("Close Node Log"))
o.rmempty = false o.rmempty = false

6
luci-app-passwall2/po/zh-cn/passwall2.po
View File

@ -124,6 +124,12 @@ msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位
msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)." msgid "This feature requires the DNS server to support the Edns Client Subnet (RFC7871)."
msgstr "此功能需要 DNS 服务器支持 EDNS Client SubnetRFC7871。" msgstr "此功能需要 DNS 服务器支持 EDNS Client SubnetRFC7871。"
msgid "Query Strategy"
msgstr "查询策略"
msgid "Domain Override"
msgstr "域名重写"
msgid "About DNS issues:" msgid "About DNS issues:"
msgstr "关于DNS问题" msgstr "关于DNS问题"

3
luci-app-passwall2/root/usr/share/passwall2/0_default_config
View File

@ -6,6 +6,9 @@ config global
option direct_dns_protocol 'auto' option direct_dns_protocol 'auto'
option remote_dns_protocol 'tcp' option remote_dns_protocol 'tcp'
option remote_dns '1.1.1.1' option remote_dns '1.1.1.1'
option dns_query_strategy 'UseIPv4'
option dns_hosts 'cloudflare-dns.com 1.1.1.1
dns.google.com 8.8.8.8'
option close_log '0' option close_log '0'
option loglevel 'error' option loglevel 'error'

22
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -265,7 +265,7 @@ lua_api() {
run_v2ray() { run_v2ray() {
local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_protocol direct_dns_udp_server direct_dns_tcp_server direct_dns_doh remote_dns_protocol remote_dns_tcp_server remote_dns_doh remote_dns_client_ip dns_query_strategy dns_cache local dns_listen_port direct_dns_protocol direct_dns_udp_server direct_dns_tcp_server direct_dns_doh remote_dns_protocol remote_dns_udp_server remote_dns_udp_local remote_dns_tcp_server remote_dns_doh remote_dns_client_ip dns_query_strategy dns_cache
local loglevel log_file config_file local loglevel log_file config_file
local _extra_param="" local _extra_param=""
eval_set_val $@ eval_set_val $@
@ -327,10 +327,18 @@ run_v2ray() {
[ -z "${_doh_port}" ] && _doh_port=443 [ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $direct_dns_doh | cut -d ',' -sf 2-) local _doh_bootstrap=$(echo $direct_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host} [ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
_extra_param="${_extra_param} -direct_dns_server ${_doh_bootstrap} -direct_dns_port ${_doh_port} -direct_dns_doh_url ${_doh_url} -direct_dns_doh_host ${_doh_host}" [ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -direct_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -direct_dns_port ${_doh_port} -direct_dns_doh_url ${_doh_url} -direct_dns_doh_host ${_doh_host}"
;; ;;
esac esac
case "$remote_dns_protocol" in case "$remote_dns_protocol" in
udp*)
local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
_extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
[ "$remote_dns_protocol" = "udp+local" ] && _extra_param="${_extra_param} -remote_dns_udp_local 1"
;;
tcp) tcp)
local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g') local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}') local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
@ -347,7 +355,8 @@ run_v2ray() {
[ -z "${_doh_port}" ] && _doh_port=443 [ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-) local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host} [ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
_extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}" [ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;; ;;
fakedns) fakedns)
_extra_param="${_extra_param} -remote_dns_fake 1" _extra_param="${_extra_param} -remote_dns_fake 1"
@ -559,6 +568,10 @@ run_global() {
[ -n "$REMOTE_DNS_PROTOCOL" ] && { [ -n "$REMOTE_DNS_PROTOCOL" ] && {
V2RAY_ARGS="${V2RAY_ARGS} remote_dns_protocol=${REMOTE_DNS_PROTOCOL}" V2RAY_ARGS="${V2RAY_ARGS} remote_dns_protocol=${REMOTE_DNS_PROTOCOL}"
case "$REMOTE_DNS_PROTOCOL" in case "$REMOTE_DNS_PROTOCOL" in
udp*)
V2RAY_ARGS="${V2RAY_ARGS} remote_dns_udp_server=${REMOTE_DNS}"
msg="${msg} 远程DNS${REMOTE_DNS}"
;;
tcp) tcp)
V2RAY_ARGS="${V2RAY_ARGS} remote_dns_tcp_server=${REMOTE_DNS}" V2RAY_ARGS="${V2RAY_ARGS} remote_dns_tcp_server=${REMOTE_DNS}"
msg="${msg} 远程DNS${REMOTE_DNS}" msg="${msg} 远程DNS${REMOTE_DNS}"
@ -783,14 +796,13 @@ DIRECT_DNS_PROTOCOL=$(config_t_get global direct_dns_protocol tcp)
DIRECT_DNS=$(config_t_get global direct_dns 119.29.29.29:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g') DIRECT_DNS=$(config_t_get global direct_dns 119.29.29.29:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp) REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g') REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_QUERY_STRATEGY=$(config_t_get global dns_query_strategy UseIPv4)
DNS_CACHE=$(config_t_get global dns_cache 1) DNS_CACHE=$(config_t_get global dns_cache 1)
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label') DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v -E "0.0.0.0|127.0.0.1|::" | head -2) | tr ' ' ',') [ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v -E "0.0.0.0|127.0.0.1|::" | head -2) | tr ' ' ',')
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0) PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
DNS_QUERY_STRATEGY="UseIPv4"
[ "$PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIP"
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/") export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET

7
luci-app-passwall2/root/usr/share/passwall2/iptables.sh
View File

@ -176,7 +176,7 @@ load_acl() {
dnsmasq_port=11400 dnsmasq_port=11400
echolog "访问控制:" echolog "访问控制:"
for item in $items; do for item in $items; do
local enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip local enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip dns_query_strategy
local _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file local _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -205,6 +205,7 @@ load_acl() {
tcp_proxy_mode="global" tcp_proxy_mode="global"
udp_proxy_mode="global" udp_proxy_mode="global"
node=${node:-default} node=${node:-default}
dns_query_strategy=${dns_query_strategy:-UseIPv4}
direct_dns_protocol=${direct_dns_protocol:-auto} direct_dns_protocol=${direct_dns_protocol:-auto}
direct_dns=${direct_dns:-119.29.29.29} direct_dns=${direct_dns:-119.29.29.29}
[ "$direct_dns_protocol" = "doh" ] && direct_dns=${direct_dns_doh:-https://223.5.5.5/dns-query} [ "$direct_dns_protocol" = "doh" ] && direct_dns=${direct_dns_doh:-https://223.5.5.5/dns-query}
@ -231,7 +232,7 @@ load_acl() {
if [ -n "${type}" ] && ([ "${type}" = "v2ray" ] || [ "${type}" = "xray" ]); then if [ -n "${type}" ] && ([ "${type}" = "v2ray" ] || [ "${type}" = "xray" ]); then
config_file=$TMP_ACL_PATH/${node}_TCP_UDP_DNS_${redir_port}.json config_file=$TMP_ACL_PATH/${node}_TCP_UDP_DNS_${redir_port}.json
dns_port=$(get_new_port $(expr $dns_port + 1)) dns_port=$(get_new_port $(expr $dns_port + 1))
run_v2ray flag=acl_$sid node=$node redir_port=$redir_port dns_listen_port=${dns_port} direct_dns_protocol=${direct_dns_protocol} direct_dns_udp_server=${direct_dns} direct_dns_tcp_server=${direct_dns} direct_dns_doh="${direct_dns}" remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=${config_file} run_v2ray flag=acl_$sid node=$node redir_port=$redir_port dns_listen_port=${dns_port} direct_dns_protocol=${direct_dns_protocol} direct_dns_udp_server=${direct_dns} direct_dns_tcp_server=${direct_dns} direct_dns_doh="${direct_dns}" remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} dns_query_strategy=${dns_query_strategy} config_file=${config_file}
fi fi
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1)) dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
redirect_dns_port=$dnsmasq_port redirect_dns_port=$dnsmasq_port
@ -340,7 +341,7 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN $ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null $ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
done done
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports node direct_dns_protocol direct_dns direct_dns_doh remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip dns_query_strategy
unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file
unset ipt_tmp msg msg2 unset ipt_tmp msg msg2
unset redirect_dns_port unset redirect_dns_port