Skip to content

Commit

Permalink
luci: optimize and improve
Browse files Browse the repository at this point in the history
* When using the ChinaDNS-NG and using TCP/UDP query DNS, only use ChinaDNS-NG, no other DNS forwarder is required.

* Optimization
  • Loading branch information
xiaorouji committed Apr 24, 2024
1 parent 7a74112 commit cf7003f
Show file tree
Hide file tree
Showing 7 changed files with 87 additions and 98 deletions.
21 changes: 5 additions & 16 deletions luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
Original file line number Diff line number Diff line change
Expand Up @@ -266,11 +266,8 @@ o.default = "0"

---- DNS Forward Mode
dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
dns_mode.rmempty = false
dns_mode:reset_values()
if api.is_finded("dns2tcp") then
dns_mode:value("dns2tcp", translatef("Requery DNS By %s", "TCP"))
end
dns_mode:value("tcp", translatef("Requery DNS By %s", "TCP"))
dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
if api.is_finded("dns2socks") then
dns_mode:value("dns2socks", "dns2socks")
end
Expand All @@ -280,9 +277,8 @@ end
if has_xray then
dns_mode:value("xray", "Xray")
end
dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))

o = s:taboption("DNS", ListValue, "xray_dns_mode", " ")
o = s:taboption("DNS", ListValue, "xray_dns_mode", translate("Request protocol"))
o:value("tcp", "TCP")
o:value("tcp+doh", "TCP + DoH (" .. translate("A/AAAA type") .. ")")
o:depends("dns_mode", "xray")
Expand All @@ -295,7 +291,7 @@ o.write = function(self, section, value)
end
end

o = s:taboption("DNS", ListValue, "singbox_dns_mode", " ")
o = s:taboption("DNS", ListValue, "singbox_dns_mode", translate("Request protocol"))
o:value("tcp", "TCP")
o:value("doh", "DoH")
o:depends("dns_mode", "sing-box")
Expand Down Expand Up @@ -331,7 +327,7 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "dns2tcp"})
o:depends({dns_mode = "tcp"})
o:depends({dns_mode = "udp"})
o:depends({xray_dns_mode = "tcp"})
o:depends({xray_dns_mode = "tcp+doh"})
Expand Down Expand Up @@ -375,13 +371,6 @@ o.validate = function(self, value, t)
return value
end

o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
o.default = "1"
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "sing-box", remote_fakedns = false})
o:depends({dns_mode = "xray"})
o.rmempty = false

if api.is_finded("chinadns-ng") then
o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend."))
o.default = "0"
Expand Down
6 changes: 3 additions & 3 deletions luci-app-passwall/po/zh-cn/passwall.po
Original file line number Diff line number Diff line change
Expand Up @@ -145,12 +145,12 @@ msgstr "请确保此Socks服务可用。"
msgid "Format must be:"
msgstr "格式必须为:"

msgid "Request protocol"
msgstr "请求协议"

msgid "Remote DNS DoH"
msgstr "远程 DNS DoH"

msgid "Cache Resolved"
msgstr "缓存解析结果"

msgid "Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address)."
msgstr "用于 DNS 查询时通知 DNS 服务器,客户端所在的地理位置(不能是私有 IP 地址)。"

Expand Down
2 changes: 1 addition & 1 deletion luci-app-passwall/root/usr/share/passwall/0_default_config
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ config global
option udp_node 'nil'
option tcp_node_socks_port '1070'
option filter_proxy_ipv6 '1'
option dns_mode 'dns2tcp'
option dns_mode 'tcp'
option remote_dns '1.1.1.1'
option use_default_dns 'direct'
option chinadns_ng '1'
Expand Down
59 changes: 31 additions & 28 deletions luci-app-passwall/root/usr/share/passwall/app.sh
Original file line number Diff line number Diff line change
Expand Up @@ -493,9 +493,9 @@ run_chinadns_ng() {
cat <<-EOF > ${_CONF_FILE}
verbose
bind-addr 127.0.0.1
bind-port ${_listen_port}@udp
bind-port ${_listen_port}
china-dns ${_dns_local}
trust-dns udp://${_dns_trust}
trust-dns ${_dns_trust}
filter-qtype 65
EOF

Expand Down Expand Up @@ -524,7 +524,7 @@ run_chinadns_ng() {
cat <<-EOF >> ${_CONF_FILE}
group proxylist
group-dnl ${RULES_PATH}/proxy_host
group-upstream udp://${_dns_trust}
group-upstream ${_dns_trust}
group-ipset ${blacklist4_set},${blacklist6_set}
EOF
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE}
Expand Down Expand Up @@ -567,7 +567,7 @@ run_chinadns_ng() {
cat <<-EOF >> ${_CONF_FILE}
group chn_proxy
group-dnl ${RULES_PATH}/chnlist
group-upstream udp://${_dns_trust}
group-upstream ${_dns_trust}
group-ipset ${chnroute4_set},${chnroute6_set}
EOF
[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE}
Expand Down Expand Up @@ -1219,17 +1219,9 @@ stop_crontab() {
}

start_dns() {
TUN_DNS="127.0.0.1#${dns_listen_port}"

echolog "DNS域名解析:"
[ "$ENABLED_ACLS" == 1 ] && {
local items=$(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1)
[ -n "$items" ] && {
for item in $items; do
[ "$(config_n_get $item enabled)" = "1" ] || continue
done
}
}

TUN_DNS="127.0.0.1#${dns_listen_port}"

case "$DNS_MODE" in
dns2socks)
Expand Down Expand Up @@ -1303,33 +1295,44 @@ start_dns() {
run_xray ${_args}
}
;;
dns2tcp)
use_tcp_node_resolve_dns=1
ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${TUN_DNS}" -R "$(get_first_dns REMOTE_DNS 53)" -v
echolog " - dns2tcp(${TUN_DNS}) -> tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')"
;;
udp)
use_udp_node_resolve_dns=1
TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
echolog " - udp://${TUN_DNS}"
if [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ]; then
local china_ng_listen_port=${dns_listen_port}
local china_ng_trust_dns="udp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
else
TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
echolog " - udp://${TUN_DNS}"
fi
;;
*)
use_tcp_node_resolve_dns=1
if [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ]; then
local china_ng_listen_port=${dns_listen_port}
local china_ng_trust_dns="tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
else
ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${TUN_DNS}" -R "$(get_first_dns REMOTE_DNS 53)" -v
echolog " - dns2tcp(${TUN_DNS}) -> tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')"
fi
;;
esac

[ -n "${resolve_dns_log}" ] && echolog " - ${resolve_dns_log}"

[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 要求代理 DNS 请求,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 UDP 查询并已使用 UDP 节点,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"

[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && {
[ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0
local china_ng_listen_port=$(expr $dns_listen_port + 1)
[ -z "${china_ng_listen_port}" ] && local china_ng_listen_port=$(expr $dns_listen_port + 1)
local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
[ -z "${china_ng_trust_dns}" ] && local china_ng_trust_dns=${TUN_DNS}

run_chinadns_ng \
_flag="default" \
_listen_port=${china_ng_listen_port} \
_dns_local=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
_dns_trust=${TUN_DNS} \
_dns_trust=${china_ng_trust_dns} \
_no_ipv6_trust=${FILTER_PROXY_IPV6} \
_use_direct_list=${USE_DIRECT_LIST} \
_use_proxy_list=${USE_PROXY_LIST} \
Expand All @@ -1338,7 +1341,7 @@ start_dns() {
_default_mode=${TCP_PROXY_MODE} \
_default_tag=$(config_t_get global chinadns_ng_default_tag smart)

echolog " - ChinaDNS-NG(127.0.0.1#${china_ng_listen_port}):直连DNS:$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ","),可信DNS:${TUN_DNS}"
echolog " - ChinaDNS-NG(${china_ng_listen}):直连DNS:$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ","),可信DNS:${china_ng_trust_dns}"

USE_DEFAULT_DNS="chinadns_ng"
}
Expand Down Expand Up @@ -1763,8 +1766,8 @@ LOCALHOST_PROXY=$(config_t_get global localhost_proxy 1)
LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
}
CLIENT_PROXY=$(config_t_get global client_proxy 1)
DNS_MODE=$(config_t_get global dns_mode dns2tcp)
DNS_CACHE=$(config_t_get global dns_cache 0)
DNS_MODE=$(config_t_get global dns_mode tcp)
DNS_CACHE=0
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
CHINADNS_NG=$(config_t_get global chinadns_ng 0)
USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
Expand Down
8 changes: 4 additions & 4 deletions luci-app-passwall/root/usr/share/passwall/haproxy.lua
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,10 @@ local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")

log("HAPROXY 负载均衡...")
log("HAPROXY 负载均衡:")
log(string.format(" * 控制台端口:%s", console_port))
fs.mkdir(haproxy_path)
local haproxy_file = haproxy_path .. "/" .. haproxy_conf

Expand Down Expand Up @@ -159,7 +161,7 @@ end
table.sort(sortTable, function(a,b) return (a < b) end)

for i, port in pairs(sortTable) do
log(" + 入口 0.0.0.0:%s..." % port)
log(" + 入口 0.0.0.0:%s" % port)

f_out:write("\n" .. string.format([[
listen %s
Expand Down Expand Up @@ -201,7 +203,6 @@ listen %s
end

--控制台配置
local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
local str = [[
Expand All @@ -214,6 +215,5 @@ listen console
%s
]]
f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
log(string.format(" * 控制台端口:%s", console_port))

f_out:close()
Loading

0 comments on commit cf7003f

Please sign in to comment.