From 3c1865c8a33ddbb6913919ecbb8047273d51aa27 Mon Sep 17 00:00:00 2001 From: itdoginfo Date: Sun, 16 Feb 2025 14:18:19 +0300 Subject: [PATCH] Expanding checkes. DNS 127.0.0.42. QUIC disable. Some fixes --- luci-app-podkop/Makefile | 2 +- .../resources/view/podkop/podkop.js | 7 +- podkop/Makefile | 2 +- podkop/files/etc/config/podkop | 1 + podkop/files/etc/init.d/podkop | 102 ++++++++++++++---- 5 files changed, 88 insertions(+), 26 deletions(-) diff --git a/luci-app-podkop/Makefile b/luci-app-podkop/Makefile index 1de947b..21f3ab2 100644 --- a/luci-app-podkop/Makefile +++ b/luci-app-podkop/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-podkop -PKG_VERSION:=0.3.4 +PKG_VERSION:=0.3.5 PKG_RELEASE:=1 LUCI_TITLE:=LuCI podkop app diff --git a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js index 541dd43..4abf53a 100644 --- a/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js +++ b/luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js @@ -404,13 +404,16 @@ return view.extend({ o = s.taboption('additional', form.Flag, 'yacd', _('Yacd enable'), _('http://openwrt.lan:9090/ui')); o.default = '0'; - o.depends('mode', 'proxy'); o.rmempty = false; o.ucisection = 'main'; o = s.taboption('additional', form.Flag, 'exclude_ntp', _('Exclude NTP'), _('For issues with open connections sing-box')); o.default = '0'; - o.depends('mode', 'proxy'); + o.rmempty = false; + o.ucisection = 'main'; + + o = s.taboption('additional', form.Flag, 'quic_disable', _('QUIC disable'), _('For issues with the video stream')); + o.default = '0'; o.rmempty = false; o.ucisection = 'main'; diff --git a/podkop/Makefile b/podkop/Makefile index 309436b..41cb151 100644 --- a/podkop/Makefile +++ b/podkop/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=podkop -PKG_VERSION:=0.3.4 +PKG_VERSION:=0.3.5 PKG_RELEASE:=1 PKG_MAINTAINER:=ITDog diff --git a/podkop/files/etc/config/podkop b/podkop/files/etc/config/podkop index 0976aa8..af71581 100644 --- a/podkop/files/etc/config/podkop +++ b/podkop/files/etc/config/podkop @@ -28,5 +28,6 @@ config main 'main' option yacd '0' option socks5 '0' option exclude_ntp '0' + option quic_disable '0' option update_interval '1d' option custom_domains_text \ No newline at end of file diff --git a/podkop/files/etc/init.d/podkop b/podkop/files/etc/init.d/podkop index ae332f5..32f7142 100755 --- a/podkop/files/etc/init.d/podkop +++ b/podkop/files/etc/init.d/podkop @@ -43,10 +43,22 @@ start_service() { required_version="1.11.1" if [ "$(echo -e "$sing_box_version\n$required_version" | sort -V | head -n 1)" != "$required_version" ]; then - echo "The version of sing-box ($sing_box_version) is lower than the minimum version. Update sing-box: opkg update && opkg install sing-box" + echo "The version of sing-box ($sing_box_version) is lower than the minimum version. Update sing-box: opkg update && opkg remove sing-box && opkg install sing-box" exit 1 fi + if opkg list-installed | grep -qE "iptables|kmod-ipt"; then + echo "Found incompatible iptables packages. If you're using FriendlyWrt: https://t.me/itdogchat/44512/181082" + exit 1 + fi + + if ! ip addr | grep -q "br-lan"; then + log "Interface br-lan not found" + exit 1 + fi + + migration + procd_open_instance procd_set_param command /bin/sh -c "/etc/init.d/podkop main &" procd_set_param stdout 1 @@ -119,18 +131,12 @@ nolog() { } main() { - migration - sleep 5 config_foreach wget_github mkdir -p /tmp/podkop - - if ! ip addr | grep -q "br-lan"; then - log "Interface br-lan not found" - fi - + # base route_table_rule_mark create_nft_table @@ -178,6 +184,12 @@ main() { nft insert rule inet PodkopTable mangle udp dport 123 return fi + config_get_bool quic_disable "main" "quic_disable" "0" + if [ "$quic_disable" -eq 1 ]; then + log "Rule for disable QUIC" + sing_box_quic_reject + fi + sing_box_config_check /etc/init.d/sing-box restart /etc/init.d/sing-box enable @@ -193,15 +205,40 @@ main() { # Migrations funcs migration() { # list migrate - grep -q "list domain_list 'ru_inside'" /etc/config/podkop && sed -i "s/list domain_list 'ru_inside'/list domain_list 'russia_inside'/" /etc/config/podkop - grep -q "list domain_list 'ru_outside'" /etc/config/podkop && sed -i "s/list domain_list 'ru_outside'/list domain_list 'russia_outside'/" /etc/config/podkop - grep -q "list domain_list 'ua'" /etc/config/podkop && sed -i "s/list domain_list 'ua'/list domain_list 'ukraine_inside'/" /etc/config/podkop + local CONFIG="/etc/config/podkop" + + if grep -q "list domain_list 'ru_inside'" $CONFIG; then + log "Depricated list found: ru_inside" + sed -i "s/list domain_list 'ru_inside'/list domain_list 'russia_inside'/" $CONFIG + fi + + if grep -q "list domain_list 'ru_outside'" $CONFIG; then + log "Depricated list found: ru_outside" + sed -i "s/list domain_list 'ru_outside'/list domain_list 'russia_outside'/" $CONFIG + fi + + if grep -q "list domain_list 'ua'" $CONFIG; then + log "Depricated list found: ua" + sed -i "s/list domain_list 'ua'/list domain_list 'ukraine_inside'/" $CONFIG + fi # second remove - grep -q "config second 'second'" /etc/config/podkop && sed -i '/second/d' /etc/config/podkop + if grep -q "config second 'second'" $CONFIG; then + log "Depricated second section found" + sed -i '/second/d' $CONFIG + fi # cron update - grep -qE "^\s*option update_interval '[0-9*/,-]+( [0-9*/,-]+){4}'" /etc/config/podkop && sed -i "s|^\(\s*option update_interval\) '[0-9*/,-]\+\( [0-9*/,-]\+\)\{4\}'|\1 '1d'|" /etc/config/podkop + if grep -qE "^\s*option update_interval '[0-9*/,-]+( [0-9*/,-]+){4}'" $CONFIG; then + log "Depricated update_interval" + sed -i "s|^\(\s*option update_interval\) '[0-9*/,-]\+\( [0-9*/,-]\+\)\{4\}'|\1 '1d'|" $CONFIG + fi + + # dnsmasq https + if grep -q "^filter-rr=HTTPS" "/etc/dnsmasq.conf"; then + log "Found and removed filter-rr=HTTPS in dnsmasq config" + sed -i '/^filter-rr=HTTPS/d' "/etc/dnsmasq.conf" + fi } # Main funcs @@ -252,12 +289,10 @@ dnsmasq_add() { uci set dhcp.@dnsmasq[0].filter_aaaa="1" uci set dhcp.@dnsmasq[0].cachesize="0" uci -q delete dhcp.@dnsmasq[0].server - uci add_list dhcp.@dnsmasq[0].server="127.0.0.1#5353" + uci add_list dhcp.@dnsmasq[0].server="127.0.0.42" uci add_list dhcp.@dnsmasq[0].server='/use-application-dns.net/' uci commit dhcp - grep -q "filter-rr=HTTPS" /etc/dnsmasq.conf || echo "filter-rr=HTTPS" >> /etc/dnsmasq.conf - /etc/init.d/dnsmasq restart } @@ -269,8 +304,6 @@ dnsmasq_rm() { uci -q delete dhcp.@dnsmasq[0].server uci commit dhcp - sed -i '/filter-rr=HTTPS/d' /etc/dnsmasq.conf - /etc/init.d/dnsmasq restart } @@ -484,8 +517,8 @@ sing_box_inbound_proxy() { { "tag": "dns-in", "type": "direct", - "listen": "127.0.0.1", - "listen_port": 5353 + "listen": "127.0.0.42", + "listen_port": 53 } ], "outbounds": [ @@ -526,6 +559,12 @@ sing_box_dns_rule_fakeip() { jq \ '.dns += { "rules": [ + { + "query_type": [ + "HTTPS" + ], + "action": "reject" + }, { "server": "fakeip-server", "rule_set": [] @@ -686,8 +725,8 @@ sing_box_config_outbound_json() { { "tag": "dns-in", "type": "direct", - "listen": "127.0.0.1", - "listen_port": 5353 + "listen": "127.0.0.42", + "listen_port": 53 } ], "outbounds": [], @@ -1111,6 +1150,25 @@ sing_box_rules() { fi } +sing_box_quic_reject() { + local quic_rule_exists=$(jq -e '.route.rules[] | select(.protocol == "quic" and .action == "reject")' "$SING_BOX_CONFIG") + + if [[ -z "$quic_rule_exists" ]]; then + jq ' + .route.rules |= ( + reduce .[] as $rule ([]; + if $rule.protocol == "dns" and $rule.action == "hijack-dns" then + . + [$rule, {"protocol": "quic", "action": "reject"}] + else + . + [$rule] + end + ) + )' "$SING_BOX_CONFIG" >/tmp/sing-box-config-tmp.json && mv /tmp/sing-box-config-tmp.json "$SING_BOX_CONFIG" + + log "QUIC reject rule added successfully" + fi +} + process_remote_ruleset() { config_get_bool domain_list_enabled "$section" "domain_list_enabled" "0" if [ "$domain_list_enabled" -eq 1 ]; then