From 4aca2043c1ee512558c981ae16e00d941302016d Mon Sep 17 00:00:00 2001 From: remittor Date: Fri, 16 Jan 2026 19:53:07 +0300 Subject: [PATCH] diag: dwc: Add support resolve ip via specific dns and add recommendations --- .../resources/view/zapret2/diagnost.js | 34 +++ zapret2/dwc.sh | 195 ++++++++++++++---- 2 files changed, 189 insertions(+), 40 deletions(-) diff --git a/luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/diagnost.js b/luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/diagnost.js index 159db8e..431a55e 100644 --- a/luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/diagnost.js +++ b/luci-app-zapret2/htdocs/luci-static/resources/view/zapret2/diagnost.js @@ -30,6 +30,12 @@ return baseclass.extend({ this.appendLog('Original sources: https://github.com/hyperion-cs/dpi-checkers'); this.appendLog('WEB-version: https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20/'); let cmd = [ fn_dwc_sh ]; + let resolve_dns = document.getElementById('cfg_resolve_dns'); + let dns_ip = resolve_dns.options[resolve_dns.selectedIndex].text; + if (dns_ip && dns_ip != 'default') { + cmd.push(...[ '-d', dns_ip.trim() ]); + } + cmd.push('-R'); // show recommendations let log = '/tmp/'+tools.appName+'_dwc.log'; let callback = this.execAndReadCallback; let wnd = this; @@ -60,6 +66,32 @@ return baseclass.extend({ { this.pkg_arch = pkg_arch; + let DNS_LIST = [ + '8.8.8.8', // Google + '8.8.4.4', // Google + '1.1.1.1', // Cloudflare + '1.0.0.1', // Cloudflare + '9.9.9.9', // Quad9 + '149.112.112.112', // Quad9 + '208.67.222.222', // OpenDNS + '208.67.220.220', // OpenDNS + '8.26.56.26', // Comodo + '8.20.247.20', // Comodo + '64.6.64.6', // Verisign + '64.6.65.6', // Verisign + ]; + let dns_list = [ ]; + dns_list.push( E('option', { value: 'dns_default' }, [ 'default' ] ) ); + for (let id = 0; id < DNS_LIST.length; id++) { + let dns_ipaddr = '' + DNS_LIST[id]; + let val = 'dns_' + dns_ipaddr.replace(/\./g, "_"); + dns_list.push( E('option', { value: val }, [ dns_ipaddr ] )); + } + let resolve_dns = E('label', [ + _('Resolve IP-Addr via') + ': ', + E('select', { id: 'cfg_resolve_dns' }, dns_list) + ]); + this.logArea = E('textarea', { 'id': 'widget.modal_content', 'readonly': true, @@ -84,6 +116,8 @@ return baseclass.extend({ ui.showModal(_('Diagnostics'), [ E('div', { 'class': 'cbi-section' }, [ + resolve_dns, + E('br'), E('br'), this.logArea, ]), E('div', { 'class': 'right' }, [ diff --git a/zapret2/dwc.sh b/zapret2/dwc.sh index b2f9941..330d391 100644 --- a/zapret2/dwc.sh +++ b/zapret2/dwc.sh @@ -1,14 +1,34 @@ #!/bin/sh # Copyright (c) 2026 remittor -. /opt/zapret2/comfunc.sh +ZAP_TMP_DIR=/tmp/zapret2_dwc -ZAP_TMP_DIR=/tmp/zapret_dwc +opt_dig= +opt_recom= +opt_tmp_dir= +opt_test= -rm -rf $ZAP_TMP_DIR +while getopts "d:RT:t" opt; do + case $opt in + d) opt_dig="$OPTARG";; + R) opt_recom="true";; # Recommendations + T) opt_tmp_dir="$OPTARG";; + t) opt_test="true";; + esac +done + +[ "$opt_tmp_dir" != "" ] && ZAP_TMP_DIR="$opt_tmp_dir" + +TARGET_LIST_FILE="$ZAP_TMP_DIR/targets" + +[ -f "$TARGET_LIST_FILE" ] && rm -rf "$ZAP_TMP_DIR" +[ -f "$TARGET_LIST_FILE" ] && exit 3 CURL_TIMEOUT=5 CURL_RANGETO=65535 +CURL_NOCACHE='cache-control: no-cache' +CURL_NOCACHE2='pragma: no-cache' +CURL_USERAGENT='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36' if ! command -v curl >/dev/null 2>&1; then echo "ERROR: package \"curl\" not installed!" @@ -24,6 +44,26 @@ if ! echo "$CURL_INFO" | grep -q 'https'; then return 11 fi +if [ "$opt_dig" != "" ]; then + if ! command -v dig >/dev/null 2>&1; then + echo "ERROR: package \"bind-dig\" not installed!" + return 12 + fi + OPT_DIG_DNS="@$opt_dig" + [ "$opt_dig" = "@" ] && OPT_DIG_DNS='' + [ "$opt_dig" = "8" ] && OPT_DIG_DNS='@8.8.8.8' + [ "$opt_dig" = "1" ] && OPT_DIG_DNS='@1.1.1.1' + [ "$opt_dig" = "9" ] && OPT_DIG_DNS='@9.9.9.9' +fi + +if [ -f /etc/openwrt_release ]; then + CA_CERTS=/etc/ssl/certs/ca-certificates.crt + if [ ! -f $CA_CERTS ]; then + echo "ERROR: package \"ca-bundle\" not installed!" + return 15 + fi +fi + #echo 'Original sources: https://github.com/hyperion-cs/dpi-checkers' #echo 'WEB-version: https://hyperion-cs.github.io/dpi-checkers/ru/tcp-16-20/' @@ -45,7 +85,7 @@ TEST_SUITE='[ { id: "DE.AWS-01", provider: "πŸ‡©πŸ‡ͺ AWS", times: 1, url: "https://www.getscope.com/assets/fonts/fa-solid-900.woff2" }, { id: "US.AWS-01", provider: "πŸ‡ΊπŸ‡Έ AWS", times: 1, url: "https://corp.kaltura.com/wp-content/cache/min/1/wp-content/themes/airfleet/dist/styles/theme.css" }, { id: "US.GC-01", provider: "πŸ‡ΊπŸ‡Έ Google Cloud", times: 1, url: "https://api.usercentrics.eu/gvl/v3/en.json" }, - { id: "US.FST-01", provider: "πŸ‡ΊπŸ‡Έ Fastly", times: 1, url: "https://www.jetblue.com/main.c7b61d59416f714f.js" }, + { id: "US.FST-01", provider: "πŸ‡ΊπŸ‡Έ Fastly", times: 1, url: "https://www.jetblue.com/footer/footer-element-es2015.js" }, { id: "CA.FST-01", provider: "πŸ‡¨πŸ‡¦ Fastly", times: 1, url: "https://www.cnn10.com/" }, { id: "US.AKM-01", provider: "πŸ‡ΊπŸ‡Έ Akamai", times: 1, url: "https://www.roxio.com/static/roxio/images/products/creator/nxt9/call-action-footer-bg.jpg" }, { id: "PL.AKM-01", provider: "πŸ‡΅πŸ‡± Akamai", times: 1, url: "https://media-assets.stryker.com/is/image/stryker/gateway_1?$max_width_1410$" }, @@ -60,60 +100,135 @@ function trim echo "$1" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' } -mkdir -p $ZAP_TMP_DIR +mkdir -p "$ZAP_TMP_DIR" -ID=0 -while IFS='|' read -r TAG PROVIDER TIMES URL; do +: > "$TARGET_LIST_FILE" +IDX=0 +while IFS= read -r line; do + case "$line" in + *id:*provider:*url:*) + IDX=$((IDX + 1)) + TAG=$( printf '%s\n' "$line" | cut -d'"' -f2 ) + COUNTRY="${TAG%%.*}" + PROVIDER_RAW=$( printf '%s\n' "$line" | cut -d'"' -f4 ) + PROVIDER="${PROVIDER_RAW#* }" + TIMES=$( printf '%s\n' "$line" | cut -d':' -f4 | cut -d',' -f1 | tr -d ' ') + URL=$( printf '%s\n' "$line" | cut -d'"' -f6 ) + echo "${IDX}|${TAG}|${COUNTRY}|${PROVIDER}|${TIMES}|${URL}" >> "$TARGET_LIST_FILE" + ;; + esac +done </dev/null | sed -n '1s/.*(\([0-9.]*\)).*/\1/p')" + DST_IP= + RESOLVE_OPT= + if [ "$opt_dig" != "" ]; then + DST_IP=$( dig +time=2 +retry=1 $OPT_DIG_DNS +short "$DOMAIN" 2>/dev/null | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | head -n1 ) + else + CURL_TIMEOUTS="--connect-timeout 2 --max-time 3 --speed-time 3 --speed-limit 1" + DST_IP=$( curl -4 -I -s $CURL_TIMEOUTS -o /dev/null -w '%{remote_ip}\n' "$URL" ) + if [ -z "$DST_IP" ]; then + DST_IP=$( curl -4 -s $CURL_TIMEOUTS -o /dev/null -r 0-0 -w '%{remote_ip}\n' "$URL" ) + fi fi - curl -k $URL --resolve $DOMAIN:443:$DST_IP -o /dev/null -s -w '%{size_download}\n' --max-time $CURL_TIMEOUT --range 0-$CURL_RANGETO - ) >"$ZAP_TMP_DIR/$ID3=$TAG=$PROVIDER.txt" 2>&1 & -done </dev/null | sed -n '1s/.*(\([0-9.]*\)).*/\1/p' ) + fi + [ "$DST_IP" != "" ] && RESOLVE_OPT="--resolve $DOMAIN:443:$DST_IP" + echo "$DST_IP" > "$FNAME.ip" + echo "$URL" > "$FNAME.url" + curl "$URL" \ + $RESOLVE_OPT \ + --connect-timeout $CURL_CON_TIMEOUT \ + --max-time $CURL_TIMEOUT \ + --speed-time $CURL_SPEED_TIME \ + --speed-limit $CURL_SPEED_LIMIT \ + --range 0-$CURL_RANGETO \ + -A "$CURL_USERAGENT" \ + -D "$FNAME.hdr" \ + -o "$FNAME.body" + ) > "$FNAME.log" 2>&1 & +done < "$TARGET_LIST_FILE" wait -printf '%s\n' "$ZAP_TMP_DIR"/*.txt | sort | while IFS= read -r file; do +FAIL_URL_LIST="$ZAP_TMP_DIR/FAIL_URL_LIST.txt" +rm -f "$FAIL_URL_LIST" + +printf '%s\n' "$ZAP_TMP_DIR"/*.log | sort | while IFS= read -r file; do [ -f "$file" ] || continue - FNAME="${file##*/}" - ID=$( echo "$FNAME" | cut -d= -f1) - TAG=$( echo "$FNAME" | cut -d= -f2) - PROVIDER=$(echo "$FNAME" | cut -d= -f3 | sed 's/\.txt$//' ) - res=$( cat "$file" ) - res=$( trim "$res" ) + FILENAME="${file##*/}" + FILENAME="${FILENAME%.log}" + ID=$( echo "$FILENAME" | cut -d= -f1) + TAG=$( echo "$FILENAME" | cut -d= -f2) + PROVIDER=$(echo "$FILENAME" | cut -d= -f3 ) + FNAME="$ZAP_TMP_DIR/$FILENAME" + BODY_SIZE=0 + [ -f "$FNAME.body" ] && BODY_SIZE=$( wc -c < "$FNAME.body" ) + IPADDR="x.x.x.x" + [ -s "$FNAME.ip" ] && IPADDR=$( cat "$FNAME.ip" ) + res=0 status= - case "$res" in - ''|*[!0-9]*) - status="Error (incorrect value)" - ;; - esac - if [ -z "$status" ]; then - if [ "$res" = 0 ]; then - status="Possibly detected" - elif [ "$res" -lt $CURL_RANGETO ]; then - status="Failed to complete detection" + if [ ! -f "$FNAME.hdr" ]; then + status="ERROR: cannot Get Headers" + elif [ ! -s "$FNAME.hdr" ]; then + status="ERROR: cannot get headers" + elif [ ! -f "$FNAME.body" ]; then + status="Possibly detected*" + elif [ ! -s "$FNAME.body" ]; then + status="Possibly detected" + else + if [ "$BODY_SIZE" -le $CURL_RANGETO ]; then + status="Failed (recv $BODY_SIZE bytes)" + res=5 else status="[ OK ]" + res=100 fi fi - printf '%12s / %-13s: %s \n' "$TAG" "$PROVIDER" "$status" + printf '%12s / %-15s / %-13s: %s \n' "$TAG" "$IPADDR" "$PROVIDER" "$status" + echo "$BODY_SIZE" > "$FNAME.size" + if [ $res != 100 ]; then + URL=$( cat "$FNAME.url" ) + echo "$FILENAME : $URL" >> "$FAIL_URL_LIST" + fi done +rm -f "$ZAP_TMP_DIR"/*.body >/dev/null 2>&1 + +[ "$opt_recom" != "true" ] && return 0 + +[ ! -f "$FAIL_URL_LIST" ] && return 0 + +echo "===================================================" +echo "Recommendations:" +echo "Try adding the specified domains to the \"zapret-hosts-user.txt\" file:" + +while IFS=' : ' read -r FILENAME URL; do + [ -z "$FILENAME" ] && continue + URL_NO_PROTO="${URL#*://}" + DOMAIN="${URL_NO_PROTO%%/*}" + URLPATH="/${URL_NO_PROTO#*/}" + [ "$URLPATH" = "/$URL_NO_PROTO" ] && URLPATH="/" + echo "$DOMAIN" +done < "$FAIL_URL_LIST" + return 0