luci: optimize chinadns-ng configuration code

xiaorouji · Nov 20, 2024 · d0e38a8 · d0e38a8
1 parent f0ef262
commit d0e38a8
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 94 deletions.
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=24.11.18
-PKG_RELEASE:=4
+PKG_RELEASE:=5
 
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \

diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
@@ -87,7 +87,7 @@ if not fs.access(TMP_ACL_PATH) then
 	fs.mkdir(TMP_ACL_PATH, 493)
 end
 
-local setflag= (NFTFLAG == "1") and "inet@passwall@" or ""
+local setflag = (NFTFLAG == "1") and "inet@passwall@" or ""
 
 config_lines = {
 	--"verbose",
@@ -98,75 +98,59 @@ config_lines = {
 	"filter-qtype 65"
 }
 
---内置组(chn/gfw)优先级在自定义组后
---GFW列表
-if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then
-	tmp_lines = {
-		"gfwlist-file " .. RULES_PATH .. "/gfwlist",
-		"add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6"
-	}
-	merge_array(config_lines, tmp_lines)
-	if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:gfw") end
-	log(string.format("  - 防火墙域名表(gfwlist)：%s", DNS_TRUST or "默认"))
-end
-
---中国列表
-if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then
-	if CHNLIST == "direct" then
-		tmp_lines = {
-			"chnlist-file " .. RULES_PATH .. "/chnlist",
-			"ipset-name4 " .. setflag .. "passwall_chnroute",
-			"ipset-name6 " .. setflag .. "passwall_chnroute6",
-			"add-tagchn-ip",
-			"chnlist-first"
-		}
-		merge_array(config_lines, tmp_lines)
-		log(string.format("  - 中国域名表(chnroute)：%s", DNS_LOCAL or "默认"))
-	end
-
-	--回中国模式
-	if CHNLIST == "proxy" then
-		tmp_lines = {
-			"group chn_proxy",
-			"group-dnl " .. RULES_PATH .. "/chnlist",
-			"group-upstream " .. DNS_TRUST,
-			"group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6"
-		}
-		merge_array(config_lines, tmp_lines)
-		if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:chn_proxy") end
-		log(string.format("  - 中国域名表(chnroute)：%s", DNS_TRUST or "默认"))
-	end
+for i = 1, 6 do
+	table.insert(config_lines, "#--" .. i)
 end
 
 --自定义规则组，后声明的组具有更高优先级
---代理（黑名单）列表
-local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
-if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then   --对自定义列表进行清洗
-	local proxy_domain, lookup_proxy_domain = {}, {}
-	for line in io.lines(RULES_PATH .. "/proxy_host") do
+--屏蔽列表
+local file_block_host = TMP_ACL_PATH .. "/block_host"
+if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then   --对自定义列表进行清洗
+	local block_domain, lookup_block_domain = {}, {}
+	for line in io.lines(RULES_PATH .. "/block_host") do
 		line = api.get_std_domain(line)
 		if line ~= "" and not line:find("#") then
-			insert_unique(proxy_domain, line, lookup_proxy_domain)
+			insert_unique(block_domain, line, lookup_block_domain)
 		end
 	end
-	if #proxy_domain > 0 then
-		local f_out = io.open(file_proxy_host, "w")
-		for i = 1, #proxy_domain do
-			f_out:write(proxy_domain[i] .. "\n")
+	if #block_domain > 0 then
+		local f_out = io.open(file_block_host, "w")
+		for i = 1, #block_domain do
+			f_out:write(block_domain[i] .. "\n")
 		end
 		f_out:close()
 	end
 end
-if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
+if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
 	tmp_lines = {
-		"group proxylist",
-		"group-dnl " .. file_proxy_host,
-		"group-upstream " .. DNS_TRUST,
-		"group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6"
+		"group null",
+		"group-dnl " .. file_block_host
 	}
-	merge_array(config_lines, tmp_lines)
-	if NO_IPV6_TRUST == "1" then table.insert(config_lines, "no-ipv6 tag:proxylist") end
-	log(string.format("  - 代理域名表(blacklist)：%s", DNS_TRUST or "默认"))
+	insert_array_after(config_lines, tmp_lines, "#--5")
+end
+
+--始终用国内DNS解析节点域名
+local file_vpslist = TMP_ACL_PATH .. "/vpslist"
+if not is_file_nonzero(file_vpslist) then
+	local f_out = io.open(file_vpslist, "w")
+	uci:foreach(appname, "nodes", function(t)
+		local address = t.address
+		if address == "engage.cloudflareclient.com" then return end
+		if datatypes.hostname(address) then
+			f_out:write(address .. "\n")
+		end
+	end)
+	f_out:close()
+end
+if is_file_nonzero(file_vpslist) then
+	tmp_lines = {
+		"group vpslist",
+		"group-dnl " .. file_vpslist,
+		"group-upstream " .. DNS_LOCAL,
+		"group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6"
+	}
+	insert_array_after(config_lines, tmp_lines, "#--6")
+	log(string.format("  - 节点列表中的域名(vpslist)：%s", DNS_LOCAL or "默认"))
 end
 
 --直连（白名单）列表
@@ -194,55 +178,78 @@ if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
 		"group-upstream " .. DNS_LOCAL,
 		"group-ipset " .. setflag .. "passwall_whitelist," .. setflag .. "passwall_whitelist6"
 	}
-	merge_array(config_lines, tmp_lines)
+	insert_array_after(config_lines, tmp_lines, "#--4")
 	log(string.format("  - 域名白名单(whitelist)：%s", DNS_LOCAL or "默认"))
 end
 
---屏蔽列表
-local file_block_host = TMP_ACL_PATH .. "/block_host"
-if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then   --对自定义列表进行清洗
-	local block_domain, lookup_block_domain = {}, {}
-	for line in io.lines(RULES_PATH .. "/block_host") do
+--代理（黑名单）列表
+local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
+if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then   --对自定义列表进行清洗
+	local proxy_domain, lookup_proxy_domain = {}, {}
+	for line in io.lines(RULES_PATH .. "/proxy_host") do
 		line = api.get_std_domain(line)
 		if line ~= "" and not line:find("#") then
-			insert_unique(block_domain, line, lookup_block_domain)
+			insert_unique(proxy_domain, line, lookup_proxy_domain)
 		end
 	end
-	if #block_domain > 0 then
-		local f_out = io.open(file_block_host, "w")
-		for i = 1, #block_domain do
-			f_out:write(block_domain[i] .. "\n")
+	if #proxy_domain > 0 then
+		local f_out = io.open(file_proxy_host, "w")
+		for i = 1, #proxy_domain do
+			f_out:write(proxy_domain[i] .. "\n")
 		end
 		f_out:close()
 	end
 end
-if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
-	table.insert(config_lines, "group null")
-	table.insert(config_lines, "group-dnl " .. file_block_host)
+if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
+	tmp_lines = {
+		"group proxylist",
+		"group-dnl " .. file_proxy_host,
+		"group-upstream " .. DNS_TRUST,
+		"group-ipset " .. setflag .. "passwall_blacklist," .. setflag .. "passwall_blacklist6"
+	}
+	if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:proxylist") end
+	insert_array_after(config_lines, tmp_lines, "#--3")
+	log(string.format("  - 代理域名表(blacklist)：%s", DNS_TRUST or "默认"))
 end
 
---始终用国内DNS解析节点域名
-local file_vpslist = TMP_ACL_PATH .. "/vpslist"
-if not is_file_nonzero(file_vpslist) then
-	local f_out = io.open(file_vpslist, "w")
-	uci:foreach(appname, "nodes", function(t)
-		local address = t.address
-		if address == "engage.cloudflareclient.com" then return end
-		if datatypes.hostname(address) then
-			f_out:write(address .. "\n")
-		end
-	end)
-	f_out:close()
-end
-if is_file_nonzero(file_vpslist) then
+--内置组(chn/gfw)优先级在自定义组后
+--GFW列表
+if GFWLIST == "1" and is_file_nonzero(RULES_PATH .. "/gfwlist") then
 	tmp_lines = {
-		"group vpslist",
-		"group-dnl " .. file_vpslist,
-		"group-upstream " .. DNS_LOCAL,
-		"group-ipset " .. setflag .. "passwall_vpslist," .. setflag .. "passwall_vpslist6"
+		"gfwlist-file " .. RULES_PATH .. "/gfwlist",
+		"add-taggfw-ip " .. setflag .. "passwall_gfwlist," .. setflag .. "passwall_gfwlist6"
 	}
+	if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:gfw") end
 	merge_array(config_lines, tmp_lines)
-	log(string.format("  - 节点列表中的域名(vpslist)：%s", DNS_LOCAL or "默认"))
+	log(string.format("  - 防火墙域名表(gfwlist)：%s", DNS_TRUST or "默认"))
+end
+
+--中国列表
+if CHNLIST ~= "0" and is_file_nonzero(RULES_PATH .. "/chnlist") then
+	if CHNLIST == "direct" then
+		tmp_lines = {
+			"chnlist-file " .. RULES_PATH .. "/chnlist",
+			"ipset-name4 " .. setflag .. "passwall_chnroute",
+			"ipset-name6 " .. setflag .. "passwall_chnroute6",
+			"add-tagchn-ip",
+			"chnlist-first"
+		}
+		merge_array(config_lines, tmp_lines)
+		log(string.format("  - 中国域名表(chnroute)：%s", DNS_LOCAL or "默认"))
+	end
+
+	--回中国模式
+	if CHNLIST == "proxy" then
+		tmp_lines = {
+			"group chn_proxy",
+			"group-dnl " .. RULES_PATH .. "/chnlist",
+			"group-upstream " .. DNS_TRUST,
+			"group-ipset " .. setflag .. "passwall_chnroute," .. setflag .. "passwall_chnroute6"
+		}
+		if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:chn_proxy") end
+		insert_array_after(config_lines, tmp_lines, "#--1")
+		log(string.format("  - 中国域名表(chnroute)：%s", DNS_TRUST or "默认"))
+	end
 end
 
 --分流规则
@@ -324,8 +331,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
 			"group-ipset " .. setflag .. "passwall_shuntlist," .. setflag .. "passwall_shuntlist6"
 		}
 		if NO_IPV6_TRUST == "1" then table.insert(tmp_lines, "no-ipv6 tag:shuntlist") end
-		-- 在 "filter-qtype 65" 后插入 tmp_lines (shuntlist在自定义组中优先级最低)
-		insert_array_after(config_lines, tmp_lines, "filter-qtype 65")
+		insert_array_after(config_lines, tmp_lines, "#--2")
 	end
 
 end
@@ -368,7 +374,10 @@ end
 --输出配置文件
 if #config_lines > 0 then
 	for i = 1, #config_lines do
-		print(config_lines[i])
+		line = config_lines[i]
+		if line ~= "" and not line:find("^#--") then
+			print(line)
+		end
 	end
 end