ipset: support global ipset and global nftset

pymumu · Jan 5, 2024 · 94460d1 · 94460d1
1 parent 70ec291
commit 94460d1
Show file tree

Hide file tree

Showing 10 changed files with 309 additions and 71 deletions.
diff --git a/etc/smartdns/smartdns.conf b/etc/smartdns/smartdns.conf
@@ -44,6 +44,8 @@
 # -no-dualstack-selection: Disable dualstack ip selection.
 # -no-ip-alias: ignore ip alias.
 # -force-aaaa-soa: force AAAA query return SOA.
+# -force-https-soa: force HTTPS query return SOA.
+# -no-serve-expired: no serve expired.
 # -ipset ipsetname: use ipset rule.
 # -nftset nftsetname: use nftset rule.
 # example: 
@@ -284,9 +286,10 @@ log-level info
 # ipset-timeout [yes]
 
 # specific ipset to domain
-# ipset /domain/[ipset|-]
-# ipset /www.example.com/block, set ipset with ipset name of block 
-# ipset /www.example.com/-, ignore this domain
+# ipset /domain/[ipsetname|#4:v4setname|#6:v6setname|-|#4:-|#6:-]
+# ipset [ipsetname|#4:v4setname|#6:v6setname], set global ipset.
+# ipset /www.example.com/block, set ipset with ipset name of block. 
+# ipset /www.example.com/-, ignore this domain.
 
 # add to ipset when ping is unreachable
 # ipset-no-speed ipsetname
@@ -306,6 +309,7 @@ log-level info
 
 # specific nftset to domain
 # nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6]
+# nftset [#4:ip#table#set,#6:ipv6#table#setv6] set global nftset.
 # nftset /www.example.com/ip#table#set, equivalent to 'nft add element ip table set { ... }'
 # nftset /www.example.com/-, ignore this domain
 # nftset /www.example.com/#6:-, ignore ipv6

diff --git a/package/linux/install b/package/linux/install
@@ -24,6 +24,7 @@ showhelp()
  echo "Options:"
  echo " -i install smartdns."
  echo " -u uninstall smartdns."
+ echo " -U upgrade install smartdns."
  echo " --prefix [dir] prefix directory."
  echo " -h show this message."
 }
@@ -223,7 +224,7 @@ main()
 {
  ACTION=""
 
- OPTS=`getopt -o iuh --long help,prefix: \
+ OPTS=`getopt -o iuhU --long help,prefix: \
  -n "" -- "$@"`
 
  if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
@@ -246,6 +247,9 @@ main()
  -u )
  ACTION="UNINSTALL"
  shift ;;
+ -U )
+ ACTION="UPGRADE"
+ shift ;;
  -- ) shift; break ;;
  * ) break ;;
  esac
@@ -262,7 +266,14 @@ main()
  elif [ "$ACTION" = "UNINSTALL" ]; then
  uninstall_smartdns
  return 0
- fi 
+ elif [ "$ACTION" = "UPGRADE" ]; then
+ uninstall_smartdns
+ install_smartdns
+ return $?
+ else
+ showhelp
+ return 1
+ fi
 
 }
 

diff --git a/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua b/package/luci-compat/files/luci/model/cbi/smartdns/smartdns.lua
@@ -271,13 +271,34 @@ o.cfgvalue = function(...)
  return Flag.cfgvalue(...) or "1"
 end
 
+o = s:taboption("advanced", Value, "ipset_name", translate("IPset Name"), translate("IPset name."))
+o.rmempty = true
+o.datatype = "string"
+o.rempty = true
+
 ---- Ipset no speed.
 o = s:taboption("advanced", Value, "ipset_no_speed", translate("No Speed IPset Name"), 
  translate("Ipset name, Add domain result to ipset when speed check fails."));
 o.rmempty = true;
 o.datatype = "hostname";
 o.rempty = true;
 
+o = s:taboption("advanced", Value, "nftset_name", translate("NFTset Name"), translate("NFTset name, format: [#[4|6]:[family#table#set]]"))
+o.rmempty = true
+o.datatype = "string"
+o.rempty = true
+function o.validate(self, value) 
+ if (value == "") then
+ return value
+ end
+
+ if (value:match("#[4|6]:[a-zA-Z0-9%-_]+#[a-zA-Z0-9%-_]+#[a-zA-Z0-9%-_]+$")) then
+ return value
+ end
+
+ return nil, translate("NFTset name format error, format: [#[4|6]:[family#table#set]]")
+end
+
 ---- NFTset no speed.
 o = s:taboption("advanced", Value, "nftset_no_speed", translate("No Speed NFTset Name"), 
  translate("Nftset name, Add domain result to nftset when speed check fails, format: [#[4|6]:[family#table#set]]"));
@@ -434,6 +455,13 @@ o.cfgvalue = function(...)
  return Flag.cfgvalue(...) or "0"
 end
 
+o = s:taboption("seconddns", Flag, "seconddns_force_https_soa", translate("Force HTTPS SOA"), translate("Force HTTPS SOA."))
+o.rmempty = false
+o.default = o.disabled
+o.cfgvalue = function(...)
+ return Flag.cfgvalue(...) or "0"
+end
+
 o = s:taboption("seconddns", Flag, "seconddns_no_ip_alias", translate("Skip IP Alias"))
 o.rmempty = true
 o.default = o.disabled
@@ -443,7 +471,7 @@ end
 
 o = s:taboption("seconddns", Value, "seconddns_ipset_name", translate("IPset Name"), translate("IPset name."))
 o.rmempty = true
-o.datatype = "hostname"
+o.datatype = "string"
 o.rempty = true
 
 o = s:taboption("seconddns", Value, "seconddns_nftset_name", translate("NFTset Name"), translate("NFTset name, format: [#[4|6]:[family#table#set]]"))

diff --git a/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js b/package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js
@@ -331,6 +331,26 @@ return view.extend({
  o.rmempty = false;
  o.default = o.enabled;
 
+ // ipset name;
+ o = s.taboption("advanced", form.Value, "ipset_name", _("IPset Name"), _("IPset name."));
+ o.rmempty = true;
+ o.datatype = "string";
+ o.rempty = true;
+ o.validate = function (section_id, value) {
+ if (value == "") {
+ return true;
+ }
+
+ var ipset = value.split(",")
+ for (var i = 0; i < ipset.length; i++) {
+ if (!ipset[i].match(/^(#[4|6]:)?[a-zA-Z0-9\-_]+$/)) {
+ return _("ipset name format error, format: [#[4|6]:]ipsetname");
+ }
+ }
+
+ return true;
+ }
+
  // Ipset no speed.
  o = s.taboption("advanced", form.Value, "ipset_no_speed", _("No Speed IPset Name"),
  _("Ipset name, Add domain result to ipset when speed check fails."));
@@ -351,6 +371,26 @@ return view.extend({
 
  return true;
  }
+
+ // NFTset name;
+ o = s.taboption("advanced", form.Value, "nftset_name", _("NFTset Name"), _("NFTset name, format: [#[4|6]:[family#table#set]]"));
+ o.rmempty = true;
+ o.datatype = "string";
+ o.rempty = true;
+ o.validate = function (section_id, value) {
+ if (value == "") {
+ return true;
+ }
+
+ var nftset = value.split(",")
+ for (var i = 0; i < nftset.length; i++) {
+ if (!nftset[i].match(/^#[4|6]:[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+#[a-zA-Z0-9\-_]+$/)) {
+ return _("NFTset name format error, format: [#[4|6]:[family#table#set]]");
+ }
+ }
+
+ return true;
+ }
 
  // NFTset no speed.
  o = s.taboption("advanced", form.Value, "nftset_no_speed", _("No Speed NFTset Name"),
@@ -503,6 +543,11 @@ return view.extend({
  o = s.taboption("seconddns", form.Flag, "seconddns_force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA."));
  o.rmempty = true;
  o.default = o.disabled;
+
+ // Force HTTPS SOA
+ o = s.taboption("seconddns", form.Flag, "seconddns_force_https_soa", _("Force HTTPS SOA"), _("Force HTTPS SOA."));
+ o.rmempty = true;
+ o.default = o.disabled;
 
  o = s.taboption("seconddns", form.Flag, "seconddns_no_ip_alias", _("Skip IP Alias"));
  o.rmempty = true;

diff --git a/package/openwrt/files/etc/init.d/smartdns b/package/openwrt/files/etc/init.d/smartdns
@@ -484,6 +484,9 @@ load_second_server()
  config_get_bool seconddns_force_aaaa_soa "$section" "seconddns_force_aaaa_soa" "0"
  [ "$seconddns_force_aaaa_soa" = "1" ] && ARGS="$ARGS -force-aaaa-soa"
 
+ config_get_bool seconddns_force_https_soa "$section" "seconddns_force_https_soa" "0"
+ [ "$seconddns_force_https_soa" = "1" ] && ARGS="$ARGS -force-https-soa"
+
  config_get_bool seconddns_no_ip_alias "$section" "seconddns_no_ip_alias" "0"
  [ "$seconddns_no_ip_alias" = "1" ] && ARGS="$ARGS -no-ip-alias"
 
@@ -605,6 +608,12 @@ load_service()
 
  config_get auto_set_dnsmasq "$section" "auto_set_dnsmasq" "1"
 
+ config_get ipset_name "$section" "ipset_name" ""
+ [ -z "$ipset_name" ] || conf_append "ipset" "$ipset_name"
+
+ config_get nftset_name "$section" "nftset_name" ""
+ [ -z "$nftset_name" ] || conf_append "nftset" "$nftset_name"
+
  config_get ipset_no_speed "$section" "ipset_no_speed" ""
  [ -z "$ipset_no_speed" ] || conf_append "ipset-no-speed" "$ipset_no_speed"
 

diff --git a/src/dns_client.c b/src/dns_client.c
@@ -612,14 +612,18 @@ static struct dns_server_group *_dns_client_get_dnsserver_group(const char *grou
  struct dns_server_group *group = _dns_client_get_group(group_name);
 
  if (group == NULL) {
- group = client.default_group;
+ goto use_default;
  } else {
  if (list_empty(&group->head)) {
- group = client.default_group;
+ tlog(TLOG_INFO, "group %s not exist, use default group.", group_name);
+ goto use_default;
  }
  }
 
  return group;
+
+use_default:
+ return client.default_group;
 }
 
 /* add server to group */
@@ -1228,7 +1232,8 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
  snprintf(ifname, sizeof(ifname), "@%s", flags->ifname);
  }
 
- tlog(TLOG_INFO, "add server %s:%d%s, type: %s", server_ip, port, ifname, _dns_server_get_type_string(server_info->type));
+ tlog(TLOG_INFO, "add server %s:%d%s, type: %s", server_ip, port, ifname,
+ _dns_server_get_type_string(server_info->type));
 
  return 0;
 errout: