luci-lite: fix luci-lite issue.

package/luci-lite/control/postinst

@@ -20,5 +20,6 @@
 . ${IPKG_INSTROOT}/lib/functions.sh
 default_postinst $0 $@
 ret=$?
+/etc/init.d/smartdns-lite clear_rules
 /etc/init.d/smartdns-lite enable
 exit 0

package/luci-lite/control/prerm

@@ -18,6 +18,7 @@
 [ -e ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0
 . ${IPKG_INSTROOT}/lib/functions.sh
 default_prerm $0 $@
+/etc/init.d/smartdns-lite clear_rules
 /etc/init.d/smartdns-lite disable
 rm /var/etc/smartdns-lite.conf -f
 exit 0

package/luci-lite/files/luci/i18n/smartdns-lite.zh-cn.po

@@ -163,8 +163,8 @@ msgstr "smartdns服务器模式。"
 msgid "Smartdns server port."
 msgstr "smartdns服务器端口。"
 
-msgid "Smartdns speed check mode."
-msgstr "Smartdns测速模式设置。"
+msgid "Speed check mode for matching domains."
+msgstr "匹配域名的测速模式。"
 
 msgid "Speed Check Mode"
 msgstr "测速模式"
@@ -175,6 +175,18 @@ msgstr "测速模式无效。"
 msgid "TCP port is empty"
 msgstr "TCP端口为空"
 
+msgid "TPROXY Server Port"
+msgstr "TPROXY服务器端口"
+
+msgid "TPROXY server port used for forwarding data requests, please make sure this port has enabled TPROXY service."
+msgstr "用于转发数据请求的TPROXY服务器端口，请确保该端口已启用TPROXY服务，否则链接可能不正常。"
+
+msgid "Use Internal IP Rules"
+msgstr "使用内置IP规则"
+
+msgid "Use internal IP rules to forward data to TPROXY service when the domain matches, avoiding the need to configure IP rules."
+msgstr "当域名匹配时，使用内置IP规则将数据转发到TPROXY服务，避免复杂的IP规则配置。"
+
 msgid "Upload CloudFlare cdn ip list file, please refer to https://www.cloudflare.com/ips"
 msgstr "上传CloudFlare CDN IP列表文件，请参考https://www.cloudflare.com/ips"
 

package/luci-lite/files/root/etc/init.d/smartdns-lite

@@ -26,6 +26,8 @@ SMARTDNS_VAR_CONF_DIR="/var/etc/smartdns"
 SMARTDNS_CONF="$SMARTDNS_VAR_CONF_DIR/smartdns-lite.conf"
 CUSTOM_CONF="$SMARTDNS_CONF_DIR/custom.conf"
 SMARTDNS_CONF_TMP="${SMARTDNS_CONF}.tmp"
+EXTRA_COMMANDS="clear_rules"
+EXTRA_HELP="        clear_rules      clear all rules"
 
 conf_append()
 {
@@ -42,6 +44,65 @@ servers_append()
 	conf_append "server" "$1 $server_options"
 }
 
+setup_tproxy_rules()
+{
+	local tproxy_port="$1"
+	local table_type="$2"
+
+	ip rule add fwmark 1104 lookup 981
+	ip route add local 0.0.0.0/0 dev lo table 981
+	ip -6 route add local ::/0 dev lo table 981
+
+	if [ "$table_type" = "iptable" ]; then
+		iptables -t mangle -N SMARTDNS_LITE
+		iptables -t mangle -A SMARTDNS_LITE -p tcp -m set --match-set smartdns dst -j TPROXY --on-ip 127.0.0.1 --on-port ${tproxy_port} --tproxy-mark 1104
+		iptables -t mangle -A SMARTDNS_LITE -p udp -m set --match-set smartdns dst -j TPROXY --on-ip 127.0.0.1 --on-port ${tproxy_port} --tproxy-mark 1104
+		iptables -t mangle -A SMARTDNS_LITE -j ACCEPT
+		iptables -t mangle -A PREROUTING -j SMARTDNS_LITE
+
+
+		ip6tables -t mangle -N SMARTDNS_LITE
+		ip6tables -t mangle -A SMARTDNS_LITE -p tcp -m set --match-set smartdns6 dst -j TPROXY --on-ip ::1 --on-port ${tproxy_port} --tproxy-mark 1104
+		ip6tables -t mangle -A SMARTDNS_LITE -p udp -m set --match-set smartdns6 dst -j TPROXY --on-ip ::1 --on-port ${tproxy_port} --tproxy-mark 1104
+		ip6tables -t mangle -A SMARTDNS_LITE -j ACCEPT
+		ip6tables -t mangle -A PREROUTING -j SMARTDNS_LITE
+	elif [ "$table_type" = "nftable" ]; then
+		nft add table ip smartdns_lite
+		nft add set ip smartdns_lite ipv4 { type ipv4_addr\; flags interval\; auto-merge\; }
+		nft add chain ip smartdns_lite prerouting { type filter hook prerouting priority 0\; }
+		nft add rule ip smartdns_lite prerouting meta l4proto tcp ip daddr @ipv4 tproxy to 127.0.0.1:${tproxy_port} mark set 1104
+		nft add rule ip smartdns_lite prerouting meta l4proto udp ip daddr @ipv4 tproxy to 127.0.0.1:${tproxy_port} mark set 1104
+
+		nft add table ip6 smartdns_lite
+		nft add set ip6 smartdns_lite ipv6 { type ipv6_addr\; flags interval\; auto-merge\; }
+		nft add chain ip6 smartdns_lite prerouting6 { type filter hook prerouting priority 0\; }
+		nft add rule ip6 smartdns_lite prerouting6 meta l4proto tcp ip6 daddr @ipv6 tproxy to ::1:${tproxy_port} mark set 1104
+		nft add rule ip6 smartdns_lite prerouting6 meta l4proto udp ip6 daddr @ipv6 tproxy to ::1:${tproxy_port} mark set 1104
+	else
+		echo "table_type error"
+		return 1
+	fi
+}
+
+clear_tproxy_rules()
+{
+	ip rule del fwmark 1104 > /dev/null 2>&1
+	ip route flush table 981 > /dev/null 2>&1
+	iptables -t mangle -D PREROUTING -j SMARTDNS_LITE > /dev/null 2>&1
+	iptables -t mangle -F SMARTDNS_LITE > /dev/null 2>&1
+	iptables -t mangle -X SMARTDNS_LITE > /dev/null 2>&1
+	ip6tables -t mangle -D PREROUTING -j SMARTDNS_LITE > /dev/null 2>&1
+	ip6tables -t mangle -F SMARTDNS_LITE > /dev/null 2>&1
+	ip6tables -t mangle -X SMARTDNS_LITE > /dev/null 2>&1
+	nft delete table ip smartdns_lite > /dev/null 2>&1
+	nft delete table ip6 smartdns_lite > /dev/null 2>&1
+}
+
+clear_rules()
+{
+	clear_tproxy_rules
+}
+
 load_parental_control_rules()
 {
 	local section="$1"
@@ -59,7 +120,7 @@ load_parental_control_rules()
 	config_get pc_client_addr_file "$section" "pc_client_addr_file" ""
 	[ -e "$pc_client_addr_file" ] && {
 		conf_append "ip-set" "-name ${client_set_name} -file '$pc_client_addr_file'"
-		client_rule_addr_append "ip-set:${client_set_name}"
+		conf_append "group-match" "-client-ip ip-set:${client_set_name}"
 	}
 
 	config_list_foreach "$section" "pc_client_addr" client_rule_addr_append
@@ -89,6 +150,8 @@ load_domain_rules()
 	local qtype_soa_list=""
 	local server_options=""
 
+	clear_tproxy_rules
+
 	config_get_bool rules_enabled "$section" "rules_enabled" "0"
 	[ "$rules_enabled" != "1" ] && return
 
@@ -98,7 +161,7 @@ load_domain_rules()
 	[ -e "$rules_domain_file" ] && {
 		conf_append "group-begin" "${domain_rule_name}"
 		conf_append "domain-set" "-name ${domain_set_name} -file '$rules_domain_file'"
-		conf_append "group-match" "-domain ${domain_set_name}"
+		conf_append "group-match" "-domain domain-set:${domain_set_name}"
 		conf_append "force-qtype-SOA" "-"
 		server_options="-e"
 		as_group="1"
@@ -115,11 +178,29 @@ load_domain_rules()
 
 	[ ! -z "$qtype_soa_list" ] && conf_append "force-qtype-SOA" "$qtype_soa_list"
 
-	config_get ipset_name "$section" "ipset_name" ""
-	[ -z "$ipset_name" ] || conf_append "ipset" "$ipset_name"
-
-	config_get nftset_name "$section" "nftset_name" ""
-	[ -z "$nftset_name" ] || conf_append "nftset" "$nftset_name"
+	config_get_bool use_internal_rules "$section" "use_internal_rules" "0"
+
+	[ "$use_internal_rules" = "1" ] && {
+		config_get tproxy_server_port "$section" "tproxy_server_port" ""
+		[ ! -z "$tproxy_server_port" ] &&  {
+			which nft > /dev/null 2>&1
+			if [ "$?" = "0" ]; then
+				table_type="nftable"
+				conf_append "nftset" "#4:ip#smartdns_lite#ipv4"
+				conf_append "nftset" "#6:ip6#smartdns_lite#ipv6"
+			else
+				conf_append "ipset" "SMARTDNS_LITE"
+				table_type="iptable"
+			fi
+			setup_tproxy_rules "$tproxy_server_port" "$table_type"
+		}
+	} || {
+		config_get ipset_name "$section" "ipset_name" ""
+		[ -z "$ipset_name" ] || conf_append "ipset" "$ipset_name"
+
+		config_get nftset_name "$section" "nftset_name" ""
+		[ -z "$nftset_name" ] || conf_append "nftset" "$nftset_name"
+	}
 
 	[ "$as_group" = "1" ] && {
 		conf_append "group-end"

package/luci-lite/files/root/www/luci-static/resources/view/smartdns-lite/smartdns-lite.js

@@ -277,15 +277,15 @@ return view.extend({
 			return true;
 		};
 
-		o = s.taboption("rules", form.Value, "rules_speed_check_mode", _("Speed Check Mode"), _("Smartdns speed check mode."));
+		o = s.taboption("rules", form.Value, "rules_speed_check_mode", _("Speed Check Mode"), _("Speed check mode for matching domains."));
 		o.rmempty = true;
-		o.placeholder = "default";
-		o.value("", _("default"));
+		o.placeholder = _("None");
+		o.default = "none";
+		o.value("none", _("None"));
 		o.value("ping,tcp:80,tcp:443");
 		o.value("ping,tcp:443,tcp:80");
 		o.value("tcp:80,tcp:443,ping");
 		o.value("tcp:443,tcp:80,ping");
-		o.value("none", _("None"));
 		o.validate = function (section_id, value) {
 			if (value == "") {
 				return true;
@@ -326,6 +326,11 @@ return view.extend({
 		o.rmempty = true;
 		o.default = o.enabled;
 
+		o = s.taboption("rules", form.Flag, "use_internal_rules", _("Use Internal IP Rules"), 
+		_("Use internal IP rules to forward data to TPROXY service when the domain matches, avoiding the need to configure IP rules."));
+		o.rmempty = true;
+		o.default = o.disabled;
+
 		o = s.taboption("rules", form.Value, "rules_ipset_name", _("IPset Name"), _("IPset name."));
 		o.rmempty = true;
 		o.datatype = "string";
@@ -344,6 +349,7 @@ return view.extend({
 
 			return true;
 		}
+		o.depends("use_internal_rules", "0");
 
 		o = s.taboption("rules", form.Value, "rules_nftset_name", _("NFTset Name"), _("NFTset name, format: [#[4|6]:[family#table#set]]"));
 		o.rmempty = true;
@@ -363,6 +369,14 @@ return view.extend({
 
 			return true;
 		}
+		o.depends("use_internal_rules", "0");
+
+		o = s.taboption("rules", form.Value, "tproxy_server_port", _("TPROXY Server Port"), 
+			_("TPROXY server port used for forwarding data requests, please make sure this port has enabled TPROXY service."));
+		o.rmempty = false;
+		o.datatype = "port";
+		o.rempty = false;
+		o.depends("use_internal_rules", "1");
 
 		o = s.taboption("cloudflare", form.Flag, "cloudflare_enabled", _("Enable"), 
 			_("Enable or disable cloudflare cdn ip accelerating."));

package/luci/files/root/www/luci-static/resources/view/smartdns/smartdns.js

@@ -1526,12 +1526,6 @@ return view.extend({
 			});
 		};
 
-		// other args
-		so = ss.option(form.Value, "addition_flag", _("Additional Rule Flag"),
-			_("Additional Flags for rules, read help on ip-rule for more information."))
-		so.default = ""
-		so.rempty = true
-		so.modalonly = true;
 
 		////////////////
 		// ip rules;
@@ -1602,6 +1596,12 @@ return view.extend({
 		so.datatype = 'ipaddr("nomask")';
 		so.modalonly = true;
 
+		// other args
+		so = ss.option(form.Value, "addition_flag", _("Additional Rule Flag"),
+			_("Additional Flags for rules, read help on ip-rule for more information."))
+		so.default = ""
+		so.rempty = true
+		so.modalonly = true;
 		///////////////////////////////////////
 		// IP Blacklist;
 		///////////////////////////////////////