You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

608 lines
18 KiB

  1. #!/bin/sh
  2. # dns based ad/abuse domain blocking
  3. # written by Dirk Brenken (dev@brenken.org)
  4. # This is free software, licensed under the GNU General Public License v3.
  5. # You should have received a copy of the GNU General Public License
  6. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  7. # set initial defaults
  8. #
  9. LC_ALL=C
  10. PATH="/usr/sbin:/usr/bin:/sbin:/bin"
  11. adb_ver="2.8.0-2"
  12. adb_sysver="$(ubus -S call system board | jsonfilter -e '@.release.description')"
  13. adb_enabled=1
  14. adb_debug=0
  15. adb_minfree=2
  16. adb_manmode=0
  17. adb_forcesrt=0
  18. adb_forcedns=0
  19. adb_backup=0
  20. adb_backupdir="/mnt"
  21. adb_whitelist="/etc/adblock/adblock.whitelist"
  22. adb_whitelist_rset="\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}"
  23. adb_fetch="/usr/bin/wget"
  24. adb_fetchparm="--quiet --no-cache --no-cookies --max-redirect=0 --timeout=10 --no-check-certificate -O"
  25. adb_dnslist="dnsmasq unbound named"
  26. adb_dnsprefix="adb_list"
  27. adb_dnsfile="${adb_dnsprefix}.overall"
  28. adb_rtfile="/tmp/adb_runtime.json"
  29. adb_sources=""
  30. adb_src_cat_shalla=""
  31. adb_action="${1}"
  32. # f_envload: load adblock environment
  33. #
  34. f_envload()
  35. {
  36. local services dns_up cnt=0
  37. # source in system libraries
  38. #
  39. if [ -r "/lib/functions.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]
  40. then
  41. . "/lib/functions.sh"
  42. . "/usr/share/libubox/jshn.sh"
  43. else
  44. f_log "error" "system libraries not found"
  45. fi
  46. # parse global section by callback
  47. #
  48. config_cb()
  49. {
  50. local type="${1}"
  51. if [ "${type}" = "adblock" ]
  52. then
  53. option_cb()
  54. {
  55. local option="${1}"
  56. local value="${2}"
  57. eval "${option}=\"${value}\""
  58. }
  59. else
  60. reset_cb
  61. fi
  62. }
  63. # parse 'source' sections
  64. #
  65. parse_config()
  66. {
  67. local value opt section="${1}" options="enabled adb_src adb_src_rset adb_src_cat"
  68. eval "adb_sources=\"${adb_sources} ${section}\""
  69. for opt in ${options}
  70. do
  71. config_get value "${section}" "${opt}"
  72. if [ -n "${value}" ]
  73. then
  74. eval "${opt}_${section}=\"${value}\""
  75. fi
  76. done
  77. }
  78. # load adblock config
  79. #
  80. config_load adblock
  81. config_foreach parse_config source
  82. # set dns backend environment
  83. #
  84. while [ ${cnt} -le 20 ]
  85. do
  86. services="$(ubus -S call service list 2>/dev/null)"
  87. if [ -n "${services}" ]
  88. then
  89. for dns in ${adb_dnslist}
  90. do
  91. dns_up="$(printf "%s" "${services}" | jsonfilter -l1 -e "@.${dns}.instances.*.running")"
  92. if [ "${dns_up}" = "true" ]
  93. then
  94. case "${dns}" in
  95. dnsmasq)
  96. adb_dns="${dns}"
  97. adb_dnsdir="${adb_dnsdir:="/tmp/dnsmasq.d"}"
  98. adb_dnshidedir="${adb_dnsdir}/.adb_hidden"
  99. adb_dnsformat="awk '{print \"local=/\"\$0\"/\"}'"
  100. break 2
  101. ;;
  102. unbound)
  103. adb_dns="${dns}"
  104. adb_dnsdir="${adb_dnsdir:="/var/lib/unbound"}"
  105. adb_dnshidedir="${adb_dnsdir}/.adb_hidden"
  106. adb_dnsformat="awk '{print \"local-zone: \042\"\$0\"\042 static\"}'"
  107. break 2
  108. ;;
  109. named)
  110. adb_dns="${dns}"
  111. adb_dnsdir="${adb_dnsdir:="/var/lib/bind"}"
  112. adb_dnshidedir="${adb_dnsdir}/.adb_hidden"
  113. adb_dnsformat="awk '{print \"\"\$0\" IN CNAME .\n*.\"\$0\" IN CNAME .\"}'"
  114. break 2
  115. ;;
  116. esac
  117. fi
  118. done
  119. fi
  120. sleep 1
  121. cnt=$((cnt+1))
  122. done
  123. if [ -z "${adb_dns}" ] || [ -z "${adb_dnsformat}" ] || [ ! -x "$(command -v ${adb_dns})" ] || [ ! -d "${adb_dnsdir}" ]
  124. then
  125. f_log "error" "no active/supported DNS backend found"
  126. fi
  127. # force dns to local resolver
  128. #
  129. if [ ${adb_forcedns} -eq 1 ] && [ -z "$(uci -q get firewall.adblock_dns)" ]
  130. then
  131. uci -q set firewall.adblock_dns="redirect"
  132. uci -q set firewall.adblock_dns.name="Adblock DNS"
  133. uci -q set firewall.adblock_dns.src="lan"
  134. uci -q set firewall.adblock_dns.proto="tcp udp"
  135. uci -q set firewall.adblock_dns.src_dport="53"
  136. uci -q set firewall.adblock_dns.dest_port="53"
  137. uci -q set firewall.adblock_dns.target="DNAT"
  138. elif [ ${adb_forcedns} -eq 0 ] && [ -n "$(uci -q get firewall.adblock_dns)" ]
  139. then
  140. uci -q delete firewall.adblock_dns
  141. fi
  142. if [ -n "$(uci -q changes firewall)" ]
  143. then
  144. uci -q commit firewall
  145. if [ $(/etc/init.d/firewall enabled; printf "%u" ${?}) -eq 0 ]
  146. then
  147. /etc/init.d/firewall reload >/dev/null 2>&1
  148. fi
  149. fi
  150. }
  151. # f_envcheck: check/set environment prerequisites
  152. #
  153. f_envcheck()
  154. {
  155. local ssl_lib
  156. # check 'enabled' option
  157. #
  158. if [ ${adb_enabled} -ne 1 ]
  159. then
  160. if [ -s "${adb_dnsdir}/${adb_dnsfile}" ]
  161. then
  162. f_rmdns
  163. f_dnsrestart
  164. fi
  165. f_log "info " "adblock is currently disabled, please set adb_enabled to '1' to use this service"
  166. exit 0
  167. fi
  168. # check fetch utility
  169. #
  170. ssl_lib="-"
  171. if [ -x "${adb_fetch}" ]
  172. then
  173. if [ "$(readlink -fn "${adb_fetch}")" = "/usr/bin/wget-nossl" ]
  174. then
  175. adb_fetchparm="--quiet --no-cache --no-cookies --max-redirect=0 --timeout=10 -O"
  176. elif [ "$(readlink -fn "/bin/wget")" = "/bin/busybox" ] || [ "$(readlink -fn "${adb_fetch}")" = "/bin/busybox" ]
  177. then
  178. adb_fetch="/bin/busybox"
  179. adb_fetchparm="-q -O"
  180. else
  181. ssl_lib="built-in"
  182. fi
  183. fi
  184. if [ ! -x "${adb_fetch}" ] && [ "$(readlink -fn "/bin/wget")" = "/bin/uclient-fetch" ]
  185. then
  186. adb_fetch="/bin/uclient-fetch"
  187. if [ -f "/lib/libustream-ssl.so" ]
  188. then
  189. adb_fetchparm="-q --timeout=10 --no-check-certificate -O"
  190. ssl_lib="libustream-ssl"
  191. else
  192. adb_fetchparm="-q --timeout=10 -O"
  193. fi
  194. fi
  195. if [ ! -x "${adb_fetch}" ] || [ -z "${adb_fetch}" ] || [ -z "${adb_fetchparm}" ]
  196. then
  197. f_log "error" "no download utility found, please install 'uclient-fetch' with 'libustream-mbedtls' or the full 'wget' package"
  198. fi
  199. adb_fetchinfo="${adb_fetch##*/} (${ssl_lib})"
  200. # create dns hideout directory
  201. #
  202. if [ ! -d "${adb_dnshidedir}" ]
  203. then
  204. mkdir -p -m 660 "${adb_dnshidedir}"
  205. chown -R "${adb_dns}":"${adb_dns}" "${adb_dnshidedir}" 2>/dev/null
  206. else
  207. rm -f "${adb_dnshidedir}/${adb_dnsprefix}"*
  208. fi
  209. # create adblock temp file/directory
  210. #
  211. adb_tmpload="$(mktemp -tu)"
  212. adb_tmpfile="$(mktemp -tu)"
  213. adb_tmpdir="$(mktemp -p /tmp -d)"
  214. # prepare whitelist entries
  215. #
  216. if [ -s "${adb_whitelist}" ]
  217. then
  218. awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.whitelist"
  219. fi
  220. }
  221. # f_rmtemp: remove temporary files & directories
  222. #
  223. f_rmtemp()
  224. {
  225. if [ -d "${adb_tmpdir}" ]
  226. then
  227. rm -f "${adb_tmpload}"
  228. rm -f "${adb_tmpfile}"
  229. rm -rf "${adb_tmpdir}"
  230. fi
  231. }
  232. # f_rmdns: remove dns related files & directories
  233. #
  234. f_rmdns()
  235. {
  236. if [ -n "${adb_dns}" ]
  237. then
  238. rm -f "${adb_dnsdir}/${adb_dnsprefix}"*
  239. rm -f "${adb_backupdir}/${adb_dnsprefix}"*.gz
  240. rm -rf "${adb_dnshidedir}"
  241. > "${adb_rtfile}"
  242. fi
  243. }
  244. # f_dnsrestart: restart the dns backend
  245. #
  246. f_dnsrestart()
  247. {
  248. local dns_up mem_free cnt=0
  249. "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1
  250. while [ ${cnt} -le 10 ]
  251. do
  252. dns_up="$(ubus -S call service list "{\"name\":\"${adb_dns}\"}" | jsonfilter -l1 -e "@.${adb_dns}.instances.*.running")"
  253. if [ "${dns_up}" = "true" ]
  254. then
  255. mem_free="$(awk '/^MemFree/ {print int($2/1000)}' "/proc/meminfo")"
  256. if [ ${mem_free} -ge ${adb_minfree} ]
  257. then
  258. return 0
  259. fi
  260. fi
  261. cnt=$((cnt+1))
  262. sleep 1
  263. done
  264. return 1
  265. }
  266. # f_list: backup/restore/remove block lists
  267. #
  268. f_list()
  269. {
  270. local mode="${1}" in_rc="${adb_rc}" cnt=0
  271. case "${mode}" in
  272. backup)
  273. cnt="$(wc -l < "${adb_tmpfile}")"
  274. if [ ${adb_backup} -eq 1 ] && [ -d "${adb_backupdir}" ]
  275. then
  276. gzip -cf "${adb_tmpfile}" > "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz"
  277. adb_rc=${?}
  278. fi
  279. ;;
  280. restore)
  281. if [ ${adb_backup} -eq 1 ] && [ -d "${adb_backupdir}" ] &&
  282. [ -f "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" ]
  283. then
  284. gunzip -cf "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" > "${adb_tmpfile}"
  285. adb_rc=${?}
  286. fi
  287. ;;
  288. remove)
  289. if [ -d "${adb_backupdir}" ]
  290. then
  291. rm -f "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz"
  292. fi
  293. adb_rc=${?}
  294. ;;
  295. format)
  296. if [ -s "${adb_tmpdir}/tmp.whitelist" ]
  297. then
  298. grep -vf "${adb_tmpdir}/tmp.whitelist" "${adb_tmpfile}" | eval "${adb_dnsformat}" >> "${adb_tmpdir}/${adb_dnsfile}"
  299. else
  300. eval "${adb_dnsformat}" "${adb_tmpfile}" >> "${adb_tmpdir}/${adb_dnsfile}"
  301. fi
  302. adb_rc=${?}
  303. ;;
  304. esac
  305. f_log "debug" "name: ${src_name}, mode: ${mode}, count: ${cnt}, in_rc: ${in_rc}, out_rc: ${adb_rc}"
  306. }
  307. # f_switch: suspend/resume adblock processing
  308. #
  309. f_switch()
  310. {
  311. local source target status mode="${1}"
  312. if [ -d "${adb_dnshidedir}" ]
  313. then
  314. if [ -s "${adb_dnsdir}/${adb_dnsfile}" ] && [ "${mode}" = "suspend" ]
  315. then
  316. source="${adb_dnsdir}/${adb_dnsfile}"
  317. target="${adb_dnshidedir}"
  318. status="suspended"
  319. elif [ -s "${adb_dnshidedir}/${adb_dnsfile}" ] && [ "${mode}" = "resume" ]
  320. then
  321. source="${adb_dnshidedir}/${adb_dnsfile}"
  322. target="${adb_dnsdir}"
  323. status="resumed"
  324. fi
  325. if [ -n "${status}" ]
  326. then
  327. mv -f "${source}"* "${target}"
  328. f_dnsrestart
  329. f_log "info " "adblock processing ${status}"
  330. fi
  331. fi
  332. }
  333. # f_query: query block list for certain (sub-)domains
  334. #
  335. f_query()
  336. {
  337. local search result cnt
  338. local domain="${1}"
  339. local tld="${domain#*.}"
  340. if [ ! -s "${adb_dnsdir}/${adb_dnsfile}" ]
  341. then
  342. printf "%s\n" "::: no active block list found, please start / resume adblock first"
  343. elif [ -z "${domain}" ] || [ "${domain}" = "${tld}" ]
  344. then
  345. printf "%s\n" "::: invalid domain input, please submit a specific (sub-)domain, e.g. 'www.abc.xyz'"
  346. else
  347. cd "${adb_dnsdir}"
  348. while [ "${domain}" != "${tld}" ]
  349. do
  350. search="${domain//./\.}"
  351. result="$(grep -Hm5 "[/\"\.]${search}[/\"]" "${adb_dnsfile}" | awk -F ':|=|/|\"' '{printf(" + %s\n",$4)}')"
  352. printf "%s\n" "::: results for (sub-)domain '${domain}' (max. 5)"
  353. printf "%s\n" "${result:=" - no match"}"
  354. domain="${tld}"
  355. tld="${domain#*.}"
  356. done
  357. fi
  358. }
  359. # f_status: output runtime information
  360. #
  361. f_status()
  362. {
  363. local key keylist value
  364. if [ -s "${adb_rtfile}" ]
  365. then
  366. if [ -s "${adb_dnsdir}/${adb_dnsfile}" ]
  367. then
  368. value="active"
  369. else
  370. value="no domains blocked"
  371. fi
  372. printf "%s\n" "::: adblock runtime information"
  373. printf " %-15s : %s\n" "status" "${value}"
  374. json_load "$(cat "${adb_rtfile}" 2>/dev/null)"
  375. json_select data
  376. json_get_keys keylist
  377. for key in ${keylist}
  378. do
  379. json_get_var value "${key}"
  380. printf " %-15s : %s\n" "${key}" "${value}"
  381. done
  382. fi
  383. }
  384. # f_log: write to syslog, exit on error
  385. #
  386. f_log()
  387. {
  388. local class="${1}" log_msg="${2}"
  389. if [ -n "${log_msg}" ] && ([ "${class}" != "debug" ] || [ ${adb_debug} -eq 1 ])
  390. then
  391. logger -t "adblock-[${adb_ver}] ${class}" "${log_msg}"
  392. if [ "${class}" = "error" ]
  393. then
  394. logger -t "adblock-[${adb_ver}] ${class}" "Please check 'https://github.com/openwrt/packages/blob/master/net/adblock/files/README.md' (${adb_sysver})"
  395. f_rmtemp
  396. if [ -s "${adb_dnsdir}/${adb_dnsfile}" ]
  397. then
  398. f_rmdns
  399. f_dnsrestart
  400. fi
  401. exit 1
  402. fi
  403. fi
  404. }
  405. # main function for block list processing
  406. #
  407. f_main()
  408. {
  409. local src_name src_rset shalla_archive enabled url cnt=0
  410. local mem_total="$(awk '/^MemTotal/ {print int($2/1000)}' "/proc/meminfo")"
  411. f_log "info " "start adblock processing ..."
  412. f_log "debug" "action: ${adb_action}, manual_mode:${adb_manmode}, backup: ${adb_backup}, dns: ${adb_dns}, fetch: ${adb_fetchinfo}, mem_total: ${mem_total}, force_srt/_dns: ${adb_forcesrt}/${adb_forcedns}"
  413. > "${adb_rtfile}"
  414. for src_name in ${adb_sources}
  415. do
  416. eval "enabled=\"\${enabled_${src_name}}\""
  417. eval "url=\"\${adb_src_${src_name}}\""
  418. eval "src_rset=\"\${adb_src_rset_${src_name}}\""
  419. > "${adb_tmpload}"
  420. > "${adb_tmpfile}"
  421. adb_rc=4
  422. # basic pre-checks
  423. #
  424. f_log "debug" "name: ${src_name}, enabled: ${enabled}, url: ${url}, rset: ${src_rset}"
  425. if [ "${enabled}" != "1" ] || [ -z "${url}" ] || [ -z "${src_rset}" ]
  426. then
  427. f_list remove
  428. continue
  429. fi
  430. # manual mode
  431. #
  432. if [ ${adb_manmode} -eq 1 ] && [ -z "${adb_action}" ]
  433. then
  434. f_list restore
  435. if [ ${adb_rc} -eq 0 ] && [ -s "${adb_tmpfile}" ]
  436. then
  437. f_list format
  438. continue
  439. fi
  440. fi
  441. # download block list
  442. #
  443. if [ "${src_name}" = "blacklist" ] && [ -s "${url}" ]
  444. then
  445. cat "${url}" > "${adb_tmpload}"
  446. adb_rc=${?}
  447. elif [ "${src_name}" = "shalla" ]
  448. then
  449. shalla_archive="${adb_tmpdir}/shallalist.tar.gz"
  450. "${adb_fetch}" ${adb_fetchparm} "${shalla_archive}" "${url}" 2>/dev/null
  451. adb_rc=${?}
  452. if [ ${adb_rc} -eq 0 ]
  453. then
  454. for category in ${adb_src_cat_shalla}
  455. do
  456. tar -xOzf "${shalla_archive}" "BL/${category}/domains" >> "${adb_tmpload}"
  457. adb_rc=${?}
  458. if [ ${adb_rc} -ne 0 ]
  459. then
  460. break
  461. fi
  462. done
  463. fi
  464. rm -f "${shalla_archive}"
  465. rm -rf "${adb_tmpdir}/BL"
  466. else
  467. "${adb_fetch}" ${adb_fetchparm} "${adb_tmpload}" "${url}" 2>/dev/null
  468. adb_rc=${?}
  469. fi
  470. # check download result and prepare domain output (incl. tld compression, list backup & restore)
  471. #
  472. if [ ${adb_rc} -eq 0 ] && [ -s "${adb_tmpload}" ]
  473. then
  474. awk "${src_rset}" "${adb_tmpload}" 2>/dev/null > "${adb_tmpfile}"
  475. if [ -s "${adb_tmpfile}" ]
  476. then
  477. awk -F "." '{for(f=NF;f > 1;f--) printf "%s.", $f;print $1}' "${adb_tmpfile}" 2>/dev/null | sort -u > "${adb_tmpload}"
  478. awk '{if(NR==1){tld=$NF};while(getline){if($NF !~ tld"\\."){print tld;tld=$NF}}print tld}' "${adb_tmpload}" 2>/dev/null > "${adb_tmpfile}"
  479. awk -F "." '{for(f=NF;f > 1;f--) printf "%s.", $f;print $1}' "${adb_tmpfile}" 2>/dev/null > "${adb_tmpload}"
  480. mv -f "${adb_tmpload}" "${adb_tmpfile}"
  481. f_list backup
  482. else
  483. f_list restore
  484. fi
  485. else
  486. f_list restore
  487. fi
  488. # remove whitelist domains, final list preparation
  489. #
  490. if [ ${adb_rc} -eq 0 ] && [ -s "${adb_tmpfile}" ]
  491. then
  492. f_list format
  493. if [ ${adb_rc} -ne 0 ]
  494. then
  495. f_list remove
  496. fi
  497. else
  498. f_list remove
  499. fi
  500. done
  501. # overall sort
  502. #
  503. if [ -s "${adb_tmpdir}/${adb_dnsfile}" ]
  504. then
  505. if [ ${mem_total} -ge 64 ] || [ ${adb_forcesrt} -eq 1 ]
  506. then
  507. sort -u "${adb_tmpdir}/${adb_dnsfile}" > "${adb_dnsdir}/${adb_dnsfile}"
  508. else
  509. mv -f "${adb_tmpdir}/${adb_dnsfile}" "${adb_dnsdir}" 2>/dev/null
  510. fi
  511. else
  512. > "${adb_dnsdir}/${adb_dnsfile}"
  513. fi
  514. cnt="$(wc -l < "${adb_dnsdir}/${adb_dnsfile}")"
  515. # restart the dns backend and export runtime information
  516. #
  517. chown "${adb_dns}":"${adb_dns}" "${adb_dnsdir}/${adb_dnsfile}" 2>/dev/null
  518. f_rmtemp
  519. f_dnsrestart
  520. if [ ${?} -eq 0 ]
  521. then
  522. json_init
  523. json_add_object "data"
  524. json_add_string "adblock_version" "${adb_ver}"
  525. json_add_string "blocked_domains" "${cnt}"
  526. json_add_string "fetch_info" "${adb_fetchinfo}"
  527. json_add_string "dns_backend" "${adb_dns}"
  528. json_add_string "last_rundate" "$(/bin/date "+%d.%m.%Y %H:%M:%S")"
  529. json_add_string "system" "${adb_sysver}"
  530. json_close_object
  531. json_dump > "${adb_rtfile}"
  532. f_log "info " "block list with overall ${cnt} domains loaded successfully (${adb_sysver})"
  533. else
  534. f_log "error" "dns backend restart with active block list failed"
  535. fi
  536. }
  537. # handle different adblock actions
  538. #
  539. f_envload
  540. case "${adb_action}" in
  541. stop)
  542. f_rmtemp
  543. f_rmdns
  544. f_dnsrestart
  545. ;;
  546. restart)
  547. f_rmtemp
  548. f_rmdns
  549. f_envcheck
  550. f_main
  551. ;;
  552. suspend)
  553. f_switch suspend
  554. ;;
  555. resume)
  556. f_switch resume
  557. ;;
  558. query)
  559. f_query "${2}"
  560. ;;
  561. status)
  562. f_status
  563. ;;
  564. *)
  565. f_envcheck
  566. f_main
  567. ;;
  568. esac
  569. exit 0