From 7eedce0a58fc267512ec41a928fcd80d6c2a5505 Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Mon, 19 Dec 2016 20:11:25 +0100 Subject: [PATCH] adblock: release 2.0.0 * changed complete dnsmasq handling - no longer redirect ad requests to internal web server via firewall rules etc., in fact send back a simple NXDOMAIN for all ad related (sub-)domains - smaller memory footprint for block lists - removed needless uhttpd instances - removed needless firewall rules/redirects * init/hotplug system migrated to procd - removed hotplug.d script, now using procd interface trigger * reduced code size/complexity - removed needless internal pre-checks & function blocks, no longer rely on a separate helper library - removed flash writes to adblock config * support different download tools like wget (default), aria2c, uclient-fetch, curl (see online doc) * adblock status/statistics via ubus call (see online doc) * various bug fixes * documentation update * changed makefile copyright notice Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 15 +- net/adblock/files/README.md | 191 +++--- net/adblock/files/adblock-helper.sh | 753 ----------------------- net/adblock/files/adblock-update.sh | 278 --------- net/adblock/files/adblock.conf | 3 +- net/adblock/files/adblock.hotplug | 24 - net/adblock/files/adblock.init | 181 ++---- net/adblock/files/adblock.sh | 427 +++++++++++++ net/adblock/files/www/adblock/index.html | 8 - 9 files changed, 552 insertions(+), 1328 deletions(-) delete mode 100644 net/adblock/files/adblock-helper.sh delete mode 100755 net/adblock/files/adblock-update.sh delete mode 100644 net/adblock/files/adblock.hotplug create mode 100755 net/adblock/files/adblock.sh delete mode 100644 net/adblock/files/www/adblock/index.html diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 08a11d73a..8bbda6832 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -1,13 +1,12 @@ # -# Copyright (C) 2015-2016 OpenWrt.org -# +# Copyright (c) 2015-2016 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # include $(TOPDIR)/rules.mk PKG_NAME:=adblock -PKG_VERSION:=1.5.4 +PKG_VERSION:=2.0.0 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0+ PKG_MAINTAINER:=Dirk Brenken @@ -45,11 +44,7 @@ endef define Package/$(PKG_NAME)/install $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) ./files/adblock-update.sh $(1)/usr/bin/ - $(INSTALL_DATA) ./files/adblock-helper.sh $(1)/usr/bin/ - - $(INSTALL_DIR) $(1)/etc/hotplug.d/iface - $(INSTALL_BIN) ./files/adblock.hotplug $(1)/etc/hotplug.d/iface/90-adblock + $(INSTALL_BIN) ./files/adblock.sh $(1)/usr/bin/ $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/adblock.init $(1)/etc/init.d/adblock @@ -58,12 +53,8 @@ define Package/$(PKG_NAME)/install $(INSTALL_CONF) ./files/adblock.conf $(1)/etc/config/adblock $(INSTALL_DIR) $(1)/etc/adblock - $(INSTALL_CONF) ./files/adblock.conf $(1)/etc/adblock/adblock.conf.default $(INSTALL_CONF) ./files/adblock.blacklist $(1)/etc/adblock/ $(INSTALL_CONF) ./files/adblock.whitelist $(1)/etc/adblock/ - - $(INSTALL_DIR) $(1)/www/adblock - $(INSTALL_DATA) ./files/www/adblock/* $(1)/www/adblock/ endef $(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index 043b99add..2d4a2c803 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -1,10 +1,10 @@ # dns based ad/abuse domain blocking ## Description -A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router. When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return the local ip address of your router and the internal web server delivers a transparent pixel instead. +A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other wlan gadget...getting rid of annoying ads, trackers and other abuse sites (like facebook ;-) is simple: block them with your router. When the dns server on your router receives dns requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but **N**on-e**X**istent Internet or Intranet domain name, if domain name is unable to resolved using the dns server, a condition called the 'NXDOMAIN' occurred. ## Main Features -* support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses): +* support of the following domain block list sources (free for private usage, for commercial use please check their individual licenses): * [adaway](https://adaway.org) * => infrequent updates, approx. 400 entries (enabled by default) * [blacklist]() @@ -49,45 +49,36 @@ A lot of people already use adblocker plugins within their desktop browsers, but * => weekly updates, approx. 2.500 entries (enabled by default) * [zeus tracker](https://zeustracker.abuse.ch) * => daily updates, approx. 440 entries -* zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.) -* supports a wide range of router modes (incl. AP mode), as long as firewall and dnsmasq are installed and in use +* zero-conf like automatic installation & setup, usually no manual changes needed +* simple but yet powerful adblock engine: adblock does not use error prone external iptables rulesets, http pixel server instances and things like that +* supports a wide range of router modes, even AP modes are supported * full IPv4 and IPv6 support -* each blocklist source will be updated and processed separately -* timestamp check to download and process only updated adblock list sources -* overall duplicate removal in separate adblock lists (will be automatically disabled on low memory systems) -* adblock source list parsing by fast & flexible regex rulesets +* each block list source will be updated and processed separately +* block list source parsing by fast & flexible regex rulesets +* overall duplicate removal in separate block lists * additional whitelist for manual overrides, located by default in /etc/adblock/adblock.whitelist -* quality checks during & after update of adblock lists to ensure a reliable dnsmasq service -* adblock statistics, last runtime and list states/counts/update times will be stored in uci config for LuCI frontend -* status & error logging to stdout and syslog -* use two dynamic uhttpd instances as adblock pixel server, separated for ads delivered on port 80 and on port 443 -* use dynamic iptables chains/rulesets for adblock related redirects/rejects -* init system support (start/stop/restart/reload/toggle/stats/cfgup/envchk/query) -* hotplug support, the adblock start will be triggered by wan 'ifup' event, this can be restricted to a certain wan interface or disabled at all (see config options below) -* toggle to quickly switch adblock 'on' or 'off' -* envchk function to check the volatile adblock environment only (without list updates) -* query function to quickly identify blocked (sub-)domains, i.e. for whitelisting -* optional: automatic adblock list backup/restore, backups will be (de-)compressed on the fly (disabled by default) -* optional: add new adblock sources via uci config (see example below) +* quality checks during block list update to ensure a reliable dns server service +* minimal status & error logging to syslog, enable debug logging to receive more output +* procd based init system support (start/stop/restart/reload/suspend/resume) +* procd based hotplug support, the adblock start will be triggered by interface triggers +* suspend & resume adblock actions temporarily without block list reloading +* runtime statistics via ubus service call +* automatic block list backup & restore, backups will be (de-)compressed and restored on the fly +* add new adblock sources on your own via uci config ## Prerequisites * [openwrt](https://openwrt.org), tested with latest stable release (Chaos Calmer) and with current trunk (Designated Driver) * [LEDE project](https://www.lede-project.org), tested with trunk > r98 -* usual setup with enabled 'iptables', 'dnsmasq' and 'uhttpd' - dump AP modes without these basics are _not_ supported! -* additional required software packages: - * a download utility: 'uclient-fetch' and 'wget' (full versions with ssl support) are supported. Normally you should use 'wget', it's quite stable and supports the online timestamp checks. If you need a smaller memory footprint try 'uclient-fetch' without openssl dependency. The default ustream ssl backend 'libustream-polarssl' has issues with certain https sites and is currently not supported. To change the ssl backend see example below. - * optional: 'kmod-ipt-nat6' for IPv6 support -* the above dependencies and requirements will be checked during package installation & script runtime +* a usual setup with an enabled dns server at minimum - dump AP modes without a working dns server are _not_ supported +* a download utility: 'wget', 'aria2c', 'uclient-fetch' or 'curl' are supported (only full versions with ssl support). Normally you should use the pre-configured default 'wget'. If you need a smaller memory footprint try 'uclient-fetch' without openssl dependency. The default ustream ssl backend 'libustream-polarssl' has issues with certain https sites and is currently not supported. To change the ssl backend see example below. ## OpenWrt / LEDE trunk Installation & Usage -* install 'adblock' (_opkg install adblock_) -* adblock starts automatically during boot, triggered by wan-ifup event, check _logread -e "adblock"_ for adblock related information -* optional: start/restart/stop the adblock service manually with _/etc/init.d/adblock_ -* optional: enable/disable your required adblock list sources in _/etc/config/adblock_ - 'adaway', 'disconnect' and 'yoyo' are enabled by default -* optional: maintain the adblock service in LuCI under 'System => Startup' +* install 'adblock' (_opkg install adblock_) and that's it - the adblock start will be automatically triggered by procd interface triggers +* start/stop/restart/reload/suspend/resume the adblock service manually with _/etc/init.d/adblock_ +* enable/disable your favored block list sources in _/etc/config/adblock_ - 'adaway', 'disconnect' and 'yoyo' are enabled by default ## LuCI adblock companion package -* for easy management of the various blocklist sources and adblock options there is also a nice & efficient LuCI frontend available +* for easy management of the various block list sources and options you can also use a nice & efficient LuCI frontend * install 'luci-app-adblock' (_opkg install luci-app-adblock_) * the application is located in LuCI under 'Services' menu * _Thanks to Hannu Nyman for this great adblock LuCI frontend!_ @@ -101,51 +92,62 @@ A lot of people already use adblocker plugins within their desktop browsers, but * install the packages with _opkg install <...>_ as described above ## Tweaks -* **storage:** to process & store all blocklist sources at once it might helpful to enlarge your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details -* **white-/blacklist:** add domain white- or blacklist entries to always-allow or -deny certain (sub) domains, by default both lists are located in _/etc/adblock_. Please add one domain per line - ip addresses, wildcards & regex are _not_ allowed (see example below) -* **backup/restore:** enable the backup/restore feature, to restore automatically the latest compressed backup of your adblock lists in case of any processing error (i.e. a single blocklist source is down). Please use an (external) solid partition and _not_ your volatile router temp directory for this -* **list updates:** for a scheduled call of the adblock service add an appropriate crontab entry (see example below) -* **hotplug fine tuning:** to restrict hotplug support to a certain wan interface or to disable it at all, you can set 'adb\_hotplugif' to an existing interface like 'wan' or to a non-existing 'dummy' interface -* **new list sources:** you could add new blocklist sources on your own via uci config, all you need is a source url and an awk one-liner (see example below) -* **AP mode:** in 'AP mode' adblock uses automatically the local router ip as nullip address. To make sure that your LuCI interface will be still accessible, you have to change the local uhttpd instance to ports <> 80/443 (see example below), also make sure that firewall and dnsmasq are installed and running -* **restricted mode:** to disable flash writes with adblock status information to the adblock config file (used by LuCI frontend), please set 'adb\_restricted' to '1' -* **adblock toggle:** to quickly switch adblocking 'on' or 'off', simply use _/etc/init.d/adblock toggle_ -* **adblock statistics:** to update only the adblock statistics (without updating the block lists as well), please run _/etc/init.d/adblock stats_ -* **adblock query ``:** to query the active blocklists for a specific domain, please run _/etc/init.d/adblock query ``_ (see example below) -* **configuration update:** to update an outdated adblock config file with the current default version, please run _/etc/init.d/adblock cfgup_, make your individual changes and start the adblock service again -* **debugging:** for script debugging please set the 'adb\_debug' variable in the header of _/etc/init.d/adblock_ to '1' -* **mute output** to mute the normal adblock output and print only warn/error messages, please set 'adb\_loglevel to '0' -* **disable active dns probing in windows:** to prevent a possible yellow exclamation mark on your internet connection icon (which wrongly means connected, but no internet), please change the following registry key/value from "1" to "0" _HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing_ +* **status/runtime statistics:** the adblock status and runtime statistics are available via ubus service call (see example below) +* **debug output:** for script debugging please set the config option 'adb\_debug' to '1' and check the runtime output with _logread -e "adblock"_ +* **storage expansion:** to process and store all block list sources at once it might helpful to enlarge your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details +* **add white-/blacklist entries:** add domain white- or blacklist entries to always-allow or -deny certain (sub) domains, by default both lists are empty and located in _/etc/adblock_. Please add one domain per line - ip addresses, wildcards & regex are _not_ allowed (see example below) +* **backup & restore block lists:** enable this feature, to restore automatically the latest compressed backup of your block lists in case of any processing error (i.e. a single block list source is not available during update). Please use an (external) solid partition and _not_ your volatile router temp directory for this +* **scheduled list updates:** for a scheduled call of the adblock service add an appropriate crontab entry (see example below) +* **restrict/disable procd interface trigger:** to restrict the procd interface trigger to a (list of) certain wan interface(s) or to disable it at all, set 'adb\_iface' to an existing interface like 'wan' or to a non-existing like 'false' +* **suspend & resume adblocking:** to quickly switch the adblock service 'on' or 'off', simply use _/etc/init.d/adblock [suspend|resume]_ +* **divert dns requests:** to force dns requests to your local dns resolver add an appropriate firewall rule (see example below) +* **add new list sources:** you could add new block list sources on your own via uci config, all you need is a source url and an awk one-liner (see example below) +* **disable active dns probing in windows 10:** to prevent a yellow exclamation mark on your internet connection icon (which wrongly means connected, but no internet), please change the following registry key/value from "1" to "0" _HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing_ ## Further adblock config options -* usually the adblock autodetection works quite well and no manual config overrides are needed, all options apply to the 'global' config section: +* usually the pre-configured adblock setup works quite well and no manual config overrides are needed, all listed options apply to the 'global' config section: * adb\_enabled => main switch to enable/disable adblock service (default: '1', enabled) - * adb\_cfgver => config version string (do not change!) - adblock will check this entry during startup - * adb\_lanif => name of the logical lan interface (default: 'lan') - * adb\_nullport => port of the adblock uhttpd instance used for ads delivered on port 80 (default: '65534') - * adb\_nullportssl => port of the adblock uhttpd instance used for ads delivered on port 443 (default: '65535') - * adb\_nullipv4 => IPv4 blackhole ip address (default: '198.18.0.1', in AP mode: local router ip) - * adb\_nullipv6 => IPv6 blackhole ip address (default: '::ffff:c612:0001', in AP mode: local router ip) - * adb\_forcedns => redirect all local DNS queries to the local dnsmasq resolver (default: '1', enabled / always disabled in 'AP mode') - * adb\_fetchttl => set the timeout for list downloads (default: '5' seconds) - * adb\_restricted => disable updates of the adblock config file (no flash writes) during runtime (default: '0', disabled) - * adb\_hotplugif => restrict hotplug support to a certain wan interface or disable it at all (default: '', disabled) - * adb\_loglevel => set it to '0' to mute normal adblock output and print only error messages (default: '1', normal output) + * adb\_debug => enable/disable adblock debug output (default: '0', disabled) + * adb\_iface => restrict the procd interface trigger to a (list of) certain wan interface(s) or disable it at all (default: not set, disabled) + * adb\_fetch => reference an alternate download utility, see example below (default: not set, use wget) + * adb\_fetchparm => set options for the download utility, see example below (default: not set, use wget options) ## Examples -**example to change the ssl backend for 'uclient-fetch':** +**example to change the ssl backend for 'uclient-fetch' or 'curl':** 

 opkg update
 opkg remove --force-depends libustream-polarssl
 opkg install libustream-mbedtls
-**example cronjob for a regular block list update:** +**example configuration for different download utilities:** +

+config for wget (default):
+  option adb_fetch="/usr/bin/wget"
+  option adb_fetchparm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --timeout=5 --no-check-certificate -O"
+
+config for aria2c:
+  option adb_fetch '/usr/bin/aria2c'
+  option adb_fetchparm '-q --max-tries=1 --timeout=5 --allow-overwrite=true --auto-file-renaming=false --check-certificate=false -o'
+
+config for uclient-fetch (download errors with default ssl backend!):
+  option adb_fetch '/bin/uclient-fetch'
+  option adb_fetchparm '-q --timeout=5 --no-check-certificate -O'
+
+config for curl (download errors with default ssl backend!):
+  option adb_fetch '/usr/bin/curl'
+  option adb_fetchparm '-s --retry 1 --connect-timeout 5 --insecure -o'
+
+ +**example to receive adblock statistics via ubus:** +

+ubus call service list '{"name":"adblock_stats"}' | jsonfilter -e '@.*.instances.stats.env'
+This will output the overall domain count and the last runtime as JSON, i.e. { "blocked_domains": "136159", "last_rundate": "18.12.2016 20:49:03" }
+
+ +**example cronjob for a regular block list update (/etc/crontabs/root):** 

-# configuration found in /etc/crontabs/root
-# start adblock script once a day at 6 a.m.
-#
 0 06 * * *    /etc/init.d/adblock start
@@ -167,7 +169,7 @@ This entry does not block: 

 here.com
 
-This entry removes the following (sub)domains from the blocklists:
+This entry removes the following (sub)domains from the block lists:
   maps.here.com
   here.com
 
@@ -176,53 +178,18 @@ This entry does not remove:
   www.adwhere.com
-**example uhttpd configuration in AP mode:** -

-# configuration found in /etc/config/uhttpd
-# change default http/https ports <> 80/443
-#
-config uhttpd 'main'
-    list listen_http '0.0.0.0:88'
-    list listen_https '0.0.0.0:445'
-
- -**example to query active blocklists for a certain (sub-)domain, i.e. for whitelisting:** +**example to divert dns requests to local dns resolver (/etc/config/firewall):** 

-/etc/init.d/adblock query "example.www.doubleclick.net"
-=> distinct results for domain 'example.www.doubleclick.net' (overall 0)
-   no matches in active blocklists
-=> distinct results for domain 'www.doubleclick.net' (overall 1)
-   adb_list.winhelp     : www.doubleclick.net
-=> distinct results for domain 'doubleclick.net' (overall 252)
-   adb_list.adaway      : ad-g.doubleclick.net
-   adb_list.hphosts     : 1016557.fls.doubleclick.net
-   adb_list.rolist      : feedads.g.doubleclick.net
-   adb_list.securemecca : 1168945.fls.doubleclick.net
-   adb_list.sysctl      : ad.co.doubleclick.net
-   adb_list.whocares    : 3ad.doubleclick.net
-   adb_list.winhelp     : 1435575.fls.doubleclick.net
-
-The query function checks against the submitted (sub-)domain and recurses automatically to the upper top level domain(s).
-For every domain it returns the overall count plus a distinct list of active blocklists with the first relevant result.
-In the example above you have to whitelist "www.doubleclick.net" to free the submitted domain.
+config redirect
+    option name 'Divert DNS'
+    option src 'lan'
+    option proto 'tcp udp'
+    option src_dport '53'
+    option dest_port '53'
+    option target 'DNAT'
-**example to identify blocked domains during web browsing, i.e. for whitelisting:** -

-1. the easy way ...
-enable the network analysis builtins in chrome or firefox to identify domains
-which are redirected to the adblock null-ip (default 198.18.0.1), add these domains to your whitelist
-
-2. a bit harder ...
-enable 'Log queries' in the dnsmasq configuration (via LuCI Network => DHCP/DNS),
-ssh to your router and start tracing with 'logread -f -e "dnsmasq" -e "198.18.0.1"'
-switch to your client, access the relevant site and check all domains
-that are blocked/listed in logread, add these domains to your whitelist
-
-=> finally restart the adblock service (/etc/init.d/adblock restart) in both variants
-
- -**example to add a new blocklist source:** +**example to add a new block list source:** 

 1. the easy way ...
 example: https://easylist-downloads.adblockplus.org/rolist+easylist.txt
@@ -251,14 +218,8 @@ the output result should be a sequential list with one domain/host per line - no
 If your awk one-liner works quite well, add a new source section in adblock config and test your new source
-## Background -This adblock package is a dns/dnsmasq based adblock solution. -Queries to ad/abuse domains are never forwarded and always replied with a local IP address which may be IPv4 or IPv6. For that purpose adblock uses an ip address from the private 'Benchmark Test' subnet (198.18.0.1 / ::ffff:c612:0001) by default (in AP mode the local router ip address will be used). Furthermore all ad/abuse queries will be filtered by ip(6)tables and redirected to two uhttpd instances, separated for ads delivered on port 80 and on port 443 (in PREROUTING chain) or rejected (in FORWARD or OUTPUT chain). In 'AP mode' only the uhttpd related rules in PREROUTING chain are enabled. - -All iptables and uhttpd related adblock additions are non-destructive, no hard-coded changes in 'firewall.user', 'uhttpd' config or any other system related config files. There is _no_ adblock background daemon running, the (scheduled) start of the adblock service keeps only the adblock lists up-to-date. - ## Support -Please join the adblock discussion in this [openwrt forum thread](https://forum.openwrt.org/viewtopic.php?id=59803) or contact me by mail +Please join the adblock discussion in this [forum thread](https://forum.openwrt.org/viewtopic.php?id=59803) or contact me by mail ## Removal * stop all adblock related services with _/etc/init.d/adblock stop_ diff --git a/net/adblock/files/adblock-helper.sh b/net/adblock/files/adblock-helper.sh deleted file mode 100644 index 8be994108..000000000 --- a/net/adblock/files/adblock-helper.sh +++ /dev/null @@ -1,753 +0,0 @@ -#!/bin/sh -# function library used by adblock-update.sh -# written by Dirk Brenken (dev@brenken.org) - -# set initial defaults -# -LC_ALL=C -PATH="/usr/sbin:/usr/bin:/sbin:/bin" -adb_scriptver="1.5.4" -adb_mincfgver="2.5" -adb_hotplugif="" -adb_lanif="lan" -adb_nullport="65534" -adb_nullportssl="65535" -adb_nullipv4="198.18.0.1" -adb_nullipv6="::ffff:c612:0001" -adb_whitelist="/etc/adblock/adblock.whitelist" -adb_whitelist_rset="\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}" -adb_dnsdir="/tmp/dnsmasq.d" -adb_dnshidedir="${adb_dnsdir}/.adb_hidden" -adb_dnsprefix="adb_list" -adb_count=0 -adb_minspace=12000 -adb_forcedns=1 -adb_fetchttl=5 -adb_restricted=0 -adb_loglevel=1 -adb_uci="$(which uci)" - -# f_envload: load adblock environment -# -f_envload() -{ - # source in system function library - # - if [ -r "/lib/functions.sh" ] - then - . "/lib/functions.sh" - else - rc=-10 - f_log "system function library not found, please check your installation" - f_exit - fi - - # source in system network library - # - if [ -r "/lib/functions/network.sh" ] - then - . "/lib/functions/network.sh" - else - rc=-10 - f_log "system network library not found, please check your installation" - f_exit - fi - - # uci function to parse global section by callback - # - config_cb() - { - local type="${1}" - if [ "${type}" = "adblock" ] - then - option_cb() - { - local option="${1}" - local value="${2}" - eval "${option}=\"${value}\"" - } - else - reset_cb - fi - } - - # uci function to parse 'service' and 'source' sections - # - parse_config() - { - local value opt section="${1}" options="enabled adb_dir adb_src adb_src_rset adb_src_cat" - if [ "${section}" != "backup" ] - then - eval "adb_sources=\"${adb_sources} ${section}\"" - fi - for opt in ${options} - do - config_get value "${section}" "${opt}" - if [ -n "${value}" ] - then - eval "${opt}_${section}=\"${value}\"" - fi - done - } - - # load adblock config and start parsing functions - # - config_load adblock - config_foreach parse_config service - config_foreach parse_config source - - # get network basics - # - network_get_ipaddr adb_ipv4 "${adb_lanif}" - network_get_ipaddr6 adb_ipv6 "${adb_lanif}" - network_get_device adb_landev "${adb_lanif}" - network_find_wan adb_wanif4 - network_find_wan6 adb_wanif6 -} - -# f_envcheck: check/set environment prerequisites -# -f_envcheck() -{ - local check - - # check 'enabled' & 'version' config options - # - if [ -z "${adb_enabled}" ] || [ -z "${adb_cfgver}" ] || [ "${adb_cfgver%%.*}" != "${adb_mincfgver%%.*}" ] - then - rc=-1 - f_log "outdated adblock config (${adb_cfgver} vs. ${adb_mincfgver}), please run '/etc/init.d/adblock cfgup' to update your configuration" - f_exit - elif [ "${adb_cfgver#*.}" != "${adb_mincfgver#*.}" ] - then - outdated_ok="true" - fi - if [ "${adb_enabled}" != "1" ] - then - rc=-10 - f_log "adblock is currently disabled, please set adb_enabled to '1' to use this service" - f_exit - fi - - # check opkg availability - # - adb_pkglist="$(opkg list-installed)" - if [ $(($?)) -eq 255 ] - then - rc=-10 - f_log "adblock installation finished successfully, 'opkg' currently locked by package installer" - f_exit - elif [ -z "${adb_pkglist}" ] - then - rc=-1 - f_log "empty 'opkg' package list, please check your installation" - f_exit - fi - adb_sysver="$(printf "${adb_pkglist}" | grep "^base-files -")" - adb_sysver="${adb_sysver##*-}" - - # get lan ip addresses - # - if [ -z "${adb_ipv4}" ] && [ -z "${adb_ipv6}" ] - then - rc=-1 - f_log "no valid IPv4/IPv6 configuration found (${adb_lanif}), please set 'adb_lanif' manually" - f_exit - fi - - # check logical update interfaces (with default route) - # - if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ] - then - adb_wanif4="${adb_lanif}" - fi - - # check AP mode - # - if [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ] - then - adb_nullipv4="${adb_ipv4}" - adb_nullipv6="${adb_ipv6}" - if [ -n "$(${adb_uci} -q get uhttpd.main.listen_http | grep -o ":80$")" ] || - [ -n "$(${adb_uci} -q get uhttpd.main.listen_https | grep -o ":443$")" ] - then - rc=-1 - f_log "AP mode detected, please set local LuCI instance to ports <> 80/443" - f_exit - else - apmode_ok="true" - fi - else - apmode_ok="false" - check="$(${adb_uci} -q get bcp38.@bcp38[0].enabled)" - if [ "${check}" = "1" ] - then - if [ -n "$(${adb_uci} -q get bcp38.@bcp38[0].match | grep -Fo "${adb_nullipv4%.*}")" ] - then - rc=-1 - f_log "please whitelist '${adb_nullipv4}' in your bcp38 configuration to use adblock" - f_exit - fi - fi - fi - - # check general package dependencies - # - f_depend "busybox -" - f_depend "uci -" - f_depend "uhttpd -" - f_depend "iptables -" - f_depend "kmod-ipt-nat -" - f_depend "firewall -" - f_depend "dnsmasq*" - - # check ipv6 related package dependencies - # - if [ -n "${adb_wanif6}" ] - then - f_depend "ip6tables -" "true" - if [ "${package_ok}" = "false" ] - then - f_log "package 'ip6tables' not found, IPv6 support will be disabled" - unset adb_wanif6 - else - f_depend "kmod-ipt-nat6 -" "true" - if [ "${package_ok}" = "false" ] - then - f_log "package 'kmod-ipt-nat6' not found, IPv6 support will be disabled" - unset adb_wanif6 - fi - fi - fi - - # check uclient-fetch/wget dependencies - # - f_depend "uclient-fetch -" "true" - if [ "${package_ok}" = "true" ] - then - f_depend "libustream-polarssl -" "true" - if [ "${package_ok}" = "false" ] - then - f_depend "libustream-\(mbedtls\|openssl\|cyassl\) -" "true" - if [ "${package_ok}" = "true" ] - then - adb_fetch="$(which uclient-fetch)" - fetch_parm="-q" - response_parm= - fi - fi - fi - if [ -z "${adb_fetch}" ] - then - f_depend "wget -" "true" - if [ "${package_ok}" = "true" ] - then - adb_fetch="$(which /usr/bin/wget* | head -1)" - fetch_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=${adb_fetchttl} --connect-timeout=${adb_fetchttl} --read-timeout=${adb_fetchttl}" - response_parm="--spider --server-response" - fi - if [ -z "${adb_fetch}" ] - then - rc=-1 - f_log "please install 'uclient-fetch' or 'wget' with ssl support to use adblock" - f_exit - fi - fi - - # check ca-certificate package and set fetch parm accordingly - # - f_depend "ca-certificates -" "true" - if [ "${package_ok}" = "false" ] - then - fetch_parm="${fetch_parm} --no-check-certificate" - fi - - # start normal processing/logging - # - f_log "domain adblock processing started (${adb_scriptver}, ${adb_sysver}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))" - - # log partially outdated config - # - if [ "${outdated_ok}" = "true" ] - then - f_log "partially outdated adblock config (${adb_mincfgver} vs. ${adb_cfgver}), please run '/etc/init.d/adblock cfgup' to update your configuration" - fi - - # log ap mode - # - if [ "${apmode_ok}" = "true" ] - then - f_log "AP mode enabled" - fi - - # set/log restricted mode - # - if [ "${adb_restricted}" = "1" ] - then - adb_uci="$(which true)" - f_log "Restricted mode enabled" - fi - - # check dns hideout directory - # - if [ -d "${adb_dnshidedir}" ] - then - mv_done="$(find "${adb_dnshidedir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print -exec mv -f "{}" "${adb_dnsdir}" \;)" - else - mkdir -p -m 660 "${adb_dnshidedir}" - fi - - # check adblock temp directory - # - adb_tmpfile="$(mktemp -tu)" - adb_tmpdir="$(mktemp -p /tmp -d)" - if [ -n "${adb_tmpdir}" ] && [ -d "${adb_tmpdir}" ] - then - f_space "${adb_tmpdir}" - if [ "${space_ok}" = "false" ] - then - if [ $((av_space)) -le 2000 ] - then - rc=105 - f_log "not enough free space in '${adb_tmpdir}' (avail. ${av_space} kb)" - f_exit - else - f_log "not enough free space to handle all block list sources at once in '${adb_tmpdir}' (avail. ${av_space} kb)" - fi - fi - else - rc=110 - f_log "temp directory not found" - f_exit - fi - - # check memory - # - mem_total="$(awk '$1 ~ /^MemTotal/ {printf $2}' "/proc/meminfo")" - mem_free="$(awk '$1 ~ /^MemFree/ {printf $2}' "/proc/meminfo")" - mem_swap="$(awk '$1 ~ /^SwapTotal/ {printf $2}' "/proc/meminfo")" - if [ $((mem_total)) -le 64000 ] && [ $((mem_swap)) -eq 0 ] - then - mem_ok="false" - f_log "not enough free memory, overall sort processing will be disabled (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})" - else - mem_ok="true" - fi - - # check backup configuration - # - if [ "${enabled_backup}" = "1" ] && [ -d "${adb_dir_backup}" ] - then - f_space "${adb_dir_backup}" - if [ "${space_ok}" = "false" ] - then - f_log "not enough free space in '${adb_dir_backup}'(avail. ${av_space} kb), backup/restore will be disabled" - backup_ok="false" - else - f_log "backup/restore will be enabled" - backup_ok="true" - fi - else - backup_ok="false" - f_log "backup/restore will be disabled" - fi - - # set dnsmasq defaults - # - if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] - then - adb_dnsformat="awk -v ipv4="${adb_nullipv4}" -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv4\"\n\"\"address=/\"\$0\"/\"ipv6}'" - elif [ -n "${adb_wanif4}" ] - then - adb_dnsformat="awk -v ipv4="${adb_nullipv4}" '{print \"address=/\"\$0\"/\"ipv4}'" - else - adb_dnsformat="awk -v ipv6="${adb_nullipv6}" '{print \"address=/\"\$0\"/\"ipv6}'" - fi - - # check volatile iptables configuration - # - if [ -n "${adb_wanif4}" ] - then - if [ "${apmode_ok}" = "false" ] - then - if [ "${adb_forcedns}" = "1" ] && [ -n "${adb_landev}" ] - then - f_firewall "IPv4" "nat" "prerouting_rule" "adb-dns" "1" "dns" "-p udp --dport 53 -j DNAT --to-destination ${adb_ipv4}:53" - f_firewall "IPv4" "nat" "prerouting_rule" "adb-dns" "2" "dns" "-p tcp --dport 53 -j DNAT --to-destination ${adb_ipv4}:53" - fi - f_firewall "IPv4" "filter" "forwarding_rule" "adb-fwd" "1" "fwd" "-p tcp -j REJECT --reject-with tcp-reset" - f_firewall "IPv4" "filter" "forwarding_rule" "adb-fwd" "2" "fwd" "-j REJECT --reject-with icmp-host-unreachable" - f_firewall "IPv4" "filter" "output_rule" "adb-out" "1" "out" "-p tcp -j REJECT --reject-with tcp-reset" - f_firewall "IPv4" "filter" "output_rule" "adb-out" "2" "out" "-j REJECT --reject-with icmp-host-unreachable" - fi - f_firewall "IPv4" "nat" "prerouting_rule" "adb-nat" "1" "nat" "-p tcp --dport 80 -j DNAT --to-destination ${adb_ipv4}:${adb_nullport}" - f_firewall "IPv4" "nat" "prerouting_rule" "adb-nat" "2" "nat" "-p tcp --dport 443 -j DNAT --to-destination ${adb_ipv4}:${adb_nullportssl}" - fi - if [ -n "${adb_wanif6}" ] - then - if [ "${apmode_ok}" = "false" ] - then - if [ "${adb_forcedns}" = "1" ] && [ -n "${adb_landev}" ] - then - f_firewall "IPv6" "nat" "PREROUTING" "adb-dns" "1" "dns" "-p udp --dport 53 -j DNAT --to-destination [${adb_ipv6}]:53" - f_firewall "IPv6" "nat" "PREROUTING" "adb-dns" "2" "dns" "-p tcp --dport 53 -j DNAT --to-destination [${adb_ipv6}]:53" - fi - f_firewall "IPv6" "filter" "forwarding_rule" "adb-fwd" "1" "fwd" "-p tcp -j REJECT --reject-with tcp-reset" - f_firewall "IPv6" "filter" "forwarding_rule" "adb-fwd" "2" "fwd" "-j REJECT --reject-with icmp6-addr-unreachable" - f_firewall "IPv6" "filter" "output_rule" "adb-out" "1" "out" "-p tcp -j REJECT --reject-with tcp-reset" - f_firewall "IPv6" "filter" "output_rule" "adb-out" "2" "out" "-j REJECT --reject-with icmp6-addr-unreachable" - fi - f_firewall "IPv6" "nat" "PREROUTING" "adb-nat" "1" "nat" "-p tcp --dport 80 -j DNAT --to-destination [${adb_ipv6}]:${adb_nullport}" - f_firewall "IPv6" "nat" "PREROUTING" "adb-nat" "2" "nat" "-p tcp --dport 443 -j DNAT --to-destination [${adb_ipv6}]:${adb_nullportssl}" - fi - if [ "${firewall_ok}" = "true" ] - then - f_log "created volatile firewall rulesets" - fi - - # check volatile uhttpd instance configuration - # - if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] - then - f_uhttpd "adbIPv46_80" "1" "-p ${adb_ipv4}:${adb_nullport} -p [${adb_ipv6}]:${adb_nullport}" - f_uhttpd "adbIPv46_443" "0" "-p ${adb_ipv4}:${adb_nullportssl} -p [${adb_ipv6}]:${adb_nullportssl}" - elif [ -n "${adb_wanif4}" ] - then - f_uhttpd "adbIPv4_80" "1" "-p ${adb_ipv4}:${adb_nullport}" - f_uhttpd "adbIPv4_443" "0" "-p ${adb_ipv4}:${adb_nullportssl}" - else - f_uhttpd "adbIPv6_80" "1" "-p [${adb_ipv6}]:${adb_nullport}" - f_uhttpd "adbIPv6_443" "0" "-p [${adb_ipv6}]:${adb_nullportssl}" - fi - if [ "${uhttpd_ok}" = "true" ] - then - f_log "created volatile uhttpd instances" - fi - - # check whitelist entries - # - if [ -s "${adb_whitelist}" ] - then - awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.whitelist" - fi - - # remove temporary package list - # - unset adb_pkglist -} - -# f_depend: check package dependencies -# -f_depend() -{ - local check - local package="${1}" - local check_only="${2}" - package_ok="true" - - check="$(printf "${adb_pkglist}" | grep "^${package}")" - if [ "${check_only}" = "true" ] && [ -z "${check}" ] - then - package_ok="false" - elif [ -z "${check}" ] - then - rc=-1 - f_log "package '${package}' not found" - f_exit - fi -} - -# f_firewall: set iptables rules for ipv4/ipv6 -# -f_firewall() -{ - local ipt="iptables" - local nullip="${adb_nullipv4}" - local proto="${1}" - local table="${2}" - local chsrc="${3}" - local chain="${4}" - local chpos="${5}" - local notes="adb-${6}" - local rules="${7}" - - # select appropriate iptables executable for IPv6 - # - if [ "${proto}" = "IPv6" ] - then - ipt="ip6tables" - nullip="${adb_nullipv6}" - fi - - # check whether iptables chain already exist - # - rc="$("${ipt}" -w -t "${table}" -nL "${chain}" >/dev/null 2>&1; printf ${?})" - if [ $((rc)) -ne 0 ] - then - "${ipt}" -w -t "${table}" -N "${chain}" - "${ipt}" -w -t "${table}" -A "${chain}" -m comment --comment "${notes}" -j RETURN - if [ "${chain}" = "adb-dns" ] - then - "${ipt}" -w -t "${table}" -A "${chsrc}" -i "${adb_landev}+" -m comment --comment "${notes}" -j "${chain}" - else - "${ipt}" -w -t "${table}" -A "${chsrc}" -d "${nullip}" -m comment --comment "${notes}" -j "${chain}" - fi - rc=${?} - if [ $((rc)) -ne 0 ] - then - f_log "failed to initialize volatile ${proto} firewall chain '${chain}'" - f_exit - fi - fi - - # check whether iptables rule already exist - # - rc="$("${ipt}" -w -t "${table}" -C "${chain}" -m comment --comment "${notes}" ${rules} >/dev/null 2>&1; printf ${?})" - if [ $((rc)) -ne 0 ] - then - "${ipt}" -w -t "${table}" -I "${chain}" "${chpos}" -m comment --comment "${notes}" ${rules} - rc=${?} - if [ $((rc)) -eq 0 ] - then - firewall_ok="true" - else - f_log "failed to initialize volatile ${proto} firewall rule '${notes}'" - f_exit - fi - fi -} - -# f_uhttpd: start uhttpd instances -# -f_uhttpd() -{ - local check - local realm="${1}" - local timeout="${2}" - local ports="${3}" - - check="$(pgrep -f "uhttpd -h /www/adblock -N 25 -T ${timeout} -r ${realm}")" - if [ -z "${check}" ] - then - uhttpd -h "/www/adblock" -N 25 -T "${timeout}" -r "${realm}" -k 0 -t 0 -R -D -S -E "/index.html" ${ports} - rc=${?} - if [ $((rc)) -eq 0 ] - then - uhttpd_ok="true" - else - f_log "failed to initialize volatile uhttpd instance (${realm})" - f_exit - fi - fi -} - -# f_space: check mount points/space requirements -# -f_space() -{ - local mp="${1}" - space_ok="true" - - if [ -d "${mp}" ] - then - av_space="$(df "${mp}" | tail -n1 | awk '{printf $4}')" - if [ $((av_space)) -lt $((adb_minspace)) ] - then - space_ok="false" - fi - fi -} - -# f_cntconfig: calculate counters in config -# -f_cntconfig() -{ - local src_name - local count=0 - - for src_name in $(ls -ASr "${adb_dnsdir}/${adb_dnsprefix}"*) - do - count="$(wc -l < "${src_name}")" - src_name="${src_name##*.}" - if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ] - then - count=$((count / 2)) - fi - "${adb_uci}" -q set "adblock.${src_name}.adb_src_count=${count}" - adb_count=$((adb_count + count)) - done - "${adb_uci}" -q set "adblock.global.adb_overall_count=${adb_count}" -} - -# f_rmconfig: remove volatile config entries -# -f_rmconfig() -{ - local opt - local options="adb_src_timestamp adb_src_count" - local section="${1}" - - "${adb_uci}" -q delete "adblock.global.adb_overall_count" - "${adb_uci}" -q delete "adblock.global.adb_dnstoggle" - "${adb_uci}" -q delete "adblock.global.adb_percentage" - "${adb_uci}" -q delete "adblock.global.adb_lastrun" - for opt in ${options} - do - "${adb_uci}" -q delete "adblock.${section}.${opt}" - done -} - -# f_rmdns: remove dns block lists and backups -# -f_rmdns() -{ - rm_dns="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print -exec rm -f "{}" \;)" - if [ -n "${rm_dns}" ] - then - rm -rf "${adb_dnshidedir}" - if [ "${enabled_backup}" = "1" ] && [ -d "${adb_dir_backup}" ] - then - rm -f "${adb_dir_backup}/${adb_dnsprefix}"*.gz - fi - /etc/init.d/dnsmasq restart - fi -} - -# f_rmuhttpd: remove uhttpd instances -# -f_rmuhttpd() -{ - rm_uhttpd="$(pgrep -f "uhttpd -h /www/adblock")" - if [ -n "${rm_uhttpd}" ] - then - for pid in ${rm_uhttpd} - do - kill -9 "${pid}" - done - fi -} - -# f_rmfirewall: remove firewall rulsets -# -f_rmfirewall() -{ - rm_fw="$(iptables -w -t nat -vnL | grep -Fo "adb-")" - if [ -n "${rm_fw}" ] - then - iptables-save | grep -Fv -- "adb-" | iptables-restore - if [ -n "$(lsmod | grep -Fo "ip6table_nat")" ] - then - ip6tables-save | grep -Fv -- "adb-" | ip6tables-restore - fi - fi -} - -# f_log: log messages to stdout and syslog -# -f_log() -{ - local log_parm - local log_msg="${1}" - local class="info " - - if [ $((rc)) -gt 0 ] - then - class="error" - elif [ $((rc)) -lt 0 ] - then - class="warn " - fi - if [ -t 1 ] - then - log_parm="-s" - fi - if [ -n "${log_msg}" ] && ([ $((adb_loglevel)) -gt 0 ] || [ "${class}" != "info " ]) - then - logger ${log_parm} -t "adblock[${adb_pid}] ${class}" "${log_msg}" 2>&1 - fi -} - -# f_statistics: adblock runtime statistics -f_statistics() -{ - local ipv4_blk=0 ipv4_all=0 ipv4_pct=0 - local ipv6_blk=0 ipv6_all=0 ipv6_pct=0 - - if [ -n "${adb_wanif4}" ] - then - ipv4_blk="$(iptables -t nat -vxnL adb-nat | awk '$3 ~ /^DNAT$/ {sum += $1} END {printf sum}')" - ipv4_all="$(iptables -t nat -vxnL PREROUTING | awk '$3 ~ /^(delegate_prerouting|prerouting_rule)$/ {sum += $1} END {printf sum}')" - if [ $((ipv4_all)) -gt 0 ] && [ $((ipv4_blk)) -gt 0 ] && [ $((ipv4_all)) -gt $((ipv4_blk)) ] - then - ipv4_pct="$(printf "${ipv4_blk}" | awk -v all="${ipv4_all}" '{printf( "%5.2f\n",$1/all*100)}')" - elif [ $((ipv4_all)) -lt $((ipv4_blk)) ] - then - iptables -t nat -Z adb-nat - fi - fi - if [ -n "${adb_wanif6}" ] - then - ipv6_blk="$(ip6tables -t nat -vxnL adb-nat | awk '$3 ~ /^DNAT$/ {sum += $1} END {printf sum}')" - ipv6_all="$(ip6tables -t nat -vxnL PREROUTING | awk '$3 ~ /^(adb-nat|DNAT)$/ {sum += $1} END {printf sum}')" - if [ $((ipv6_all)) -gt 0 ] && [ $((ipv6_blk)) -gt 0 ] && [ $((ipv6_all)) -gt $((ipv6_blk)) ] - then - ipv6_pct="$(printf "${ipv6_blk}" | awk -v all="${ipv6_all}" '{printf( "%5.2f\n",$1/all*100)}')" - elif [ $((ipv6_all)) -lt $((ipv6_blk)) ] - then - ip6tables -t nat -Z adb-nat - fi - fi - "${adb_uci}" -q set "adblock.global.adb_percentage=${ipv4_pct}%/${ipv6_pct}%" - f_log "firewall statistics (IPv4/IPv6): ${ipv4_pct}%/${ipv6_pct}% of all packets in prerouting chain are ad related & blocked" -} - -# f_exit: delete temporary files, generate statistics and exit -# -f_exit() -{ - local lastrun="$(date "+%d.%m.%Y %H:%M:%S")" - - if [ "${adb_restricted}" = "1" ] - then - adb_uci="$(which true)" - fi - - # delete temp files & directories - # - rm -f "${adb_tmpfile}" - rm -rf "${adb_tmpdir}" - - # tidy up on error - # - if [ $((rc)) -lt 0 ] || [ $((rc)) -gt 0 ] - then - f_rmdns - f_rmuhttpd - f_rmfirewall - config_foreach f_rmconfig source - if [ $((rc)) -eq -1 ] - then - "${adb_uci}" -q set "adblock.global.adb_lastrun=${lastrun} => runtime error, please check the log!" - fi - fi - - # final log message and iptables statistics - # - if [ $((rc)) -eq 0 ] - then - f_statistics - "${adb_uci}" -q set "adblock.global.adb_lastrun=${lastrun}" - f_log "domain adblock processing finished successfully (${adb_scriptver}, ${adb_sysver}, ${lastrun})" - elif [ $((rc)) -gt 0 ] - then - f_log "domain adblock processing failed (${adb_scriptver}, ${adb_sysver}, ${lastrun})" - else - rc=0 - fi - if [ -n "$("${adb_uci}" -q changes adblock)" ] - then - "${adb_uci}" -q commit "adblock" - fi - rm -f "${adb_pidfile}" - exit ${rc} -} diff --git a/net/adblock/files/adblock-update.sh b/net/adblock/files/adblock-update.sh deleted file mode 100755 index 661081d5c..000000000 --- a/net/adblock/files/adblock-update.sh +++ /dev/null @@ -1,278 +0,0 @@ -#!/bin/sh -# dns based ad/abuse domain blocking script -# written by Dirk Brenken (dev@brenken.org) - -# This is free software, licensed under the GNU General Public License v3. -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# prepare environment -# -adb_pid="${$}" -adb_pidfile="/var/run/adblock.pid" -adb_scriptdir="${0%/*}" - -if [ -r "${adb_pidfile}" ] -then - rc=255 - logger -s -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile}))" - exit ${rc} -else - printf "${adb_pid}" > "${adb_pidfile}" - if [ -r "${adb_scriptdir}/adblock-helper.sh" ] - then - . "${adb_scriptdir}/adblock-helper.sh" - f_envload - else - rc=254 - logger -s -t "adblock[${adb_pid}] error" "adblock function library not found" - rm -f "${adb_pidfile}" - exit ${rc} - fi -fi - -# call trap function on error signals (HUP, INT, QUIT, BUS, SEGV, TERM) -# -trap "rc=250; f_log 'error signal received/trapped'; f_exit" 1 2 3 10 11 15 - -# check environment -# -f_envcheck - -# main loop for all block list sources -# -f_log "use '${adb_fetch}' for list downloads" - -for src_name in ${adb_sources} -do - # check disabled sources - # - eval "enabled=\"\${enabled_${src_name}}\"" - if [ "${enabled}" = "0" ] - then - if [ -r "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" ] - then - rm -f "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" - if [ "${backup_ok}" = "true" ] && [ -r "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] - then - rm -f "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" - fi - rm_done="true" - f_log "=> disabled source '${src_name}' removed" - fi - "${adb_uci}" -q delete "adblock.${src_name}.adb_src_count" - "${adb_uci}" -q delete "adblock.${src_name}.adb_src_timestamp" - continue - fi - - f_log "=> processing source '${src_name}'" - eval "url=\"\${adb_src_${src_name}}\"" - eval "src_rset=\"\${adb_src_rset_${src_name}}\"" - eval "list_time=\"\${CONFIG_${src_name}_adb_src_timestamp}\"" - adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}" - - # check 'url' and 'src_rset' values - # - if [ -z "${url}" ] || [ -z "${src_rset}" ] - then - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=broken config" - f_log " broken source configuration, skipped" - continue - fi - - # download only block list with newer/updated timestamp - # - if [ "${src_name}" = "blacklist" ] - then - url_time="$(date -r "${url}")" - elif [ -n "${response_parm}" ] - then - url_time="$(${adb_fetch} ${fetch_parm} ${response_parm} "${url}" 2>&1 | awk '$0 ~ /Last-Modified/ {printf substr($0,18)}')" - fi - if [ -z "${url_time}" ] - then - url_time="$(date)" - f_log " no online timestamp" - fi - if [ -z "${list_time}" ] || [ "${list_time}" != "${url_time}" ] || [ ! -r "${adb_dnsfile}" ] ||\ - ([ "${backup_ok}" = "true" ] && [ ! -r "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ]) - then - if [ "${src_name}" = "blacklist" ] - then - tmp_domains="$(strings -n 1 "${url}")" - elif [ "${src_name}" = "shalla" ] - then - shalla_archive="${adb_tmpdir}/shallalist.tar.gz" - shalla_file="${adb_tmpdir}/shallalist.txt" - "${adb_fetch}" ${fetch_parm} -O "${shalla_archive}" "${url}" - rc=${?} - if [ $((rc)) -eq 0 ] - then - > "${shalla_file}" - for category in ${adb_src_cat_shalla} - do - tar -xOzf "${shalla_archive}" BL/${category}/domains >> "${shalla_file}" - rc=${?} - if [ $((rc)) -ne 0 ] - then - f_log " archive extraction failed (${category})" - break - fi - done - tmp_domains="$(strings -n 1 "${shalla_file}")" - rm -rf "${adb_tmpdir}/BL" - rm -f "${shalla_archive}" - rm -f "${shalla_file}" - fi - else - tmp_domains="$(${adb_fetch} ${fetch_parm} -O- "${url}" | strings -n 1)" - fi - rc=${?} - else - f_log " source doesn't change, skipped" - continue - fi - - # check download result and prepare domain output, backup/restore if needed - # - if [ $((rc)) -eq 0 ] && [ -n "${tmp_domains}" ] - then - count="$(printf "%s\n" "${tmp_domains}" | awk "${src_rset}" | tee "${adb_tmpfile}" | wc -l)" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=${url_time}" - if [ "${backup_ok}" = "true" ] - then - gzip -cf "${adb_tmpfile}" > "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" - fi - f_log " source download finished (${count} entries)" - unset tmp_domains - elif [ $((rc)) -eq 0 ] && [ -z "${tmp_domains}" ] - then - if [ "${backup_ok}" = "true" ] && [ -r "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] - then - gunzip -cf "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" > "${adb_tmpfile}" - count="$(wc -l < "${adb_tmpfile}")" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=list restored" - f_log " empty source download, restored (${count} entries)" - else - if [ -r "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" ] - then - rm -f "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" - rm_done="true" - fi - "${adb_uci}" -q delete "adblock.${src_name}.adb_src_count" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=empty download" - f_log " empty source download, skipped" - continue - fi - else - rc=0 - if [ "${backup_ok}" = "true" ] && [ -r "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] - then - gunzip -cf "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" > "${adb_tmpfile}" - count="$(wc -l < "${adb_tmpfile}")" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=list restored" - f_log " source download failed, restored (${count} entries)" - else - if [ -r "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" ] - then - rm -f "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" - rm_done="true" - fi - "${adb_uci}" -q delete "adblock.${src_name}.adb_src_count" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=download failed" - f_log " source download failed, skipped" - continue - fi - fi - - # remove whitelist domains, sort domains and make them unique, - # rewrite ad/abuse domain information to separate dnsmasq files - # - if [ $((count)) -gt 0 ] && [ -n "${adb_tmpfile}" ] - then - if [ -s "${adb_tmpdir}/tmp.whitelist" ] - then - grep -vf "${adb_tmpdir}/tmp.whitelist" "${adb_tmpfile}" | sort -u | eval "${adb_dnsformat}" > "${adb_dnsfile}" - else - sort -u "${adb_tmpfile}" | eval "${adb_dnsformat}" > "${adb_dnsfile}" - fi - rc=${?} - if [ $((rc)) -eq 0 ] - then - rev_done="true" - f_log " domain merging finished" - else - rc=0 - rm -f "${adb_dnsfile}" - if [ "${backup_ok}" = "true" ] && [ -r "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] - then - rm -f "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" - fi - "${adb_uci}" -q delete "adblock.${src_name}.adb_src_count" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=domain merging failed" - f_log " domain merging failed, skipped" - continue - fi - else - rm -f "${adb_dnsfile}" - if [ "${backup_ok}" = "true" ] && [ -r "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] - then - rm -f "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" - fi - "${adb_uci}" -q delete "adblock.${src_name}.adb_src_count" - "${adb_uci}" -q set "adblock.${src_name}.adb_src_timestamp=empty domain input" - f_log " empty domain input, skipped" - continue - fi -done - -# overall sort, make block list entries unique -# -if [ "${rev_done}" = "true" ] && [ "${mem_ok}" = "true" ] -then - f_log "remove duplicates in separate block lists" - for list in $(ls -ASr "${adb_dnsdir}/${adb_dnsprefix}"*) - do - list="${list/*./}" - if [ -s "${adb_tmpdir}/blocklist.overall" ] - then - sort "${adb_tmpdir}/blocklist.overall" "${adb_tmpdir}/blocklist.overall" "${adb_dnsdir}/${adb_dnsprefix}.${list}" | uniq -u > "${adb_tmpdir}/tmp.blocklist" - cat "${adb_tmpdir}/tmp.blocklist" > "${adb_dnsdir}/${adb_dnsprefix}.${list}" - fi - cat "${adb_dnsdir}/${adb_dnsprefix}.${list}" >> "${adb_tmpdir}/blocklist.overall" - done -fi - -# restart & check dnsmasq with generated set of block lists -# -if [ "${rev_done}" = "true" ] || [ "${rm_done}" = "true" ] || [ -n "${mv_done}" ] -then - "${adb_uci}" -q delete "adblock.global.adb_dnstoggle" - /etc/init.d/dnsmasq restart - sleep 1 - check="$(pgrep -f "dnsmasq")" - if [ -n "${check}" ] - then - f_cntconfig - f_log "block lists with overall ${adb_count} domains loaded" - else - f_rmdns - sleep 1 - check="$(pgrep -f "dnsmasq")" - if [ -n "${check}" ] - then - f_log "dnsmasq restart without block lists succeeded, please check your configuration" - else - f_log "dnsmasq restart without block lists failed, please check your configuration" - fi - rc=100 - f_exit - fi -else - f_cntconfig - f_log "block lists with overall ${adb_count} domains are still valid, no update required" -fi - -# remove temporary files and exit -# -f_exit diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf index cc86b503b..aaf6eef43 100644 --- a/net/adblock/files/adblock.conf +++ b/net/adblock/files/adblock.conf @@ -3,10 +3,9 @@ config adblock 'global' option adb_enabled '1' - option adb_cfgver '2.5' + option adb_debug '0' option adb_whitelist '/etc/adblock/adblock.whitelist' option adb_whitelist_rset '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}' - option adb_forcedns '1' config service 'backup' option enabled '0' diff --git a/net/adblock/files/adblock.hotplug b/net/adblock/files/adblock.hotplug deleted file mode 100644 index ee48bb05c..000000000 --- a/net/adblock/files/adblock.hotplug +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# - -adb_pid="${$}" -adb_helper="/usr/bin/adblock-helper.sh" -adb_pidfile="/var/run/adblock.pid" -adb_enabled="$(/etc/init.d/adblock enabled; echo $?)" - -if [ "${adb_enabled}" = "1" ] || [ -f "${adb_pidfile}" ] || [ "${ACTION}" != "ifup" ] -then - exit 0 -fi - -. "${adb_helper}" -f_envload - -if [ "${INTERFACE}" = "${adb_wanif4}" ] || [ "${INTERFACE}" = "${adb_wanif6}" ] -then - if [ -z "${adb_hotplugif}" ] || [ "${INTERFACE}" = "${adb_hotplugif}" ] - then - /etc/init.d/adblock start - f_log "adblock service started due to '${ACTION}' of '${INTERFACE}' interface" - fi -fi diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init index 5cd867211..7bf70ca71 100755 --- a/net/adblock/files/adblock.init +++ b/net/adblock/files/adblock.init @@ -2,172 +2,81 @@ # START=90 -EXTRA_COMMANDS="toggle stats cfgup envchk query" -EXTRA_HELP=" toggle Toggle adblock 'on' or 'off' - stats Update adblock statistics - cfgup Update adblock configuration file - envchk Check/Set adblock environment - query Query active blocklists for specific domain" +USE_PROCD=1 -adb_debug=0 -adb_pid="${$}" -adb_script="/usr/bin/adblock-update.sh" -adb_helper="/usr/bin/adblock-helper.sh" -adb_pidfile="/var/run/adblock.pid" -bg_parm="&" +EXTRA_COMMANDS="suspend resume" +EXTRA_HELP=" suspend Suspend adblock processing + resume Resume adblock processing" -if [ $((adb_debug)) -eq 0 ] -then - exec 2>/dev/null -fi - -if [ -r "${adb_pidfile}" ] -then - logger -s -t "adblock[${adb_pid}] error" "adblock service already running ($(cat ${adb_pidfile}))" 2>&1 - exit 255 -fi - -. "${adb_helper}" -f_envload - -if [ "${adb_restricted}" = "1" ] -then - adb_uci="$(which true)" -fi +adb_script="/usr/bin/adblock.sh" +adb_iface="$(uci -q get adblock.global.adb_iface)" boot() { - return 0 -} + local wanif4 wanif6 -start() -{ - if [ -t 1 ] + ubus -t 30 wait_for network.interface + if [ ${?} -eq 0 ] then - unset bg_parm + . "/lib/functions/network.sh" + network_find_wan wanif4 + network_find_wan6 wanif6 + if [ -n "${wanif4}" ] || [ -n "${wanif6}" ] + then + rc_procd start_service + else + rc_procd service_triggers + fi fi - eval "${adb_script}" ${bg_parm} - return 0 } -restart() +start_service() { - stop - start + if [ $(/etc/init.d/adblock enabled; printf ${?}) -eq 0 ] + then + procd_open_instance "adblock" + procd_set_param env adb_procd="true" + procd_set_param command "${adb_script}" "${@}" + procd_set_param stdout 1 + procd_set_param stderr 1 + procd_close_instance + fi } -reload() +reload_service() { - reload="true" - stop - start + rc_procd start_service reload } -stop() +stop_service() { - f_rmdns - f_rmuhttpd - config_foreach f_rmconfig source - if [ -z "${reload}" ] - then - f_rmfirewall - fi - if [ -n "${rm_dns}" ] || [ -n "${rm_uhttpd}" ] || [ -n "${rm_fw}" ] || [ -n "$(${adb_uci} -q changes adblock)" ] - then - "${adb_uci}" -q commit adblock - f_log "all adblock related services stopped" - fi - return 0 + export adb_procd="true" + rc_procd "${adb_script}" stop } -toggle() +suspend() { - if [ -d "${adb_dnshidedir}" ] - then - list_dns="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print)" - list_dnshide="$(find "${adb_dnshidedir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print)" - if [ -n "${list_dns}" ] - then - source="${adb_dnsdir}/${adb_dnsprefix}" - target="${adb_dnshidedir}" - pos="off" - elif [ -n "${list_dnshide}" ] - then - source="${adb_dnshidedir}/${adb_dnsprefix}" - target="${adb_dnsdir}" - pos="on" - fi - if [ -n "${list_dns}" ] || [ -n "${list_dnshide}" ] - then - mv -f "${source}"* "${target}" - /etc/init.d/dnsmasq restart - "${adb_uci}" -q set "adblock.global.adb_dnstoggle=${pos}" - "${adb_uci}" -q commit "adblock" - f_log "adblock toggle switched '${pos}'" - fi - fi - return 0 + rc_procd start_service suspend } -stats() +resume() { - f_statistics - "${adb_uci}" -q commit "adblock" - return 0 + rc_procd start_service resume } -cfgup() +service_triggers() { - stop - cp -pf "/etc/adblock/adblock.conf.default" "/etc/config/adblock" - rc=$? - if [ $((rc)) -eq 0 ] - then - f_log "default adblock configuration applied, please check the settings in '/etc/config/adblock'" - else - f_log "default adblock configuration not found, please re-install the package via 'opkg install adblock --force-maintainer'" - fi - return 0 -} + local iface -query() -{ - domain="${1}" - tld="${domain#*.}" - list_dns="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print)" - if [ -z "${list_dns}" ] - then - f_log "no active blocklists found, please start adblock first" - elif [ -z "${domain}" ] || [ "${domain}" = "${tld}" ] + procd_add_config_trigger "config.change" "adblock" /etc/init.d/adblock start + + if [ -z "${adb_iface}" ] then - f_log "invalid domain query input, please submit a specific (sub-)domain, i.e. 'www.abc.xyz'" + procd_add_raw_trigger "interface.*.up" 1000 /etc/init.d/adblock start else - while [ "${domain}" != "${tld}" ] + for iface in ${adb_iface} do - search="${domain//./\.}" - result="$(grep -Hm 1 "[/\.]${search}/" "${adb_dnsdir}/adb_list"* | awk -F ':|/' '{print " "$4"\t: "$6}')" - count="$(grep -hc "[/\.]${search}/" "${adb_dnsdir}/adb_list"* | awk '{sum += $1} END {printf sum}')" - printf "%s\n" "=> distinct results for domain '${domain}' (overall ${count})" - if [ -z "${result}" ] - then - printf "%s\n" " no matches in active blocklists" - else - printf "%s\n" "${result}" - fi - domain="${tld}" - tld="${domain#*.}" + procd_add_interface_trigger "interface.*.up" "${iface}" /etc/init.d/adblock start done fi - return 0 -} - -envchk() -{ - adb_loglevel=0 - f_envcheck - rm -f "${adb_tmpfile}" - rm -rf "${adb_tmpdir}" - adb_loglevel=1 - f_log "adblock environment check finished successfully" - return 0 } diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh new file mode 100755 index 000000000..a2e624a05 --- /dev/null +++ b/net/adblock/files/adblock.sh @@ -0,0 +1,427 @@ +#!/bin/sh +# dns based ad/abuse domain blocking +# written by Dirk Brenken (dev@brenken.org) + +# This is free software, licensed under the GNU General Public License v3. +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# set initial defaults +# +LC_ALL=C +PATH="/usr/sbin:/usr/bin:/sbin:/bin" +adb_ver="2.0.0" +adb_enabled=1 +adb_debug=0 +adb_whitelist="/etc/adblock/adblock.whitelist" +adb_whitelist_rset="\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}" +adb_dns="dnsmasq" +adb_dnsdir="/tmp/dnsmasq.d" +adb_dnshidedir="${adb_dnsdir}/.adb_hidden" +adb_dnsprefix="adb_list" +adb_dnsformat="awk '{print \"local=/\"\$0\"/\"}'" +adb_fetch="/usr/bin/wget" +adb_fetchparm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --timeout=5 --no-check-certificate -O" + +# f_envload: load adblock environment +# +f_envload() +{ + # source in system library + # + if [ -r "/lib/functions.sh" ] + then + . "/lib/functions.sh" + else + f_log "error" "status ::: system library not found" + fi + + # parse global section by callback + # + config_cb() + { + local type="${1}" + if [ "${type}" = "adblock" ] + then + option_cb() + { + local option="${1}" + local value="${2}" + eval "${option}=\"${value}\"" + } + else + reset_cb + fi + } + + # parse 'service' and 'source' sections + # + parse_config() + { + local value opt section="${1}" options="enabled adb_dir adb_src adb_src_rset adb_src_cat" + if [ "${section}" != "backup" ] + then + eval "adb_sources=\"${adb_sources} ${section}\"" + fi + for opt in ${options} + do + config_get value "${section}" "${opt}" + if [ -n "${value}" ] + then + eval "${opt}_${section}=\"${value}\"" + fi + done + } + + # load adblock config + # + config_load adblock + config_foreach parse_config service + config_foreach parse_config source +} + +# f_envcheck: check/set environment prerequisites +# +f_envcheck() +{ + # check 'enabled' option + # + if [ "${adb_enabled}" != "1" ] + then + f_log "info " "status ::: adblock is currently disabled, please set adb_enabled to '1' to use this service" + exit 0 + fi + + # check fetch utility + # + if [ -z "${adb_fetch}" ] || [ ! -f "${adb_fetch}" ] + then + f_log "error" "status ::: no download utility with ssl support found/configured" + fi + + # create dns hideout directory + # + if [ ! -d "${adb_dnshidedir}" ] + then + mkdir -p -m 660 "${adb_dnshidedir}" + else + rm -f "${adb_dnshidedir}/${adb_dnsprefix}"* + fi + + # create adblock temp file/directory + # + adb_tmpload="$(mktemp -tu)" + adb_tmpfile="$(mktemp -tu)" + adb_tmpdir="$(mktemp -p /tmp -d)" + + # prepare whitelist entries + # + if [ -s "${adb_whitelist}" ] + then + awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.whitelist" + fi + + # get system information + # + adb_sysver="$(ubus -S call system board | jsonfilter -e '@.release.description')" +} + +# f_rmtemp: remove temporary files & directories +# +f_rmtemp() +{ + rm -f "${adb_tmpload}" + rm -f "${adb_tmpfile}" + rm -rf "${adb_tmpdir}" +} + +# f_rmdns: remove dns related files & directories +# +f_rmdns() +{ + rm -f "${adb_dnsdir}/${adb_dnsprefix}"* + rm -f "${adb_dir_backup}/${adb_dnsprefix}"*.gz + rm -rf "${adb_dnshidedir}" + ubus call service delete "{\"name\":\"adblock_stats\",\"instances\":\"stats\"}" +} + +# f_dnsrestart: restart the dns server +# +f_dnsrestart() +{ + local cnt=0 + dns_running="false" + + sync + "/etc/init.d/${adb_dns}" restart + while [ ${cnt} -le 10 ] + do + dns_running="$(ubus -S call service list '{"name":"dnsmasq"}' | jsonfilter -e '@.dnsmasq.instances.*.running')" + if [ "${dns_running}" = "true" ] + then + sleep 1 + break + fi + cnt=$((cnt+1)) + sleep 1 + done +} + +# f_list: backup/restore/remove block lists +# +f_list() +{ + local mode="${1}" + + if [ "${enabled_backup}" = "1" ] && [ -d "${adb_dir_backup}" ] + then + case "${mode}" in + backup) + gzip -cf "${adb_tmpfile}" > "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" + ;; + restore) + rm -f "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" + if [ -f "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] + then + gunzip -cf "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" > "${adb_tmpfile}" + fi + ;; + remove) + rm -f "${adb_dnsdir}/${adb_dnsprefix}.${src_name}" + if [ -f "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" ] + then + rm -f "${adb_dir_backup}/${adb_dnsprefix}.${src_name}.gz" + fi + ;; + esac + fi +} + +# f_switch: suspend/resume adblock processing +# +f_switch() +{ + if [ -d "${adb_dnshidedir}" ] + then + local source target status mode="${1}" + local dns_active="$(find "${adb_dnsdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print)" + local dns_passive="$(find "${adb_dnshidedir}" -maxdepth 1 -type f -name "${adb_dnsprefix}*" -print)" + + if [ -n "${dns_active}" ] && [ "${mode}" = "suspend" ] + then + source="${adb_dnsdir}/${adb_dnsprefix}" + target="${adb_dnshidedir}" + status="suspended" + elif [ -n "${dns_passive}" ] && [ "${mode}" = "resume" ] + then + source="${adb_dnshidedir}/${adb_dnsprefix}" + target="${adb_dnsdir}" + status="resumed" + fi + if [ -n "${status}" ] + then + mv -f "${source}"* "${target}" + f_dnsrestart + f_log "info " "status ::: adblock processing ${status}" + fi + fi +} + +# f_log: write to syslog, exit on error +# +f_log() +{ + local class="${1}" + local log_msg="${2}" + + if [ -n "${log_msg}" ] && ([ "${class}" != "debug" ] || [ ${adb_debug} -eq 1 ]) + then + logger -t "adblock-[${adb_ver}] ${class}" "${log_msg}" + if [ "${class}" = "error" ] + then + f_debug + f_rmtemp + f_rmdns + f_dnsrestart + exit 255 + fi + fi +} + +# f_debug: gather memory & space information +f_debug() +{ + local mem_total=0 mem_free=0 mem_swap=0 tmp_space=0 backup_space=0 + + if [ ${adb_debug} -eq 1 ] + then + mem_total="$(awk '$1 ~ /^MemTotal/ {printf $2}' "/proc/meminfo")" + mem_free="$(awk '$1 ~ /^MemFree/ {printf $2}' "/proc/meminfo")" + mem_swap="$(awk '$1 ~ /^SwapTotal/ {printf $2}' "/proc/meminfo")" + f_log "debug" "memory ::: total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap}" + + if [ -d "${adb_tmpdir}" ] + then + tmp_space="$(df "${adb_tmpdir}" 2>/dev/null | tail -n1 | awk '{printf $4}')" + fi + if [ -d "${adb_dir_backup}" ] + then + backup_space="$(df "${adb_dir_backup}" 2>/dev/null | tail -n1 | awk '{printf $4}')" + fi + f_log "debug" "space ::: tmp_dir: ${adb_tmpdir}, tmp_kb: ${tmp_space}, backup: ${enabled_backup}, backup_dir: ${adb_dir_backup}, backup_kb: ${backup_space}" + fi +} + +# main function for block list processing +# +f_main() +{ + local rc cnt sum_cnt=0 + local enabled url src_name src_rset + local shalla_file shalla_archive list + + f_debug + f_log "debug" "main ::: tool: ${adb_fetch}, parm: ${adb_fetchparm}" + for src_name in ${adb_sources} + do + eval "enabled=\"\${enabled_${src_name}}\"" + eval "url=\"\${adb_src_${src_name}}\"" + eval "src_rset=\"\${adb_src_rset_${src_name}}\"" + adb_dnsfile="${adb_dnsdir}/${adb_dnsprefix}.${src_name}" + > "${adb_tmpload}" + > "${adb_tmpfile}" + + # basic pre-checks + # + if [ "${enabled}" = "0" ] || [ -z "${url}" ] || [ -z "${src_rset}" ] + then + f_list remove + continue + fi + + # download block list + # + f_log "debug" "loop ::: name: ${src_name}, enabled: ${enabled}, dnsfile: ${adb_dnsfile}" + if [ "${src_name}" = "blacklist" ] + then + cat "${url}" > "${adb_tmpload}" + rc=${?} + elif [ "${src_name}" = "shalla" ] + then + shalla_archive="${adb_tmpdir}/shallalist.tar.gz" + shalla_file="${adb_tmpdir}/shallalist.txt" + "${adb_fetch}" ${adb_fetchparm} "${shalla_archive}" "${url}" + rc=${?} + if [ ${rc} -eq 0 ] + then + > "${shalla_file}" + for category in ${adb_src_cat_shalla} + do + tar -xOzf "${shalla_archive}" BL/${category}/domains >> "${shalla_file}" + rc=${?} + if [ ${rc} -ne 0 ] + then + break + fi + done + cat "${shalla_file}" > "${adb_tmpload}" + rm -f "${shalla_file}" + fi + rm -f "${shalla_archive}" + rm -rf "${adb_tmpdir}/BL" + else + "${adb_fetch}" ${adb_fetchparm} "${adb_tmpload}" "${url}" + rc=${?} + fi + + # check download result and prepare domain output (incl. list backup/restore) + # + f_log "debug" "loop ::: name: ${src_name}, load-rc: ${rc}" + if [ ${rc} -eq 0 ] && [ -s "${adb_tmpload}" ] + then + awk "${src_rset}" "${adb_tmpload}" > "${adb_tmpfile}" + if [ -s "${adb_tmpfile}" ] + then + f_list backup + else + f_list restore + fi + else + f_list restore + fi + + # remove whitelist domains, sort and make them unique, final list preparation + # + if [ -s "${adb_tmpfile}" ] + then + if [ -s "${adb_tmpdir}/tmp.whitelist" ] + then + grep -vf "${adb_tmpdir}/tmp.whitelist" "${adb_tmpfile}" | sort -u | eval "${adb_dnsformat}" > "${adb_dnsfile}" + else + sort -u "${adb_tmpfile}" | eval "${adb_dnsformat}" > "${adb_dnsfile}" + fi + rc=${?} + if [ ${rc} -ne 0 ] + then + f_list remove + fi + fi + f_log "debug" "loop ::: name: ${src_name}, list-rc: ${rc}" + done + + # overall sort, make block list entries unique + # + for list in $(ls -ASr "${adb_dnsdir}/${adb_dnsprefix}"* 2>/dev/null) + do + list="${list/*./}" + if [ -s "${adb_tmpdir}/blocklist.overall" ] + then + sort "${adb_tmpdir}/blocklist.overall" "${adb_tmpdir}/blocklist.overall" "${adb_dnsdir}/${adb_dnsprefix}.${list}" | uniq -u > "${adb_tmpdir}/tmp.blocklist" + cat "${adb_tmpdir}/tmp.blocklist" > "${adb_dnsdir}/${adb_dnsprefix}.${list}" + fi + cat "${adb_dnsdir}/${adb_dnsprefix}.${list}" >> "${adb_tmpdir}/blocklist.overall" + done + + # restart & check dns server + # + f_dnsrestart + if [ "${dns_running}" = "true" ] + then + for src_name in $(ls -ASr "${adb_dnsdir}/${adb_dnsprefix}"* 2>/dev/null) + do + cnt="$(wc -l < "${src_name}")" + sum_cnt=$((sum_cnt + cnt)) + done + f_debug + f_rmtemp + f_log "info " "status ::: block lists with overall ${sum_cnt} domains loaded (${adb_sysver})" + ubus call service set "{\"name\":\"adblock_stats\",\"instances\":{\"stats\":{\"env\":{\"blocked_domains\":\"${sum_cnt}\",\"last_rundate\":\"$(/bin/date "+%d.%m.%Y %H:%M:%S")\"}}}}" + exit 0 + fi + f_log "error" "status ::: dns server restart with active block lists failed" +} + +# handle different adblock actions +# +if [ "${adb_procd}" = "true" ] +then + f_envload + case "${1}" in + stop) + f_rmtemp + f_rmdns + f_dnsrestart + ;; + suspend) + f_switch suspend + ;; + resume) + f_switch resume + ;; + *) + f_envcheck + f_main + ;; + esac +fi +exit 0 \ No newline at end of file diff --git a/net/adblock/files/www/adblock/index.html b/net/adblock/files/www/adblock/index.html deleted file mode 100644 index ff6c90342..000000000 --- a/net/adblock/files/www/adblock/index.html +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - -