LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

adblock: 0.80.1 

* fix ip6tables reject types
* simplified firewall ruleset for IPv4/IPv6
* fix memory detection (swap was always 0)
* fix dnsmasq restart after partial restore
* ad hotplug support, adblock will be started when wan interface comes
up
* change adblock init script accordingly, do nothing on 'boot'
* optimize wget parameters for faster download results (in case of an
error)
* added CC installation notes to readme
* removed needless external online check
* removed needless optional parms 'adb_maxtime', 'adb_maxloop',
'adb_probeipv4' and 'adb_probeipv6'

Signed-off-by: Dirk Brenken <openwrt@brenken.org>
lilik-openwrt-22.03
Dirk Brenken 9 years ago
parent
43fb20ccc3
commit
babad56cc6
6 changed files with 74 additions and 83 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -1
      net/adblock/Makefile
  2. +8
    -6
      net/adblock/files/README.md
  3. +32
    -70
      net/adblock/files/adblock-helper.sh
  4. +6
    -6
      net/adblock/files/adblock-update.sh
  5. +19
    -0
      net/adblock/files/adblock.hotplug
  6. +5
    -0
      net/adblock/files/adblock.init

+ 4
- 1
net/adblock/Makefile View File

@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
PKG_VERSION:=0.80.0
PKG_VERSION:=0.80.1
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <openwrt@brenken.org>
@ -49,6 +49,9 @@ define Package/$(PKG_NAME)/install
$(INSTALL_BIN) ./files/adblock-update.sh $(1)/usr/bin/
$(INSTALL_DATA) ./files/adblock-helper.sh $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_BIN) ./files/adblock.hotplug $(1)/etc/hotplug.d/iface/99-adblock
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/adblock.init $(1)/etc/init.d/adblock


+ 8
- 6
net/adblock/files/README.md View File

@ -51,6 +51,7 @@ When the dns server on your router receives dns requests, you will sort out quer
* status & error logging to stdout and syslog
* use of dynamic uhttpd instance as adblock pixel server
* openwrt init system support (start/stop/restart/reload)
* hotplug support, adblock start will be triggered by wan 'ifup' event
* optional features (disabled by default):
* adblock list backup/restore
* debug logging to separate file
@ -62,8 +63,8 @@ When the dns server on your router receives dns requests, you will sort out quer
* optional: 'kmod-ipt-nat6' for IPv6 support
* the above dependencies and requirements will be checked during package installation & script runtime
## Usage
* install the adblock package (*opkg install adblock*)
## Installation & Usage
* install the adblock package (*opkg update & opkg install adblock*)
* start the adblock service with */etc/init.d/adblock start* and check *logread -e "adblock"* for adblock related information
* optional: enable/disable your required adblock list sources in */etc/config/adblock* - 'adaway', 'disconnect' and 'yoyo' are enabled by default
* optional: maintain the adblock service in luci under 'System => Startup'
@ -73,6 +74,11 @@ For easy management of the various blocklist sources and and the adblock options
Please install the package 'luci-app-adblock'. Then you will find the application in LuCI located under 'Services' menu.
Thanks to Hannu Nyman for this great adblock LuCI frontend!
## CC installation notes
* currently the adblock package is *not* part of the CC package repository
* download the latest adblock package *adblock_x.xx.x-1_all.ipk* from a DD snapshot [package directory](https://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/packages)
* manual transfer the package to your router and install the opkg package as usual
## Tweaks
* there is no need to enable all blacklist sites at once, for normal use one to three adblock list sources should be sufficient
* if you really need to handle all blacklists at once add an usb stick or any other storage device to supersize your temp directory with a swap partition => see [openwrt wiki](https://wiki.openwrt.org/doc/uci/fstab) for further details
@ -90,10 +96,6 @@ Thanks to Hannu Nyman for this great adblock LuCI frontend!
* adb\_port => port of the adblock uhttpd instance (default: '65535')
* adb\_nullipv4 => IPv4 blackhole ip address (default: '192.0.2.1')
* adb\_nullipv6 => IPv6 blackhole ip address (default: '::ffff:c000:0201')
* adb\_probeipv4 => IPv4 address used for uplink online check (default: '8.8.8.8')
* adb\_probeipv6 => IPv6 address used for uplink online check (default: '2001:4860:4860::8888')
* adb\_maxtime => download timeout limit in seconds (default: '60')
* adb\_maxloop => startup timeout limit in seconds to wait for an active wan interface (default: '20')
## Background
This adblock package is a dns/dnsmasq based adblock solution for openwrt.


+ 32
- 70
net/adblock/files/adblock-helper.sh View File

@ -86,10 +86,6 @@ f_envparse()
adb_port="65535"
adb_nullipv4="192.0.2.1"
adb_nullipv6="::ffff:c000:0201"
adb_probeipv4="8.8.8.8"
adb_probeipv6="2001:4860:4860::8888"
adb_maxtime="60"
adb_maxloop="20"
adb_blacklist="/etc/adblock/adblock.blacklist"
adb_whitelist="/etc/adblock/adblock.whitelist"
@ -198,47 +194,23 @@ f_envparse()
# get logical wan update interfaces (with default route) and their device names
#
while [ $((adb_cnt)) -le $((adb_maxloop)) ]
do
network_find_wan adb_wanif4 2>/dev/null
network_find_wan6 adb_wanif6 2>/dev/null
if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
then
network_flush_cache
elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
then
rc=125
f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
else
network_get_device adb_wandev4 "${adb_wanif4}" 2>/dev/null
network_get_device adb_wandev6 "${adb_wanif6}" 2>/dev/null
if [ -n "${adb_wandev4}" ]
then
rc="$(ping -q -4 -c1 -W1 -I${adb_wandev4} "${adb_probeipv4}" >/dev/null 2>&1; printf ${?})"
if [ $((rc)) -eq 0 ]
then
f_log "get active IPv4 wan update interface/device (${adb_wanif4}/${adb_wandev4})"
break
fi
elif [ -n "${adb_wandev6}" ]
then
rc="$(ping -q -6 -c1 -W1 -I${adb_wandev6} "${adb_probeipv6}" >/dev/null 2>&1; printf ${?})"
if [ $((rc)) -eq 0 ]
then
f_log "get active IPv6 wan update interface/device (${adb_wanif6}/${adb_wandev6})"
break
fi
fi
fi
if [ $((adb_cnt)) -ge $((adb_maxloop)) ]
then
rc=125
f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
fi
adb_cnt=$((adb_cnt + 1))
done
network_find_wan adb_wanif4 2>/dev/null
network_find_wan6 adb_wanif6 2>/dev/null
if [ -z "${adb_wanif4}" ] && [ -z "${adb_wanif6}" ]
then
rc=125
f_log "no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
elif [ "${adb_wanif4}" = "${adb_lanif}" ] || [ "${adb_wanif6}" = "${adb_lanif}" ]
then
rc=125
f_log "LAN only (${adb_lanif}) network, no valid IPv4/IPv6 wan update interface found" "${rc}"
f_exit
else
network_get_device adb_wandev4 "${adb_wanif4}" 2>/dev/null
network_get_device adb_wandev6 "${adb_wanif6}" 2>/dev/null
break
fi
# get lan ip addresses
#
@ -287,12 +259,11 @@ f_envcheck()
# check ca-certificates package and set wget parms accordingly
#
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5 --connect-timeout=5 --read-timeout=5"
check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)"
if [ -z "${check}" ]
then
wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
else
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
wget_parm="${wget_parm} --no-check-certificate"
fi
# check adblock blacklist/whitelist configuration
@ -326,16 +297,15 @@ f_envcheck()
f_exit
fi
# check total and swap memory
# memory check
#
mem_total="$(grep -F "MemTotal" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
mem_free="$(grep -F "MemFree" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
swap_total="$(grep -F "SwapTotal" "/proc/meminfo" 2>/dev/null | grep -o "[0-9]*" 2>/dev/null)"
if [ $((mem_total)) -le 64000 ] && [ $((swap_total)) -eq 0 ]
mem_total="$(awk '$1 ~ /^MemTotal/ {print $2}' "/proc/meminfo" 2>/dev/null)"
mem_free="$(awk '$1 ~ /^MemFree/ {print $2}' "/proc/meminfo" 2>/dev/null)"
mem_swap="$(awk '$1 ~ /^SwapTotal/ {print $2}' "/proc/meminfo" 2>/dev/null)"
if [ $((mem_total)) -le 64000 ] && [ $((mem_swap)) -eq 0 ]
then
adb_unique=0
f_log "not enough memory, overall sort/unique processing will be disabled"
f_log "please consider adding an external swap device to supersize your temp directory (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
f_log "not enough memory, overall sort processing will be disabled (total: ${mem_total}, free: ${mem_free}, swap: ${mem_swap})"
fi
# check backup configuration
@ -382,12 +352,8 @@ f_envcheck()
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns" "! -i ${adb_wandev4} -p tcp --dport 53 -j REDIRECT"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -p udp -d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-proto-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -p udp -d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-proto-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output" "! -i ${adb_wandev4} -d ${adb_nullipv4} -j REJECT --reject-with icmp-host-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv4 firewall ruleset"
@ -402,12 +368,8 @@ f_envcheck()
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -m multiport --dports 80,443 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns" "! -i ${adb_wandev6} -p tcp --dport 53 -j REDIRECT"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -p udp -d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp-proto-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -p udp -d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp-proto-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output" "! -i ${adb_wandev6} -d ${adb_nullipv6} -j REJECT --reject-with icmp6-addr-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv6 firewall ruleset"
@ -691,9 +653,9 @@ f_exit()
fi
if [ -n "${adb_wanif6}" ]
then
ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
ipv6_forward="$(${iptv6} -vnL | awk '$11 ~ /^adb-forward$/ {sum += $1} END {print sum}')"
ipv6_output="$(${iptv6} -vnL | awk '$11 ~ /^adb-output$/ {sum += $1} END {print sum}')"
ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$10 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
ipv6_forward="$(${iptv6} -vnL | awk '$10 ~ /^adb-forward$/ {sum += $1} END {print sum}')"
ipv6_output="$(${iptv6} -vnL | awk '$10 ~ /^adb-output$/ {sum += $1} END {print sum}')"
fi
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then


+ 6
- 6
net/adblock/files/adblock-update.sh View File

@ -45,7 +45,7 @@ fi
# get current directory, script- and openwrt version
#
adb_scriptdir="${0%/*}"
adb_scriptver="0.80.0"
adb_scriptver="0.80.1"
openwrt_version="$(cat /etc/openwrt_version 2>/dev/null)"
# source in adblock function library
@ -100,7 +100,7 @@ then
# only process shallalist archive with updated timestamp,
# extract and merge only domains of selected shallalist categories
#
shalla_time="$(${adb_fetch} ${wget_parm} --timeout=5 --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${adb_arc_shalla}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
shalla_time="${shalla_time/*: /}"
if [ -z "${shalla_time}" ]
then
@ -109,7 +109,7 @@ then
fi
if [ -z "${list_time}" ] || [ "${list_time}" != "${shalla_time}" ]
then
${adb_fetch} ${wget_parm} --timeout="${adb_maxtime}" --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
${adb_fetch} ${wget_parm} --output-document="${shalla_archive}" "${adb_arc_shalla}" 2>/dev/null
rc=${?}
if [ $((rc)) -eq 0 ]
then
@ -184,7 +184,7 @@ do
then
url_time="${shalla_time}"
else
url_time="$(${adb_fetch} ${wget_parm} --timeout=5 --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
url_time="$(${adb_fetch} ${wget_parm} --server-response --spider "${url}" 2>&1 | grep -F "Last-Modified: " 2>/dev/null | tr -d '\r' 2>/dev/null)"
url_time="${url_time/*: /}"
fi
if [ -z "${url_time}" ]
@ -203,7 +203,7 @@ do
tmp_domains="$(cat "${shalla_file}" 2>/dev/null)"
rc=${?}
else
tmp_domains="$(${adb_fetch} ${wget_parm} --timeout="${adb_maxtime}" --output-document=- "${url}" 2>/dev/null)"
tmp_domains="$(${adb_fetch} ${wget_parm} --output-document=- "${url}" 2>/dev/null)"
rc=${?}
fi
else
@ -413,7 +413,7 @@ fi
# restart dnsmasq with newly generated or deleted adblock lists,
# check dnsmasq startup afterwards
#
if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ]
if [ -n "${adb_revsrclist}" ] || [ -n "${rm_done}" ] || [ -n "${restore_done}" ]
then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2


+ 19
- 0
net/adblock/files/adblock.hotplug View File

@ -0,0 +1,19 @@
#!/bin/sh
#
if [ -f "/var/run/adblock.pid" ] || [ "${ACTION}" != "ifup" ]
then
exit 0
fi
. /lib/functions/network.sh
adb_pid="${$}"
adb_logger="/usr/bin/logger"
network_find_wan adb_wanif4
network_find_wan6 adb_wanif6
if [ "${INTERFACE}" = "${adb_wanif4}" ] || [ "${INTERFACE}" = "${adb_wanif6}" ]
then
/etc/init.d/adblock start
"${adb_logger}" -t "adblock[${adb_pid}] info " "adblock service started due to '${ACTION}' of '${INTERFACE}' interface"
fi

+ 5
- 0
net/adblock/files/adblock.init View File

@ -23,6 +23,11 @@ then
exit 255
fi
boot()
{
return 0
}
start()
{
eval "${adb_script}" ${bg_parm}


Write Preview
Loading…
Cancel
Save