From b07aae26c157e13d89234b70155a819b4676913e Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Fri, 27 Mar 2020 20:26:39 +0100 Subject: [PATCH] adblock: release 4.0.0 * new package dependencies: coreultis-sort and a download util with SSL support * focus on speed (multicore-support) to handle quite big lists * include 38 pre-configured blocklist sources in a compressed json file (/etc/adblock/adblock.sources.gz) * dynamic SafeSearch support for google, bing, duckduckgo, yandex, youtube and pixabay (CNAME (bind) & IP (dnsmaq, unbound)) * DNS backend autodetection * Download Utility autodetection * Report Interface autodetection * Easy cron wrapper to set an adblock related auto-timer for automatic blocklist updates * raw domain/blocklist support (e.g. for dnscrypt support) * re-add restrictive Jaillist support * rework online doc * Complete LuCI rewrite (migrated to client side JS) Signed-off-by: Dirk Brenken --- net/adblock/Makefile | 10 +- net/adblock/files/README.md | 534 +++--- net/adblock/files/adblock.conf | 178 +- net/adblock/files/adblock.init | 175 +- net/adblock/files/adblock.mail | 40 +- .../{adblock.service => adblock.monitor} | 9 +- net/adblock/files/adblock.sh | 1537 ++++++++++------- net/adblock/files/adblock.sources | 280 +++ 8 files changed, 1586 insertions(+), 1177 deletions(-) rename net/adblock/files/{adblock.service => adblock.monitor} (75%) create mode 100644 net/adblock/files/adblock.sources diff --git a/net/adblock/Makefile b/net/adblock/Makefile index 3c55ff9e8..fadf6e028 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -1,12 +1,12 @@ # -# Copyright (c) 2015-2019 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2015-2020 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # include $(TOPDIR)/rules.mk PKG_NAME:=adblock -PKG_VERSION:=3.8.15 +PKG_VERSION:=4.0.0 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken @@ -17,7 +17,7 @@ define Package/adblock SECTION:=net CATEGORY:=Network TITLE:=Powerful adblock script to block ad/abuse domains by using DNS - DEPENDS:=+jshn +jsonfilter + DEPENDS:=+jshn +jsonfilter +coreutils +coreutils-sort @(PACKAGE_aria2||PACKAGE_curl||PACKAGE_wget||PACKAGE_uclient-fetch&&(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl)) PKGARCH:=all endef @@ -55,9 +55,11 @@ define Package/adblock/install $(INSTALL_DIR) $(1)/etc/adblock $(INSTALL_BIN) ./files/adblock.mail $(1)/etc/adblock - $(INSTALL_BIN) ./files/adblock.service $(1)/etc/adblock + $(INSTALL_BIN) ./files/adblock.monitor $(1)/etc/adblock $(INSTALL_CONF) ./files/adblock.blacklist $(1)/etc/adblock $(INSTALL_CONF) ./files/adblock.whitelist $(1)/etc/adblock + $(INSTALL_CONF) ./files/adblock.sources $(1)/etc/adblock + gzip -9 $(1)/etc/adblock/adblock.sources endef $(eval $(call BuildPackage,adblock)) diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index 84518aef6..a2540958f 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -4,200 +4,197 @@ A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other (wlan) gadget!? Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your router. When the DNS server on your router receives DNS requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but **N**on-e**X**istent Internet or Intranet domain name, if domain name is unable to resolved using the DNS server, a condition called the 'NXDOMAIN' occurred. ## Main Features -* Support of the following domain blocklist sources (free for private usage, for commercial use please check their individual licenses): - * [adaway](https://adaway.org) - * Infrequent updates, approx. 400 entries (enabled by default) - * [adguard](https://adguard.com) - * Numerous updates on the same day, approx. 12.000 entries - * [bitcoin](https://github.com/hoshsadiq/adblock-nocoin-list) - * Infrequent updates, approx. 15 entries - * [blacklist]() - * Static local blacklist, located by default in `/etc/adblock/adblock.blacklist` - * [disconnect](https://disconnect.me) - * Numerous updates on the same day, approx. 6.500 entries (enabled by default) - * [dshield](http://dshield.org) - * Daily updates, approx. 4.500 entries - * [hphosts](https://hosts-file.net) - * Monthly updates, approx. 50.000 entries - * [malwaredomains](http://malwaredomains.com) - * Daily updates, approx. 16.000 entries - * [malwaredomainlist](http://www.malwaredomainlist.com) - * Daily updates, approx. 1.500 entries - * [openphish](https://openphish.com) - * Numerous updates on the same day, approx. 1.800 entries - * [reg_cn](https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt) - * Regional blocklist for China, daily updates, approx. 1.600 entries - * [reg_cz](https://raw.githubusercontent.com/qxstyles/turris-hole-czech-block-list/master/turris-hole-czech-block-list) - * Regional blocklist for Czechia, maintained by Turris Omnia Users, infrequent updates, approx. 100 entries - * [reg_de](https://easylist-downloads.adblockplus.org/easylistgermany+easylist.txt) - * Regional blocklist for Germany, daily updates, approx. 9.200 entries - * [reg_id](https://easylist-downloads.adblockplus.org/abpindo+easylist.txt) - * Regional blocklist for Indonesia, daily updates, approx. 800 entries - * [reg_nl](https://easylist-downloads.adblockplus.org/easylistdutch+easylist.txt) - * Regional blocklist for the Netherlands, weekly updates, approx. 1300 entries - * [reg_pl](http://adblocklist.org) - * Regional blocklist for Poland, daily updates, approx. 50 entries - * [reg_ro](https://easylist-downloads.adblockplus.org/rolist+easylist.txt) - * Regional blocklist for Romania, weekly updates, approx. 600 entries - * [reg_ru](https://code.google.com/p/ruadlist) - * Regional blocklist for Russia, weekly updates, approx. 2.000 entries - * [shallalist](http://www.shallalist.de) (categories "adv" "costtraps" "spyware" "tracker" "warez" enabled by default) - * Daily updates, approx. 32.000 entries (a short description of all categories can be found [online](http://www.shallalist.de/categories.html)) - * [spam404](http://www.spam404.com) - * Infrequent updates, approx. 5.000 entries - * [sysctl/cameleon](http://sysctl.org/cameleon) - * Weekly updates, approx. 21.000 entries - * [ut_capitole](https://dsi.ut-capitole.fr/blacklists) (categories "cryptojacking" "ddos" "malware" "phishing" "warez" enabled by default) - * Daily updates, approx. 64.000 entries (a short description of all categories can be found [online](https://dsi.ut-capitole.fr/blacklists/index_en.php)) - * [whocares](https://someonewhocares.org) - * Weekly updates, approx. 12.000 entries - * [winhelp](http://winhelp2002.mvps.org) - * Infrequent updates, approx. 15.000 entries - * [winspy](https://github.com/crazy-max/WindowsSpyBlocker) - * Infrequent updates, approx. 120 entries - * [yoyo](http://pgl.yoyo.org/adservers) - * Weekly updates, approx. 2.500 entries (enabled by default) +* Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses) + +| Source | Enabled | Size | Focus | Information | +| :------------------ | :-----: | :--- | :--------------- | :--------------------------------------------------------------- | +| adaway | x | S | mobile | [Link](https://github.com/AdAway/adaway.github.io) | +| adguard | x | L | general | [Link](https://adguard.com) | +| andryou | | L | compilation | [Link](https://gitlab.com/andryou/block/-/blob/master/readme.md) | +| bitcoin | | S | mining | [Link](https://github.com/hoshsadiq/adblock-nocoin-list) | +| disconnect | x | S | general | [Link](https://disconnect.me) | +| dshield | | XL | general | [Link](https://dshield.org) | +| energized_blugo | | XL | compilation | [Link](https://github.com/EnergizedProtection/block) | +| energized_blu | | XL | compilation | [Link](https://github.com/EnergizedProtection/block) | +| energized_porn | | XXL | compilation+porn | [Link](https://github.com/EnergizedProtection/block) | +| energized_unified | | XXL | compilation | [Link](https://github.com/EnergizedProtection/block) | +| hphosts | | M | general | [Link](https://hosts-file.net) | +| malwaredomains | | M | malware | [Link](https://malwaredomains.com) | +| malwarelist | | S | malware | [Link](https://www.malwaredomainlist.com) | +| notracking | | XL | tracking | [Link](https://github.com/notracking/hosts-blocklists) | +| oisd_nl | | XXL | general | [Link](https://oisd.nl) | +| openphish | | S | phishing | [Link](https://openphish.com) | +| phishing_army | | S | phishing | [Link](https://phishing.army) | +| reg_cn | | M | reg_china | [Link](https://easylist.to) | +| reg_de | | M | reg_germany | [Link](https://easylist.to) | +| reg_es | | M | reg_espania | [Link](https://easylist.to) | +| reg_fi | | S | reg_finland | [Link](https://github.com/finnish-easylist-addition) | +| reg_id | | M | reg_indonesia | [Link](https://easylist.to) | +| reg_nl | | M | reg_netherlands | [Link](https://easylist.to) | +| reg_pl | | S | reg_poland | [Link](http://adblocklist.org) | +| reg_ro | | M | reg_romania | [Link](https://easylist.to) | +| reg_ru | | M | reg_russia | [Link](https://easylist.to) | +| shallalist | | L | general | [Link](https://www.shallalist.de) | +| shallalist_porn | | XXL | general+porn | [Link](https://www.shallalist.de) | +| smarttv | | S | smarttv | [Link](https://github.com/Perflyst/PiHoleBlocklist) | +| spam404 | | S | general | [Link](https://github.com/Dawsey21) | +| stevenblack | | L | compilation | [Link](https://github.com/StevenBlack/hosts) | +| sysctl | | M | general | [Link](http://sysctl.org/cameleon) | +| utcapitole | | L | general | [Link](https://dsi.ut-capitole.fr/blacklists/index_en.php) | +| utcapitole_porn | | XXL | general+porn | [Link](https://dsi.ut-capitole.fr/blacklists/index_en.php) | +| whocares | | M | general | [Link](https://someonewhocares.org) | +| winhelp | | S | general | [Link](http://winhelp2002.mvps.org) | +| winspy | | S | win_telemetry | [Link](https://github.com/crazy-max/WindowsSpyBlocker) | +| yoyo | x | S | general | [Link](http://pgl.yoyo.org/adservers) | + +* List of supported and fully pre-configured adblock sources, already active sources are pre-selected. + To avoid OOM errors, please do not select too many lists! + List size recommendations as follows: + • S (-10k), M (10k-30k) and L (30k-80k) should work for 128 MByte devices, + • XL (80k-200k) should work for 256-512 MByte devices, + • XXL (200k-) needs more RAM and Multicore support, e.g. x86 or raspberry devices. * Zero-conf like automatic installation & setup, usually no manual changes needed * Simple but yet powerful adblock engine: adblock does not use error prone external iptables rulesets, http pixel server instances and things like that -* Support four different DNS backends: `dnsmasq`, `unbound`, `named` (bind) and `kresd` -* Support two different DNS blocking variants: `nxdomain` (default, supported by all backends), `null` (supported only by `dnsmasq`) -* Support six different download utilities: `uclient-fetch`, `wget`, `curl`, `aria2c`, `wget-nossl`, `busybox-wget` -* Fast downloads & list processing as they are handled in parallel running background jobs (see 'Download Queue') -* Provide `http only` mode without installed SSL library for all non-SSL blocklist sources -* Support a wide range of router modes, even AP modes are supported +* Supports five different DNS backend formats: dnsmasq, unbound, named (bind), kresd or raw (e.g. used by dnscrypt-proxy) +* Supports four different SSL-enabled download utilities: uclient-fetch, wget, curl or aria2c +* Supports SafeSearch for google, bing, duckduckgo, yandex, youtube and pixabay +* Fast downloads & list processing as they are handled in parallel running background jobs with multicore support +* Supports a wide range of router modes, even AP modes are supported * Full IPv4 and IPv6 support -* Provide top level domain compression (`tld compression`), this feature removes thousands of needless host entries from the blocklist and lowers the memory footprint for the DNS backend -* Provide a 'DNS File Reset', where the final DNS blockfile will be purged after DNS backend loading to save storage space -* Blocklist source parsing by fast & flexible regex rulesets -* Overall duplicate removal in central blocklist `adb_list.overall` -* Additional blacklist for manual overrides, located by default in `/etc/adblock/adblock.blacklist` or in LuCI -* Additional whitelist for manual overrides, located by default in `/etc/adblock/adblock.whitelist` or in LuCI +* Provides top level domain compression ('tld compression'), this feature removes thousands of needless host entries from the blocklist and lowers the memory footprint for the DNS backend +* Provides a 'DNS File Reset', where the generated DNS blocklist file will be purged after DNS backend loading to save storage space +* Source parsing by fast & flexible regex rulesets, all rules and source information are placed in an external/compredd JSON file ('/etc/adblock/adblock.sources.gz') +* Overall duplicate removal in generated blocklist file 'adb_list.overall' +* Additional local blacklist for manual overrides, located in '/etc/adblock/adblock.blacklist' +* Additional local whitelist for manual overrides, located in '/etc/adblock/adblock.whitelist' * Quality checks during blocklist update to ensure a reliable DNS backend service * Minimal status & error logging to syslog, enable debug logging to receive more output -* procd based init system support (`start/stop/restart/reload/suspend/resume/query/status`) -* procd network interface trigger support or classic time based startup -* Keep the DNS cache intact after adblock processing (currently supported by unbound, named and kresd) -* Suspend & resume adblock actions temporarily without blocklist reloading -* Provide comprehensive runtime information via LuCI or via `status` init command -* Provide a detailed DNS Query Report with DNS related information about client requests, top (blocked) domains and more -* Provide a query function to quickly identify blocked (sub-)domains, e.g. for whitelisting. This function is also able to search in adblock backups and black-/whitelist, to get back the set of blocking lists sources for a certain domain -* Option to force DNS requests to the local resolver +* Procd based init system support ('start', 'stop', 'restart', 'reload', 'enable', 'disable', 'running', 'status', 'suspend', 'resume', 'query', 'report', 'list', 'timer') +* Auto-Startup via procd network interface trigger or via classic time based startup +* Suspend & Resume adblock temporarily without blocklist reloading +* Provides comprehensive runtime information +* Provides a detailed DNS Query Report with DNS related information about client requests, top (blocked) domains and more +* Provides a powerful query function to quickly find blocked (sub-)domains, e.g. for whitelisting +* Provides an easily configurable blocklist update scheduler called 'Refresh Timer' +* Includes an option to generate an additional, restrictive 'adb_list.jail' to block access to all domains except those listed in the whitelist file. You can use this restrictive blocklist manually e.g. for guest wifi or kidsafe configurations +* Includes an option to force DNS requests to the local resolver * Automatic blocklist backup & restore, these backups will be used in case of download errors and during startup -* Send notification emails in case of a processing error or if the overall domain count is ≤ 0 +* Send notification E-Mails in case of a processing error or if the overall domain count is ≤ 0 * Add new adblock sources on your own, see example below -* Strong LuCI support for all options +* Strong LuCI support, all relevant options are exposed to the web frontend -## Installation & Usage -### Prerequisites -* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07) and with the latest snapshot +## Prerequisites +* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest rolling snapshot releases. On turris devices it has been successfully tested with TurrisOS 5.1.x + Please note: Older OpenWrt releases like 18.06.x or 17.01.x are _not_ supported! + Please note: Devices with less than 128 MByte RAM are _not_ supported! * A usual setup with an enabled DNS backend at minimum - dump AP modes without a working DNS backend are _not_ supported -* A download utility: - * To support all blocklist sources and in order to run the default configuration of `adblock`, a full version (with SSL support) of `wget`, `uclient-fetch` with one of the `libustream-*` SSL libraries, `aria2c` or `curl` is required - * The package used by default is probably `uclient-fetch` so in order to make `adblock` work with its default configuration it is needed to install one of the `libustream-*` SSL libraries. Example: `opkg install libustream-openssl` - * For limited devices with real memory constraints, adblock provides also a `http only` option and supports `wget-nossl` and `uclient-fetch` (without `libustream-ssl`) as well - * For more configuration options see examples below -* Email notification (optional): For email notification support you need the additional `msmtp` package -* DNS Query Report (optional): For this detailed report you need the additional package `tcpdump` or `tcpdump-mini` - -### Installation of the core package -* Install `adblock` (`opkg install adblock`) +* A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required +* Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package +* Optional DNS Query Report support: for DNS reporting you need to install the additional package 'tcpdump-mini' or 'tcpdump' -### LuCI adblock companion package -* It is strongly recommended to use the LuCI frontend to easily configure all powerful aspects of adblock -* Install `luci-app-adblock` (`opkg install luci-app-adblock`) -* The application is located in LuCI under the `Services` menu - -### Configuration and controlling -* At minimum configure the appropriate DNS backend (`dnsmasq` by default), the download utility and enable the adblock service in `/etc/config/adblock` -* Control the adblock service manually with `/etc/init.d/adblock` `start/stop/restart/reload/suspend/resume/status` or use the LuCI frontend +## Installation & Usage +* Update your local opkg repository (_opkg update_) +* Install 'adblock' (_opkg install adblock_). The adblock service is enabled by default +* Install the LuCI companion package 'luci-app-adblock' (_opkg install luci-app-adblock_) +* It's strongly recommended to use the LuCI frontend to easily configure all aspects of adblock, the application is located in LuCI under the 'Services' menu +* Update from a former adblock version is easy. During the update a backup is made of the old configuration '/etc/config/adblock-backup' and replaced by the new config - that's all -#### Tweaks -* **Runtime information:** The adblock status is available via `/etc/init.d/adblock status` (see example below) -* **Debug logging:** For script debugging please set the config option `adb\_debug` to `1` and check the runtime output with `logread -e "adblock"` -* **Storage expansion:** To process and store all blocklist sources at once it might be helpful to enlarge your temp directory with a swap partition => see [OpenWrt Wiki](https://openwrt.org/docs/guide-user/storage/fstab) for further details -* **coreutils sort:** To speedup adblock processing in particular with many enabled blocklist sources it is recommended to install the additional package `coreutils-sort` -* **Add white- / blacklist entries:** Add domain black- or whitelist entries to always-deny or -allow certain (sub) domains, by default both lists are empty and located in `/etc/adblock`. Please add one domain per line - ip addresses, wildcards & regex are _not_ allowed (see example below). You need to refresh your blocklists after changes to these static lists. -* **Download queue size:** For further download & list processing performance improvements you can raise the `adb\_maxqueue` value, e.g. `8` or `16` should be safe -* **Scheduled list updates:** For a scheduled call of the adblock service add an appropriate crontab entry (see example below) -* **Change startup behaviour:** By default the startup will be triggered by the `wan` procd interface trigger. Choose `none` to disable automatic startups, `timed` to use a classic timeout (default 30 sec.) or select another trigger interface -* **Suspend & resume adblocking:** To quickly switch the adblock service `on` or `off`, simply use `/etc/init.d/adblock [suspend|resume]` -* **Domain query:** To query the active blocklist for a certain domain, please use the LuCI frontend or run _/etc/init.d/adblock query ``_ (see example below) -* **Add new list sources:** You can add new blocklist sources on your own via uci config, all you need is a source url and an awk one-liner (see example below) +## Adblock CLI Options +* All important adblock functions are accessible via CLI as well. +Please note: The 'status' command in 19.07.x and TurrisOS is only available via 'status_service' +

+/etc/init.d/adblock 
+Syntax: /etc/init.d/adblock [command]
 
-#### Further adblock config options
-* Usually the pre-configured adblock setup works quite well and no manual overrides are needed
-* The following options apply to the `global` config section:
-    * `adb_enabled` => Main switch to enable/disable adblock service (default: `0`, disabled)
-    * `adb_dns` => Select the DNS backend for your environment: `dnsmasq`, `unbound`, `named` or `kresd` (default: `dnsmasq`)
-    * `adb_dnsvariant` => Select the blocking variant: `nxdomain` (default, supported by all backends), `null (IPv4)` and `null (IPv4/IPv6)` both options are only supported by `dnsmasq`
-    * `adb_fetchutil` => Name of the used download utility: `uclient-fetch`, `wget`, `curl`, `aria2c`, `wget-nossl` or `busybox` (default: `uclient-fetch`)
-    * `adb_fetchparm` => Special config options for the download utility (default: not set)
-    * `adb_trigger` => Set the startup trigger to a certain interface, to `timed` or to `none` (default: `wan`)
-* The following options apply to the `extra` config section:
-    * `adb_debug` => Enable/disable adblock debug output (default: `0`, disabled)
-    * `adb_nice` => Set the nice level of the adblock process and all sub-processes (int/default: `0`, standard priority)
-    * `adb_forcedns` => Force DNS requests to local resolver (bool/default: `0`, disabled)
-    * `adb_maxqueue` => Size of the download queue to handle downloads & list processing in parallel (int/default: `8`)
-    * `adb_dnsfilereset` => The final DNS blockfile will be purged after DNS backend loading to save storage space (bool/default: `false`, disabled)
-    * `adb_report` => Enable the background tcpdump gathering process to provide a detailed DNS Query Report (bool/default: `0`, disabled)
-    * `adb_repdir` => Target directory for DNS related report files generated by tcpdump (default: `/tmp`)
-    * `adb_backupdir` => Target directory for adblock backups (default: `/tmp`)
-    * `adb_mail` => Send notification emails in case of a processing errors or if the overall domain count is ≤ 0 (bool/default: `0`, disabled)
-    * `adb_mreceiver` => Receiver address for adblock notification emails (default: not set)
-* The following options could be added via "Additional Field" in LuCI and apply to the `extra` config section as well:
-    * `adb_dnsdir` => Target directory for the generated blocklist `adb_list.overall` (default: not set, use DNS backend default)
-    * `adb_dnsinstance` => set the relevant adblock enabled dnsmasq instance (int/default: '0', first dnsmasq instance)
-    * `adb_blacklist` => Full path to the static blacklist file (default: `/etc/adblock/adblock.blacklist`)
-    * `adb_whitelist` => Full path to the static whitelist file (default: `/etc/adblock/adblock.whitelist`)
-    * `adb_triggerdelay` => Additional trigger delay in seconds before adblock processing begins (int/default: `2`)
-    * `adb_maxtld` => Disable the tld compression, if the number of blocked domains is greater than this value (int/default: `100000`)
-    * `adb_portlist` => Space separated list of fw ports which should be redirected locally (default: `53 853 5353`)
-    * `adb_dnsinotify` => Disable adblock triggered restarts and the 'DNS File Reset' for DNS backends with autoload features (bool/default: `false`, disabled)
-    * `adb_dnsflush` => Flush DNS cache after adblock processing, i.e. enable the old restart behavior (bool/default: `0`, disabled)
-    * `adb_repiface` => Reporting interface used by tcpdump, set to `any` for multiple interfaces (default: `br-lan`)
-    * `adb_replisten` => Space separated list of reporting port(s) used by tcpdump (default: `53`)
-    * `adb_repchunkcnt` => Report chunk count used by tcpdump (default: `5`)
-    * `adb_repchunksize` => Report chunk size used by tcpdump in MB (int/default: `1`)
-    * `adb_msender` => Sender address for adblock notification emails (default: `no-reply@adblock`)
-    * `adb_mtopic` => Topic for adblock notification emails (default: `adblock notification`)
-    * `adb_mprofile` => Email profile used in `msmtp` for adblock notification emails (default: `adb_notify`)
-    * `adb_mcnt` => Raise the minimum domain count email notification trigger (int/default: `0`)
+Available commands:
+	start	Start the service
+	stop	Stop the service
+	restart	Restart the service
+	reload	Reload configuration files (or restart if service does not implement reload)
+	enable	Enable service autostart
+	disable	Disable service autostart
+	running	Check if service is running
+	status	Service status
+	suspend	Suspend adblock processing
+	resume	Resume adblock processing
+	query	<domain> Query active blocklists and backups for a specific domain
+	report	[<search>] Print DNS statistics with an optional search parameter
+	list	[[<add>|<remove>] [source(s)]] List available adblock sources or add/remove them from config
+	timer	<action> <hour> [<minute>] [<weekday>] Set a cron based update interval
+
-#### Examples -**Change default DNS backend to `unbound`:** +## Adblock Config Options +* Usually the auto pre-configured adblock setup works quite well and no manual overrides are needed -Adblock deposits the final blocklist `adb_list.overall` in `/var/lib/unbound` where unbound can find them in its jail, no further configuration needed. -To preserve the DNS cache after adblock processing you need to install `unbound-control`. +| Option | Default | Description/Valid Values | +| :---------------- | :------------------------ | :--------------------------------------------------------------------------------------------- | +| adb_enabled | 1, enabled | set to 0 to disable the adblock service | +| adb_dns | -, auto-detected | 'dnsmasq', 'unbound', 'named', 'kresd' or 'raw' | +| adb_dnsdir | -, auto-detected | path for the generated blocklist file 'adb_list.overall' | +| adb_fetchutil | -, auto-detected | 'uclient-fetch', 'wget', 'curl' or 'aria2c' | +| adb_fetchparm | -, auto-detected | special config options for the selected download utility | +| adb_trigger | -, not set | trigger network interface or 'not set' to use a time-based startup | +| adb_triggerdelay | 2 | additional trigger delay in seconds before adblock processing begins | +| adb_debug | 0, disabled | set to 1 to enable the debug output | +| adb_nice | 0, standard prio. | valid nice level range 0-19 of the adblock processes | +| adb_forcedns | 0, disabled | set to 1 to force DNS requests to the local resolver | +| adb_maxqueue | 4 | size of the download queue to handle downloads & list processing in parallel | +| adb_dnsfilereset | 0, disabled | set to 1 to purge the final DNS blocklist file after DNS backend loading | +| adb_dnsflush | 0, disabled | set to 1 to flush the DNS Cache before & after adblock processing | +| adb_dnsinotify | -, not set | set to 1 to prevent adblock triggered restarts for DNS backends with autoload functions | +| adb_dnsallow | -, not set | set to 1 to disable selective DNS whitelisting (RPZ pass through) | +| adb_dnstimeout | 10 | timeout in seconds to wait for a successful DNS backend restart | +| adb_lookupdomain | example.com | external domain to check for a successful DNS backend restart or 'false' to disable this check | +| adb_portlist | 53 853 5353 | space separated list of firewall ports which should be redirected locally | +| adb_report | 0, disabled | set to 1 to enable the background tcpdump gathering process for reporting | +| adb_reportdir | /tmp | path for DNS related report files | +| adb_repiface | -, auto-detected | name of the reporting interface or 'any' used by tcpdump | +| adb_replisten | 53 | space separated list of reporting port(s) used by tcpdump | +| adb_repchunkcnt | 5 | report chunk count used by tcpdump | +| adb_repchunksize | 1 | report chunk size used by tcpdump in MB | +| adb_backup | 1, enabled | set to 0 to disable the backup function | +| adb_backupdir | /tmp | path for adblock backups | +| adb_tmpbase | /tmp | path for all adblock related runtime operations, e.g. downloading, sorting, merging etc. | +| adb_safesearch | 0, disabled | set to 1 to enforce SafeSearch for google, bing, duckduckgo, yandex, youtube and pixabay | +| adb_safesearchmod | 0, disabled | set to 1 to enable moderate SafeSearch filters for youtube | +| adb_mail | 0, disabled | set to 1 to enable notification E-Mails in case of a processing errors | +| adb_mailreceiver | -, not set | receiver address for adblock notification E-Mails | +| adb_mailsender | no-reply@adblock | sender address for adblock notification E-Mails | +| adb_mailtopic | adblock notification | topic for adblock notification E-Mails | +| adb_mailprofile | adb_notify | mail profile used in 'msmtp' for adblock notification E-Mails | +| adb_mailcnt | 0 | minimum domain count to trigger E-Mail notifications | +| adb_jail | 0 | set to 1 to enable the additional, restrictive 'adb_list.jail' creation | +| adb_jaildir | /tmp | path for the generated jail list | -**Change default DNS backend to `named` (bind):** +## Examples +**Change the DNS backend to 'unbound':** +No further configuration is needed, adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/unbound' by default. -Adblock deposits the final blocklist `adb_list.overall` in `/var/lib/bind`. -To preserve the DNS cache after adblock processing you need to install & configure `bind-rdnc`. -To use the blocklist please modify `/etc/bind/named.conf`: -* In the `options` namespace add: -``` +**Change the DNS backend to 'named' (bind):** +Adblock deposits the final blocklist 'adb_list.overall' in '/var/lib/bind'. +To preserve the DNS cache after adblock processing you need to install & configure 'bind-rdnc'. +To use the blocklist please modify '/etc/bind/named.conf': +

+in the 'options' namespace add:
   response-policy { zone "rpz"; };
-```
-* And at the end of the file add:
-```
+
+and at the end of the file add:
   zone "rpz" {
     type master;
     file "/var/lib/bind/adb_list.overall";
     allow-query { none; };
     allow-transfer { none; };
   };
-```
-
-**Change default DNS backend to `kresd`:**
+
-The knot-resolver (kresd) is only available on Turris Omnia devices. -Adblock deposits the final blocklist `adb_list.overall` in `/etc/kresd`, no further configuration needed. - -**Enable email notification via msmtp:** +**Change the DNS backend to 'kresd':** +Adblock deposits the final blocklist 'adb_list.overall' in '/etc/kresd', no further configuration needed. +Please note: The knot-resolver (kresd) is only available on Turris devices and does not support the SafeSearch functionality yet. -To use the email notification you have to install & configure the package `msmtp`. -Modify the file `/etc/msmtprc`: -``` +**Enable E-Mail notification via 'msmtp':** +To use the email notification you have to install & configure the package 'msmtp'. +Modify the file '/etc/msmtprc': +

 [...]
 defaults
 auth            on
@@ -212,157 +209,68 @@ port            587
 from            dev.adblock@gmail.com
 user            dev.adblock
 password        xxx
-```
-Finally enable email support and add a valid email address in LuCI.
-  
-**Receive adblock runtime information:**
+
+Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI. -``` -/etc/init.d/adblock status +**Service status output:** +In LuCI you'll see the realtime status in the 'Runtime' section on the overview page. +To get the status in the CLI, just call _/etc/init.d/adblock status_ or _/etc/init.d/adblock status\_service_ (in 19.07 and TurrisOS): +

+/etc/init.d/adblock status_service
 ::: adblock runtime information
   + adblock_status  : enabled
-  + adblock_version : 3.8.0
-  + overall_domains : 48359
-  + fetch_utility   : /bin/uclient-fetch (libustream-ssl)
-  + dns_backend     : dnsmasq, /tmp
-  + dns_variant     : null (IPv4/IPv6), true
-  + backup_dir      : /mnt/data/adblock
-  + last_rundate    : 15.08.2019 08:43:16
-  + system_release  : GL.iNet GL-AR750S, OpenWrt SNAPSHOT r10720-ccb4b96b8a
-```
-  
-**Receive adblock DNS Query Report information:**
-```
-/etc/init.d/adblock report
-:::
-::: Adblock DNS-Query Report
-:::
-  + Start   ::: 2018-12-19, 16:29:40
-  + End     ::: 2018-12-19, 16:45:08
-  + Total   ::: 42
-  + Blocked ::: 17 (40.48 %)
-:::
-::: Top 10 Clients
-  + 32       ::: 101.167.1.103
-  + 10       ::: abc1:abc1:abc0:0:abc1:abcb:abc5:abc3
-:::
-::: Top 10 Domains
-  + 7        ::: dns.msftncsi.com
-  + 4        ::: forum.openwrt.org
-  + 2        ::: outlook.office365.com
-  + 1        ::: www.google.com
-  + 1        ::: www.deepl.com
-  + 1        ::: safebrowsing.googleapis.com
-  + 1        ::: play.googleapis.com
-  + 1        ::: odc.officeapps.live.com
-  + 1        ::: login.microsoftonline.com
-  + 1        ::: test-my.sharepoint.com
-:::
-::: Top 10 Blocked Domains
-  + 4        ::: nexus.officeapps.live.com
-  + 4        ::: mobile.pipe.aria.microsoft.com
-  + 3        ::: watson.telemetry.microsoft.com
-  + 2        ::: v10.events.data.microsoft.com
-  + 2        ::: settings-win.data.microsoft.com
-  + 2        ::: nexusrules.officeapps.live.com
-[...]
-```
-  
-**Cronjob for regular block list updates (`/etc/crontabs/root`):**
-
-The following command as a cron job updates each individual block list from their source so that they hold the most current domains to block:
-```
-0 06 * * *    /etc/init.d/adblock reload
-```
-  
-**Blacklist entry (`/etc/adblock/adblock.blacklist`):**
+  + adblock_version : 4.0.0
+  + blocked_domains : 52420
+  + active_sources  : adaway adguard andryou bitcoin disconnect winspy yoyo 
+  + dns_backend     : kresd, /etc/kresd
+  + run_utils       : /usr/bin/curl, /bin/awk
+  + run_ifaces      : trigger: trm_wwan, report: br-lan
+  + run_directories : base: /tmp, backup: /tmp, report: /tmp, jail: /tmp
+  + run_flags       : backup: 1, reset: 0, flush: 0, force: 1, search: 0, report: 1, mail: 0, jail: 0
+  + last_run        : start, 0m 17s, 496/198/218, 27.03.2020 08:55:14
+  + system          : CZ.NIC Turris Mox Board, TurrisOS 5.1.0 81264ebb51991aa2d17489852854e3b5ec3f514d
+
+The 'last\_run' line includes the used start type, the duration of the last run, the memory footprint after DNS backend loading (total/free/available) and the date/time of the last run. -``` -ads.example.com - -This entry blocks the following (sub)domains: - http://ads.example.com/foo.gif - http://server1.ads.example.com/foo.gif - https://ads.example.com:8000/ - -This entry does not block: - http://ads.example.com.ua/foo.gif - http://example.com/ -``` - -**Whitelist entry (`/etc/adblock/adblock.whitelist`):** - -``` -here.com - -This entry removes the following (sub)domains from the blocklist: - maps.here.com - here.com - -This entry does not remove: - where.com - www.adwhere.com -``` - -**Query the active blocklist, the backups and black-/whitelist for a certain (sub-)domain, e.g. for whitelisting:** - -The query function checks against the submitted (sub-)domain and recurses automatically to the upper top level domain. For every (sub-)domain it returns the first ten relevant results. -``` -/etc/init.d/adblock query google.com -::: -::: results for domain 'google.com' in active blocklist +**Edit, add new adblock sources:** +The adblock blocklist sources are stored in an external, compressed JSON file '/etc/adblock/adblock.sources.gz'. +This file is directly parsed in LuCI and accessible via CLI, just call _/etc/init.d/adblock list_: +

+/etc/init.d/adblock list
+::: Available adblock sources
 :::
-  + adservice.google.com
-  + adservice.google.com.au
-  + adservice.google.com.vn
-  + adservices.google.com
-  + analytics.google.com
-  + googleadapis.l.google.com
-  + pagead.l.google.com
-  + partnerad.l.google.com
-  + ssl-google-analytics.l.google.com
-  + video-stats.video.google.com
-  + [...]
-
-:::
-::: results for domain 'google.com' in backups and black-/whitelist
-:::
-  + adb_list.adguard.gz           partnerad.l.google.com
-  + adb_list.adguard.gz           googleadapis.l.google.com
-  + adb_list.adguard.gz           ssl-google-analytics.l.google.com
-  + adb_list.adguard.gz           [...]
-  + adb_list.disconnect.gz        pagead.l.google.com
-  + adb_list.disconnect.gz        partnerad.l.google.com
-  + adb_list.disconnect.gz        video-stats.video.google.com
-  + adb_list.disconnect.gz        [...]
-  + adb_list.whocares.gz          video-stats.video.google.com
-  + adb_list.whocares.gz          adservice.google.com
-  + adb_list.whocares.gz          adservice.google.com.au
-  + adb_list.whocares.gz          [...]
-  + adb_list.yoyo.gz              adservice.google.com
-  + adb_list.yoyo.gz              analytics.google.com
-  + adb_list.yoyo.gz              pagead.l.google.com
-  + adb_list.yoyo.gz              [...]
-```
-
-**Add a new blocklist source:**
-
-1. The easy way ...  
-Example: https://easylist-downloads.adblockplus.org/rolist+easylist.txt  
-Adblock already supports an easylist source, called 'reg_ru'. To add the additional local easylist as a new source, copy the existing config source section and change only the source name, the url and the description - that's all!
-```
-config source 'reg_ro'
-  option enabled '0'
-  option adb_src 'https://easylist-downloads.adblockplus.org/rolist+easylist.txt'
-  option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([^([:space:]|#|\*|\/).]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}'
-  option adb_src_desc 'focus on romanian ads plus generic easylist additions, weekly updates, approx. 9.400 entries'
-```
+    Name                 Enabled   Size   Focus               Info URL
+    ------------------------------------------------------------------
+  + adaway               x         S      mobile              https://adaway.org
+  + adguard              x         L      general             https://adguard.com
+  + andryou              x         L      compilation         https://gitlab.com/andryou/block/-/blob/master/readme.md
+  + bitcoin              x         S      mining              https://github.com/hoshsadiq/adblock-nocoin-list
+  + disconnect           x         S      general             https://disconnect.me
+  + dshield                        XL     general             https://www.dshield.org
+[...]
+  + winhelp                        S      general             http://winhelp2002.mvps.org
+  + winspy               x         S      win_telemetry       https://github.com/crazy-max/WindowsSpyBlocker
+  + yoyo                 x         S      general             https://pgl.yoyo.org
+
-2. A bit harder ... -To add a really new source with different domain/host format you have to write a suitable awk one-liner on your own, so basic awk skills are needed. As a starting point check the already existing awk rulesets `adb_src_rset` in the config file, probably you need only small changes for your individual list. Download the desired list and test your new awk string locally. The output result should be a sequential list with one domain/host per line - nothing more. If your awk one-liner works quite well, add a new source section to the adblock config file and test the new source. +To add new or edit existing sources extract the compressed JSON file _gunzip /etc/adblock/adblock.sources.gz_. +A valid JSON source object contains the following required information, e.g.: +

+	[...]
+	"adaway": {
+		"url": "https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt",
+		"rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}",
+		"size": "S",
+		"focus": "mobile",
+		"descurl": "https://github.com/AdAway/adaway.github.io"
+	},
+	[...]
+
+Add an unique object name, make the required changes to 'url', 'rule', 'size' and 'descurl' and finally compress the changed JSON file _gzip /etc/adblock/adblock.sources.gz_ to use the new source object in adblock. ## Support -Please join the adblock discussion in this [forum thread](https://forum.openwrt.org/t/adblock-support-thread/507) or contact me by email +Please join the adblock discussion in this [forum thread](https://forum.openwrt.org/t/adblock-support-thread/507) or contact me by mail Have fun! -Dirk +Dirk + diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf index 084c1acbd..a7ad738ef 100644 --- a/net/adblock/files/adblock.conf +++ b/net/adblock/files/adblock.conf @@ -1,175 +1,15 @@ config adblock 'global' - option adb_basever '3.8' - option adb_enabled '0' - option adb_dns 'dnsmasq' - option adb_dnsvariant 'nxdomain' - option adb_fetchutil 'uclient-fetch' - option adb_trigger 'wan' - -config adblock 'extra' + option adb_enabled '1' option adb_debug '0' option adb_forcedns '0' + option adb_safesearch '0' + option adb_dnsfilereset '0' + option adb_mail '0' option adb_report '0' + option adb_backup '1' option adb_maxqueue '4' - -config source 'adaway' - option adb_src 'https://adaway.org/hosts.txt' - option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'focus on mobile ads, infrequent updates, approx. 400 entries' - option enabled '1' - -config source 'adguard' - option adb_src 'https://filters.adtidy.org/windows/filters/15.txt' - option adb_src_rset 'BEGIN{FS=\"[/|^|\r]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+[\/\^\r]+$/{print tolower(\$3)}' - option adb_src_desc 'combined adguard dns filter list, frequent updates, approx. 17.000 entries' - option enabled '0' - -config source 'bitcoin' - option adb_src 'https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt' - option adb_src_rset '/^0\.0\.0\.0[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'focus on malicious bitcoin mining sites, infrequent updates, approx. 80 entries' - option enabled '0' - -config source 'disconnect' - option adb_src 'https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'mozilla driven blocklist, numerous updates on the same day, approx. 4.700 entries' - option enabled '1' - -config source 'dshield' - option adb_src 'https://www.dshield.org/feeds/suspiciousdomains_Low.txt' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'generic blocklist, daily updates, approx. 3.500 entries' - option enabled '0' - -config source 'hphosts' - option adb_src 'https://hosts-file.net/ad_servers.txt' - option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|\$)+/{print tolower(\$2)}' - option adb_src_desc 'broad blocklist, monthly updates, approx. 19.200 entries' - option enabled '0' - -config source 'malware' - option adb_src 'https://mirror.espoch.edu.ec/malwaredomains/justdomains' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'broad blocklist, daily updates, approx. 18.300 entries' - option enabled '0' - -config source 'malwarelist' - option adb_src 'http://www.malwaredomainlist.com/hostslist/hosts.txt' - option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'focus on malware, daily updates, approx. 1.200 entries' - option enabled '0' - -config source 'notracking' - option adb_src 'https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnscrypt-proxy/dnscrypt-proxy.blacklist.txt' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'notrack domains, daily updates, approx. 60.000 entries' - option enabled '0' - -config source 'openphish' - option adb_src 'https://openphish.com/feed.txt' - option adb_src_rset 'BEGIN{FS=\"/\"}/^http[s]?:\/\/([[:alnum:]_-]+\.)+[[:alpha:]]+(\/|$)/{print tolower(\$3)}' - option adb_src_desc 'focus on phishing, numerous updates on the same day, approx. 2.400 entries' - option enabled '0' - -config source 'reg_cn' - option adb_src 'https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on chinese ads plus generic easylist additions, daily updates, approx. 11.700 entries' - option enabled '0' - -config source 'reg_de' - option adb_src 'https://easylist-downloads.adblockplus.org/easylistgermany+easylist.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on german ads plus generic easylist additions, daily updates, approx. 9.200 entries' - option enabled '0' - -config source 'reg_id' - option adb_src 'https://easylist-downloads.adblockplus.org/abpindo+easylist.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on indonesian ads plus generic easylist additions, weekly updates, approx. 9.600 entries' - option enabled '0' - -config source 'reg_nl' - option adb_src 'https://easylist-downloads.adblockplus.org/easylistdutch+easylist.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on dutch ads plus generic easylist additions, weekly updates, approx. 9.400 entries' - option enabled '0' - -config source 'reg_pl' - option adb_src 'http://adblocklist.org/adblock-pxf-polish.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on polish ads, daily updates, approx. 90 entries' - option enabled '0' - -config source 'reg_ro' - option adb_src 'https://easylist-downloads.adblockplus.org/rolist+easylist.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on romanian ads plus generic easylist additions, weekly updates, approx. 9.400 entries' - option enabled '0' - -config source 'reg_ru' - option adb_src 'https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt' - option adb_src_rset 'BEGIN{FS=\"[|^]\"}/^\|\|([[:alnum:]_-]+\.)+[[:alpha:]]+\^("\\\$third-party")?$/{print tolower(\$3)}' - option adb_src_desc 'focus on russian ads plus generic easylist additions, weekly updates, approx. 14.500 entries' - option enabled '0' - -config source 'shalla' - option adb_src 'http://www.shallalist.de/Downloads/shallalist.tar.gz' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'huge blocklist archive subdivided in different categories, daily updates. Check http://www.shallalist.de/categories.html for more categories' - list adb_src_cat 'adv' - list adb_src_cat 'costtraps' - list adb_src_cat 'spyware' - list adb_src_cat 'tracker' - list adb_src_cat 'warez' - option enabled '0' - -config source 'spam404' - option adb_src 'https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)+/{print tolower(\$1)}' - option adb_src_desc 'generic blocklist, infrequent updates, approx. 6.000 entries' - option enabled '0' - -config source 'sysctl' - option adb_src 'http://sysctl.org/cameleon/hosts' - option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'broad blocklist, weekly updates, approx. 16.500 entries' - option enabled '0' - -config source 'ut_capitole' - option adb_src 'https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'huge blocklist archive subdivided in different categories, daily updates. Check https://dsi.ut-capitole.fr/blacklists/index_en.php for more categories' - list adb_src_cat 'publicite' - list adb_src_cat 'cryptojacking' - list adb_src_cat 'ddos' - list adb_src_cat 'malware' - list adb_src_cat 'phishing' - list adb_src_cat 'warez' - option enabled '0' - -config source 'whocares' - option adb_src 'https://someonewhocares.org/hosts/hosts' - option adb_src_rset '/^127\.0\.0\.1[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'broad blocklist, weekly updates, approx. 10.000 entries' - option enabled '0' - -config source 'winspy' - option adb_src 'https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt' - option adb_src_rset '/^0\.0\.0\.0[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'focus on windows spy & telemetry domains, infrequent updates, approx. 300 entries' - option enabled '0' - -config source 'winhelp' - option adb_src 'http://winhelp2002.mvps.org/hosts.txt' - option adb_src_rset '/^0\.0\.0\.0[[:space:]]+([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$2)}' - option adb_src_desc 'broad blocklist, infrequent updates, approx. 13.000 entries' - option enabled '0' - -config source 'yoyo' - option adb_src 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext' - option adb_src_rset '/^([[:alnum:]_-]+\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}' - option adb_src_desc 'focus on ad related domains, weekly updates, approx. 2.400 entries' - option enabled '1' + list adb_sources 'adaway' + list adb_sources 'adguard' + list adb_sources 'disconnect' + list adb_sources 'yoyo' diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init index 992869870..fc084ec14 100755 --- a/net/adblock/files/adblock.init +++ b/net/adblock/files/adblock.init @@ -1,14 +1,17 @@ #!/bin/sh /etc/rc.common -# +# Copyright (c) 2015-2020 Dirk Brenken (dev@brenken.org) +# This is free software, licensed under the GNU General Public License v3. START=30 USE_PROCD=1 -EXTRA_COMMANDS="suspend resume query report" +EXTRA_COMMANDS="suspend resume query report list timer status_service" EXTRA_HELP=" suspend Suspend adblock processing resume Resume adblock processing - query Query active blocklists for specific domains - report Print dns query statistics with an optional search parameter" + query Query active blocklists and backups for a specific domain + report [] Print DNS statistics with an optional search parameter + list [[|] [source(s)]] List available adblock sources or add/remove them from config + timer [] [] Set a cron based update interval" adb_init="/etc/init.d/adblock" adb_script="/usr/bin/adblock.sh" @@ -16,7 +19,8 @@ adb_pidfile="/var/run/adblock.pid" if [ -s "${adb_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] || \ [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "report" ] || \ - [ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ]; } + [ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] || \ + { [ "${action}" = "list" ] && [ -n "${1}" ]; }; } then exit 0 fi @@ -33,7 +37,7 @@ start_service() then if [ "${action}" = "boot" ] then - if [ "$(uci_get adblock global adb_trigger)" != "timed" ] + if [ -n "$(uci_get adblock global adb_trigger)" ] then return 0 fi @@ -41,7 +45,7 @@ start_service() procd_open_instance "adblock" procd_set_param command "${adb_script}" "${@}" procd_set_param pidfile "${adb_pidfile}" - procd_set_param nice "$(uci_get adblock extra adb_nice "0")" + procd_set_param nice "$(uci_get adblock global adb_nice "0")" procd_set_param stdout 1 procd_set_param stderr 1 procd_close_instance @@ -80,14 +84,101 @@ query() report() { - rc_procd "${adb_script}" report "${1:-"+"}" "${2:-"50"}" "${3:-"false"}" "${4:-"true"}" + rc_procd "${adb_script}" report "${1:-"+"}" "${2:-"50"}" "${3:-"true"}" "${4:-"cli"}" +} + +list() +{ + local src_archive src_file src_enabled enabled name action="${1}" + + if [ "${action}" = "add" ] || [ "${action}" = "remove" ] + then + shift + for name in "${@}" + do + if [ "${action}" = "add" ] + then + if [ -z "$(uci_get adblock global adb_sources | grep -Fo "${name}")" ] + then + uci_add_list adblock global adb_sources "${name}" + printf "%s\\n" "::: adblock source '${name}' added to config" + fi + else + if [ -n "$(uci_get adblock global adb_sources | grep -Fo "${name}")" ] + then + uci_remove_list adblock global adb_sources "${name}" + printf "%s\\n" "::: adblock source '${name}' removed from config" + fi + fi + done + if [ -n "$(uci -q changes adblock)" ] + then + uci_commit adblock + fi + else + src_archive="$(uci_get adblock global adb_srcarc "/etc/adblock/adblock.sources.gz")" + src_file="$(uci_get adblock global adb_srcfile "/tmp/adb_sources.json")" + src_enabled="$(uci -q show adblock.global.adb_sources)" + if [ -r "${src_archive}" ] + then + zcat "${src_archive}" > "${src_file}" + else + printf "%s\\n" "::: adblock source archive '${src_archive}' not found" + fi + if [ -r "${src_file}" ] + then + src_enabled="${src_enabled#*=}" + src_enabled="${src_enabled//\'}" + printf "%s\\n" "::: Available adblock sources" + printf "%s\\n" ":::" + printf "%-25s%-10s%-7s%-20s%s\\n" " Name" "Enabled" "Size" "Focus" "Info URL" + printf "%s\\n" " ------------------------------------------------------------------" + json_load_file "${src_file}" + json_get_keys keylist + for key in ${keylist} + do + json_select "${key}" + json_get_var size "size" + json_get_var focus "focus" + json_get_var descurl "descurl" + json_get_var url "url" + json_get_var rule "rule" + if [ -n "${url}" ] && [ -n "${rule}" ] + then + if [ -n "$(printf "%s" "${src_enabled}" | grep -Fo "${key}")" ] + then + enabled="x" + else + enabled=" " + fi + src_enabled="${src_enabled/${key}}" + printf " + %-21s%-10s%-7s%-20s%s\\n" "${key}" "${enabled}" "${size}" "${focus}" "${descurl}" + else + src_enabled="${src_enabled} ${key}" + fi + json_select .. + done + if [ -n "${src_enabled// }" ] + then + printf "%s\\n" " ----------------------------------------------" + printf "%s\\n" " Sources without valid configuration" + printf "%s\\n" " ----------------------------------------------" + for key in ${src_enabled} + do + printf " - %s\\n" "${key}" + done + fi + else + printf "%s\\n" "::: adblock source file '${src_file}' not found" + fi + fi } status_service() { - local key keylist value - local rtfile="$(uci_get adblock extra adb_rtfile "/tmp/adb_runtime.json")" + local key keylist value rtfile + rtfile="$(uci_get adblock global adb_rtfile "/tmp/adb_runtime.json")" if [ -s "${rtfile}" ] then printf "%s\\n" "::: adblock runtime information" @@ -97,38 +188,62 @@ status_service() for key in ${keylist} do json_get_var value "${key}" - printf " + %-15s : %s\\n" "${key}" "${value}" + if [ "${key}" = "active_sources" ] + then + printf " + %-15s : " "${key}" + json_select "${key}" + index=1 + while json_get_type status "${index}" && [ "${status}" = "object" ] + do + json_get_values source "${index}" + printf "%s " "${source}" + index=$((index+1)) + done + printf "\\n" + json_select ".." + else + printf " + %-15s : %s\\n" "${key}" "${value}" + fi done else printf "%s\\n" "::: no adblock runtime information available" fi } -service_triggers() +timer() { - local trigger trigger_list="$(uci_get adblock global adb_trigger)" - local delay="$(uci_get adblock extra adb_triggerdelay "2")" - local type="$(uci_get adblock extra adb_starttype "start")" + local action="${1}" hour="${2}" minute="${3:-0}" weekday="${4:-"*"}" - PROCD_RELOAD_DELAY=$((delay*1000)) - - if [ -z "${trigger_list}" ] && [ -r "/lib/functions/network.sh" ] + hour="${hour//[[:alpha:]]/}" + minute="${minute//[[:alpha:]]/}" + if [ -n "${action}" ] && [ -n "${hour}" ] && [ -n "${minute}" ] && [ -n "${weekday}" ] && \ + [ "${hour}" -ge 0 ] && [ "${hour}" -le 23 ] && \ + [ "${minute}" -ge 0 ] && [ "${minute}" -le 59 ] then - . "/lib/functions/network.sh" - network_find_wan trigger_list + if [ -r "/etc/crontabs/root" ] + then + search="${adb_init//\//\\/}" + search="${search//./\\.}" + sed -i "/${search}/d" "/etc/crontabs/root" + fi + printf "%02d %02d %s\\n" "${minute}" "${hour}" "* * ${weekday} ${adb_init} ${action}" >> "/etc/crontabs/root" + /etc/init.d/cron restart + else + printf "%s\\n" "::: the refresh timer could not been updated" fi +} - if [ -n "${trigger_list}" ] +service_triggers() +{ + local trigger delay type + + PROCD_RELOAD_DELAY=$((delay*1000)) + trigger="$(uci_get adblock global adb_trigger)" + delay="$(uci_get adblock global adb_triggerdelay "2")" + type="$(uci_get adblock global adb_starttype "start")" + if [ -n "${trigger}" ] then - for trigger in ${trigger_list} - do - if [ "${trigger}" != "none" ] && [ "${trigger}" != "timed" ] - then - procd_add_interface_trigger "interface.*.up" "${trigger}" "${adb_init}" "${type}" - fi - done - else - procd_add_raw_trigger "interface.*.up" ${PROCD_RELOAD_DELAY} "${adb_init}" "${type}" + procd_add_interface_trigger "interface.*.up" "${trigger}" "${adb_init}" "${type}" fi procd_add_reload_trigger "adblock" } diff --git a/net/adblock/files/adblock.mail b/net/adblock/files/adblock.mail index 4db5966bc..ca9d206d1 100755 --- a/net/adblock/files/adblock.mail +++ b/net/adblock/files/adblock.mail @@ -1,11 +1,9 @@ #!/bin/sh # send mail script for adblock notifications -# written by Dirk Brenken (dev@brenken.org) -# Please note: you have to manually install and configure the package 'msmtp' before using this script - +# Copyright (c) 2015-2020 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . + +# Please note: you have to manually install and configure the package 'msmtp' before using this script LC_ALL=C PATH="/usr/sbin:/usr/bin:/sbin:/bin" @@ -13,11 +11,11 @@ PATH="/usr/sbin:/usr/bin:/sbin:/bin" if [ -r "/lib/functions.sh" ] then . "/lib/functions.sh" - adb_debug="$(uci_get adblock extra adb_debug "0")" - adb_msender="$(uci_get adblock extra adb_msender "no-reply@adblock")" - adb_mreceiver="$(uci_get adblock extra adb_mreceiver)" - adb_mtopic="$(uci_get adblock extra adb_mtopic "adblock notification")" - adb_mprofile="$(uci_get adblock extra adb_mprofile "adb_notify")" + adb_debug="$(uci_get adblock global adb_debug "0")" + adb_mailsender="$(uci_get adblock global adb_mailsender "no-reply@adblock")" + adb_mailreceiver="$(uci_get adblock global adb_mailreceiver)" + adb_mailtopic="$(uci_get adblock global adb_mailtopic "adblock notification")" + adb_mailprofile="$(uci_get adblock global adb_mailprofile "adb_notify")" fi adb_ver="${1}" adb_mail="$(command -v msmtp)" @@ -37,9 +35,9 @@ f_log() fi } -if [ -z "${adb_mreceiver}" ] +if [ -z "${adb_mailreceiver}" ] then - f_log "err" "please set the mail receiver with the 'adb_mreceiver' option" + f_log "err" "please set the mail receiver with the 'adb_mailreceiver' option" exit ${adb_rc} fi @@ -48,7 +46,7 @@ then debug="--debug" fi -adb_mhead="From: ${adb_msender}\\nTo: ${adb_mreceiver}\\nSubject: ${adb_mtopic}\\nReply-to: ${adb_msender}\\nMime-Version: 1.0\\nContent-Type: text/html\\nContent-Disposition: inline\\n\\n" +adb_mailhead="From: ${adb_mailsender}\\nTo: ${adb_mailreceiver}\\nSubject: ${adb_mailtopic}\\nReply-to: ${adb_mailsender}\\nMime-Version: 1.0\\nContent-Type: text/html\\nContent-Disposition: inline\\n\\n" # info preparation # @@ -64,19 +62,19 @@ fi # mail body # -adb_mtext="
"
-adb_mtext="${adb_mtext}\\n++\\n++ System Information ++\\n++\\n${sys_info}"
-adb_mtext="${adb_mtext}\\n\\n++\\n++ Adblock Information ++\\n++\\n${adb_info}"
-adb_mtext="${adb_mtext}\\n\\n++\\n++ Logfile Information ++\\n++\\n${log_info}"
-adb_mtext="${adb_mtext}
" +adb_mailtext="
"
+adb_mailtext="${adb_mailtext}\\n++\\n++ System Information ++\\n++\\n${sys_info}"
+adb_mailtext="${adb_mailtext}\\n\\n++\\n++ Adblock Information ++\\n++\\n${adb_info}"
+adb_mailtext="${adb_mailtext}\\n\\n++\\n++ Logfile Information ++\\n++\\n${log_info}"
+adb_mailtext="${adb_mailtext}
" # send mail # -if [ -x "${adb_mail}" ] && [ -n "${adb_mreceiver}" ] +if [ -x "${adb_mail}" ] then - printf "%b" "${adb_mhead}${adb_mtext}" 2>/dev/null | "${adb_mail}" ${debug} -a "${adb_mprofile}" "${adb_mreceiver}" >/dev/null 2>&1 + printf "%b" "${adb_mailhead}${adb_mailtext}" 2>/dev/null | "${adb_mail}" ${debug} -a "${adb_mailprofile}" "${adb_mailreceiver}" >/dev/null 2>&1 adb_rc=${?} - f_log "info" "mail sent to '${adb_mreceiver}' with rc '${adb_rc}'" + f_log "info" "mail sent to '${adb_mailreceiver}' with rc '${adb_rc}'" else f_log "err" "msmtp mail daemon not found" fi diff --git a/net/adblock/files/adblock.service b/net/adblock/files/adblock.monitor similarity index 75% rename from net/adblock/files/adblock.service rename to net/adblock/files/adblock.monitor index 02397c298..7fe90c8c9 100755 --- a/net/adblock/files/adblock.service +++ b/net/adblock/files/adblock.monitor @@ -1,10 +1,7 @@ #!/bin/sh # ubus monitor to trace dns backend events and conditionally restart adblock -# written by Dirk Brenken (dev@brenken.org) - +# Copyright (c) 2015-2020 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . LC_ALL=C PATH="/usr/sbin:/usr/bin:/sbin:/bin" @@ -32,9 +29,9 @@ f_log() if [ -x "${adb_ubus}" ] && [ -n "${adb_dns}" ] then - f_log "info" "ubus/adblock service started" + f_log "info" "ubus/adblock monitor started" "${adb_ubus}" -S -M r -m invoke monitor | \ { grep -qE "\"method\":\"(set|signal)\",\"data\":\{\"name\":\"${adb_dns}\""; [ $? -eq 0 ] && /etc/init.d/adblock start; } else - f_log "err" "can't start ubus/adblock service" + f_log "err" "can't start ubus/adblock monitor" fi diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh index bd53a248c..a1f594f7d 100755 --- a/net/adblock/files/adblock.sh +++ b/net/adblock/files/adblock.sh @@ -1,191 +1,284 @@ #!/bin/sh # dns based ad/abuse domain blocking -# written by Dirk Brenken (dev@brenken.org) - +# Copyright (c) 2015-2020 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# (s)hellcheck exceptions -# shellcheck disable=1091 disable=2039 disable=2143 disable=2181 disable=2188 +# set (s)hellcheck exceptions +# shellcheck disable=1091 disable=2016 disable=2039 disable=2086 disable=2143 disable=2181 disable=2188 # set initial defaults # -LC_ALL=C -PATH="/usr/sbin:/usr/bin:/sbin:/bin" -adb_ver="3.8.15" -adb_basever="" +export LC_ALL=C +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" +set -o pipefail +adb_ver="4.0.0" adb_enabled=0 adb_debug=0 adb_forcedns=0 adb_maxqueue=4 -adb_mail=0 -adb_mcnt=0 -adb_trigger="wan" +adb_dnsfilereset=0 +adb_dnsflush=0 +adb_dnstimeout=20 +adb_safesearch=0 +adb_safesearchmod=0 +adb_report=0 +adb_trigger="" adb_triggerdelay=0 -adb_backupdir="/tmp" -adb_fetchutil="uclient-fetch" -adb_dns="dnsmasq" -adb_dnsvariant="nxdomain" +adb_backup=1 +adb_mail=0 +adb_mailcnt=0 +adb_jail=0 +adb_dns="" adb_dnsprefix="adb_list" -adb_dnsfile="${adb_dnsprefix}.overall" -adb_dnsfilereset="false" -adb_maxtld=100000 -adb_dnsflush=0 +adb_tmpbase="/tmp" +adb_backupdir="/tmp" +adb_reportdir="/tmp" +adb_jaildir="/tmp" +adb_pidfile="/var/run/adblock.pid" adb_blacklist="/etc/adblock/adblock.blacklist" adb_whitelist="/etc/adblock/adblock.whitelist" -adb_rtfile="/tmp/adb_runtime.json" -adb_sorttmpdir="/tmp" +adb_ubusservice="/etc/adblock/adblock.monitor" +adb_mailservice="/etc/adblock/adblock.mail" +adb_srcarc="/etc/adblock/adblock.sources.gz" +adb_dnsfile="${adb_dnsprefix}.overall" +adb_dnsjail="${adb_dnsprefix}.jail" +adb_srcfile="${adb_tmpbase}/adb_sources.json" +adb_rtfile="${adb_tmpbase}/adb_runtime.json" +adb_loggercmd="$(command -v logger)" +adb_dumpcmd="$(command -v tcpdump)" +adb_lookupcmd="$(command -v nslookup)" +adb_fetchutil="" adb_portlist="53 853 5353" -adb_report=0 -adb_repiface="br-lan" +adb_repiface="" adb_replisten="53" -adb_repdir="/tmp" -adb_reputil="$(command -v tcpdump)" adb_repchunkcnt="5" adb_repchunksize="1" -adb_logger="$(command -v logger)" +adb_lookupdomain="example.com" adb_action="${1:-"start"}" -adb_pidfile="/var/run/adblock.pid" -adb_ubusservice="/etc/adblock/adblock.service" -adb_mailservice="/etc/adblock/adblock.mail" +adb_packages="" adb_sources="" adb_cnt="" -# load adblock environment +# load & check adblock environment # f_load() { - local dns_up cnt=0 - - # get system information - # adb_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | \ - awk 'BEGIN{ORS=", "}{print $0}' | awk '{print substr($0,1,length($0)-2)}')" + "${adb_awk}" 'BEGIN{ORS=", "}{print $0}' | "${adb_awk}" '{print substr($0,1,length($0)-2)}')" + f_conf + if [ "${adb_action}" != "report" ] + then + f_dns + f_fetch + fi - # parse 'global' and 'extra' section by callback - # - config_cb() - { - local type="${1}" - if [ "${type}" = "adblock" ] + if [ "${adb_enabled}" -eq 0 ] + then + f_extconf + f_temp + f_rmdns + f_bgserv "stop" + f_jsnup "disabled" + f_log "info" "adblock is currently disabled, please set the config option 'adb_enabled' to '1' to use this service" + exit 0 + fi +} + +# check & set environment +# +f_env() +{ + adb_starttime="$(date "+%s")" + f_log "info" "adblock instance started ::: action: ${adb_action}, priority: ${adb_nice:-"0"}, pid: ${$}" + f_jsnup "running" + f_extconf + f_temp + + if [ "${adb_dnsflush}" -eq 1 ] + then + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + f_dnsup + fi + + if [ ! -r "${adb_srcfile}" ] + then + if [ -r "${adb_srcarc}" ] then - option_cb() - { - local option="${1}" - local value="${2}" - eval "${option}=\"${value}\"" - } + zcat "${adb_srcarc}" > "${adb_srcfile}" else - reset_cb + f_log "err" "adblock source archive not found" fi - } + fi + if [ -r "${adb_srcfile}" ] + then + json_load_file "${adb_srcfile}" + else + f_log "err" "adblock source file not found" + fi +} - # parse 'source' typed sections - # - parse_config() - { - local value opt section="${1}" options="enabled adb_src adb_src_rset adb_src_cat" - eval "adb_sources=\"${adb_sources} ${section}\"" - for opt in ${options} - do - config_get value "${section}" "${opt}" - if [ -n "${value}" ] +# load adblock config +# +f_conf() +{ + local cnt=0 cnt_max=10 + + if [ ! -r "/etc/config/adblock" ] || [ -n "$(uci -q show adblock.@source[0])" ] + then + if [ -r "/etc/config/adblock-opkg" ] && [ -z "$(uci -q show adblock-opkg.@source[0])" ] + then + if [ -r "/etc/config/adblock" ] then - eval "${opt}_${section}=\"${value}\"" + cp -pf "/etc/config/adblock" "/etc/config/adblock-backup" fi - done - } + cp -pf "/etc/config/adblock-opkg" "/etc/config/adblock" + f_log "info" "missing or old adblock config replaced with new valid default config" + else + f_log "err" "unrecoverable adblock config error, please re-install the package via opkg with the '--force-reinstall --force-maintainer' options" + fi + fi - # load adblock config - # + config_cb() + { + option_cb() + { + local option="${1}" + local value="${2}" + eval "${option}=\"${value}\"" + } + list_cb() + { + local option="${1}" + local value="${2}" + eval "${option}=\"$(printf "%s" "${adb_sources}") ${value}\"" + } + } config_load adblock - config_foreach parse_config source - # version check - # - if [ -z "${adb_basever}" ] || [ "${adb_ver%.*}" != "${adb_basever}" ] + if [ -z "${adb_fetchutil}" ] || [ -z "${adb_dns}" ] then - f_log "info" "your adblock config seems to be too old, please update your config with the '--force-maintainer' opkg option" - f_rmtemp - exit 0 + while [ -z "${adb_packages}" ] && [ "${cnt}" -le "${cnt_max}" ] + do + adb_packages="$(opkg list-installed 2>/dev/null)" + cnt=$((cnt+1)) + sleep 1 + done + if [ -z "${adb_packages}" ] + then + f_log "err" "local opkg package repository is not available, please set 'adb_fetchutil' and 'adb_dns' manually" + fi fi +} - # set dns backend - # - case "${adb_dns}" in - "dnsmasq") - adb_dnsinotify="${adb_dnsinotify:-"false"}" - adb_dnsinstance="${adb_dnsinstance:-"0"}" - adb_dnsuser="${adb_dnsuser:-"dnsmasq"}" - adb_dnsdir="${adb_dnsdir:-"/tmp"}" - adb_dnsheader="" - if [ "${adb_dnsvariant}" = "nxdomain" ] - then - adb_dnsdeny="awk '{print \"server=/\"\$0\"/\"}'" - adb_dnsallow="awk '{print \"server=/\"\$0\"/#\"}'" - elif [ "${adb_dnsvariant}" = "null (IPv4)" ] - then - adb_dnsdeny="awk '{print \"0.0.0.0\\t\"\$0\"\"}'" - adb_dnsallow="" - elif [ "${adb_dnsvariant}" = "null (IPv4/IPv6)" ] +# load dns backend config +# +f_dns() +{ + local util utils dns_up cnt=0 + + if [ -z "${adb_dns}" ] + then + utils="knot-resolver named unbound dnsmasq raw" + for util in ${utils} + do + if [ "${util}" = "raw" ] || [ -n "$(printf "%s" "${adb_packages}" | grep "^${util}")" ] then - adb_dnsdeny="awk '{print \"0.0.0.0\\t\"\$0\"\\n::\\t\"\$0\"\"}'" - adb_dnsallow="" + if [ "${util}" = "knot-resolver" ] + then + util="kresd" + fi + if [ "${util}" = "raw" ] || [ -x "$(command -v "${util}")" ] + then + adb_dns="${util}" + uci_set adblock global adb_dns "${util}" + f_uci "adblock" + break + fi fi - ;; - "unbound") - adb_dnsinotify="${adb_dnsinotify:-"false"}" - adb_dnsuser="${adb_dnsuser:-"unbound"}" - adb_dnsdir="${adb_dnsdir:-"/var/lib/unbound"}" - adb_dnsheader="" - adb_dnsdeny="awk '{print \"local-zone: \\042\"\$0\"\\042 static\"}'" - adb_dnsallow="awk '{print \"local-zone: \\042\"\$0\"\\042 transparent\"}'" - ;; - "named") - adb_dnsinotify="${adb_dnsinotify:-"false"}" - adb_dnsuser="${adb_dnsuser:-"bind"}" - adb_dnsdir="${adb_dnsdir:-"/var/lib/bind"}" - adb_dnsheader="\$TTL 2h"$'\n'"@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)"$'\n'" IN NS localhost." - adb_dnsdeny="awk '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'" - adb_dnsallow="awk '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'" - ;; - "kresd") - adb_dnsinotify="${adb_dnsinotify:-"false"}" - adb_dnsuser="${adb_dnsuser:-"root"}" - adb_dnsdir="${adb_dnsdir:-"/etc/kresd"}" - adb_dnsheader="\$TTL 2h"$'\n'"@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)"$'\n'" IN NS localhost." - adb_dnsdeny="awk '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'" - adb_dnsallow="awk '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'" - ;; - esac + done + elif [ "${adb_dns}" != "raw" ] && [ ! -x "$(command -v "${adb_dns}")" ] + then + unset adb_dns + fi - # status check - # - if [ "${adb_enabled}" -eq 0 ] + if [ -n "${adb_dns}" ] then - f_extconf - f_temp - f_rmdns - f_bgserv "stop" - f_jsnup "disabled" - f_log "info" "adblock is currently disabled, please set the config option 'adb_enabled' to '1' to use this service" - exit 0 + case "${adb_dns}" in + "dnsmasq") + adb_dnsinotify="${adb_dnsinotify:-"0"}" + adb_dnsinstance="${adb_dnsinstance:-"0"}" + adb_dnsuser="${adb_dnsuser:-"dnsmasq"}" + adb_dnsdir="${adb_dnsdir:-"/tmp/dnsmasq.d"}" + adb_dnsheader="${adb_dnsheader}" + adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"address=/\"\$0\"/\"}'"}" + adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"local=/\"\$0\"/#\"}'"}" + adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"address=/\"\$0\"/\"item\"\"}'"}" + adb_dnsstop="${adb_dnsstop:-"address=/#/"}" + ;; + "unbound") + adb_dnsinotify="${adb_dnsinotify:-"0"}" + adb_dnsinstance="${adb_dnsinstance:-"0"}" + adb_dnsuser="${adb_dnsuser:-"unbound"}" + adb_dnsdir="${adb_dnsdir:-"/var/lib/unbound"}" + adb_dnsheader="${adb_dnsheader}" + adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"local-zone: \\042\"\$0\"\\042 static\"}'"}" + adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"local-zone: \\042\"\$0\"\\042 transparent\"}'"}" + adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{type=\"AAAA\";if(match(item,/^([0-9]{1,3}\.){3}[0-9]{1,3}$/)){type=\"A\"}}{print \"local-data: \\042\"\$0\" \"type\" \"item\"\\042\"}'"}" + adb_dnsstop="${adb_dnsstop:-"local-zone: \".\" static"}" + ;; + "named") + adb_dnsinotify="${adb_dnsinotify:-"0"}" + adb_dnsinstance="${adb_dnsinstance:-"0"}" + adb_dnsuser="${adb_dnsuser:-"bind"}" + adb_dnsdir="${adb_dnsdir:-"/var/lib/bind"}" + adb_dnsheader="${adb_dnsheader:-"\$TTL 2h\n@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)\n IN NS localhost.\n"}" + adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}" + adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}" + adb_dnssafesearch="${adb_dnssafesearch:-"${adb_awk} -v item=\"\$item\" '{print \"\"\$0\" CNAME \"item\".\\n*.\"\$0\" CNAME \"item\".\"}'"}" + adb_dnsstop="${adb_dnsstop:-"* CNAME ."}" + ;; + "kresd") + adb_dnsinotify="${adb_dnsinotify:-"0"}" + adb_dnsinstance="${adb_dnsinstance:-"0"}" + adb_dnsuser="${adb_dnsuser:-"root"}" + adb_dnsdir="${adb_dnsdir:-"/etc/kresd"}" + adb_dnsheader="${adb_dnsheader:-"\$TTL 2h\n@ IN SOA localhost. root.localhost. (1 6h 1h 1w 2h)\n IN NS localhost.\n"}" + adb_dnsdeny="${adb_dnsdeny:-"${adb_awk} '{print \"\"\$0\" CNAME .\\n*.\"\$0\" CNAME .\"}'"}" + adb_dnsallow="${adb_dnsallow:-"${adb_awk} '{print \"\"\$0\" CNAME rpz-passthru.\\n*.\"\$0\" CNAME rpz-passthru.\"}'"}" + adb_dnssafesearch="${adb_dnssafesearch:-"0"}" + adb_dnsstop="${adb_dnsstop:-"* CNAME ."}" + ;; + "raw") + adb_dnsinotify="${adb_dnsinotify:-"0"}" + adb_dnsinstance="${adb_dnsinstance:-"0"}" + adb_dnsuser="${adb_dnsuser:-"root"}" + adb_dnsdir="${adb_dnsdir:-"/tmp"}" + adb_dnsheader="${adb_dnsheader}" + adb_dnsdeny="${adb_dnsdeny:-"0"}" + adb_dnsallow="${adb_dnsallow:-"1"}" + adb_dnssafesearch="${adb_dnssafesearch:-"0"}" + adb_dnsstop="${adb_dnsstop:-"0"}" + ;; + esac fi - # dns backend check - # - if [ -d "${adb_dnsdir}" ] && [ ! -f "${adb_dnsdir}/${adb_dnsfile}" ] + if [ -z "${adb_dns}" ] || [ ! -x "$(command -v "${adb_dns}")" ] + then + f_log "err" "dns backend not found, please set 'adb_dns' manually" + fi + + if [ "${adb_dns}" != "raw" ] && { [ "${adb_dnsdir}" = "${adb_tmpbase}" ] || [ "${adb_dnsdir}" = "${adb_backupdir}" ] || \ + [ "${adb_dnsdir}" = "${adb_reportdir}" ] || [ "${adb_dnsdir}" = "${adb_jaildir}" ] ; } then - printf "%s\\n" "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + f_log "err" "dns directory '${adb_dnsdir}' has been misconfigured, it must not point to the 'adb_tmpbase', 'adb_backupdir', 'adb_reportdir' or 'adb_jaildir'" fi - if [ "${adb_action}" = "start" ] && [ "${adb_trigger}" = "timed" ] + if [ "${adb_action}" = "start" ] && [ -z "${adb_trigger}" ] then - sleep "${adb_triggerdelay}" + sleep ${adb_triggerdelay} fi - if [ "${adb_action}" != "stop" ] + if [ "${adb_dns}" != "raw" ] && [ "${adb_action}" != "stop" ] then while [ "${cnt}" -le 30 ] do @@ -198,108 +291,139 @@ f_load() cnt=$((cnt+1)) done - if [ "${dns_up}" != "true" ] || [ -z "${adb_dns}" ] || [ ! -x "$(command -v "${adb_dns}")" ] + if [ -n "${adb_dnsdir}" ] && [ ! -d "${adb_dnsdir}" ] then - f_log "err" "dns backend '${adb_dns}' not running or executable" - elif [ ! -d "${adb_dnsdir}" ] + mkdir -p "${adb_dnsdir}" + if [ "${?}" -eq 0 ] + then + f_log "info" "dns backend directory '${adb_dnsdir}' created" + else + f_log "err" "dns backend directory '${adb_dnsdir}' could not be created" + fi + fi + + if [ ! -f "${adb_dnsdir}/${adb_dnsfile}" ] then - f_log "err" "dns backend directory '${adb_dnsdir}' not found" + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" fi - fi - # inotify check - # - if [ "${adb_dnsinotify}" = "true" ] - then - if [ "${adb_dnsfilereset}" = "true" ] + if [ "${dns_up}" != "true" ] then - adb_dnsfilereset="false" + f_dnsup 4 + if [ "${rc}" -ne 0 ] + then + f_log "err" "dns backend '${adb_dns}' not running or executable" + fi + fi + + if [ "${adb_backup}" -eq 1 ] && [ -n "${adb_backupdir}" ] && [ ! -d "${adb_backupdir}" ] + then + mkdir -p "${adb_backupdir}" + if [ "${?}" -eq 0 ] + then + f_log "info" "backup directory '${adb_backupdir}' created" + else + f_log "err" "backup backend directory '${adb_backupdir}' could not be created" + fi + fi + + if [ -n "${adb_jaildir}" ] && [ ! -d "${adb_jaildir}" ] + then + mkdir -p "${adb_jaildir}" + if [ "${?}" -eq 0 ] + then + f_log "info" "jail directory '${adb_jaildir}' created" + else + f_log "err" "jail directory '${adb_jaildir}' could not be created" + fi fi - f_log "info" "inotify is enabled for '${adb_dns}', adblock restart and file reset will be disabled" fi + f_log "debug" "f_dns ::: dns: ${adb_dns}, dns_dir: ${adb_dnsdir}, dns_file: ${adb_dnsfile}, dns_user: ${adb_dnsuser}, dns_inotify: ${adb_dnsinotify}, dns_instance: ${adb_dnsinstance}, backup: ${adb_backup}, backup_dir: ${adb_backupdir}, jail_dir: ${adb_jaildir}" } -# check & set environment +# load fetch utility # -f_env() +f_fetch() { - local ssl_lib + local util utils cnt=0 - f_log "info" "adblock instance started ::: action: ${adb_action}, priority: ${adb_nice:-"0"}, pid: ${$}" - f_jsnup "running" - f_extconf - - # check backup directory - # - if [ ! -d "${adb_backupdir}" ] + if [ -z "${adb_fetchutil}" ] then - f_log "err" "backup directory '${adb_backupdir}' does not exist/is not mounted yet, please create the directory or raise the 'adb_triggerdelay' to defer the adblock start" - fi - - # check sort temp directory - # - if [ ! -d "${adb_sorttmpdir}" ] + utils="aria2c curl wget uclient-fetch" + for util in ${utils} + do + if { [ "${util}" = "uclient-fetch" ] && [ -n "$(printf "%s" "${adb_packages}" | grep "^libustream-")" ]; } || \ + { [ "${util}" = "wget" ] && [ -n "$(printf "%s" "${adb_packages}" | grep "^wget -")" ]; } || \ + { [ "${util}" != "uclient-fetch" ] && [ "${util}" != "wget" ]; } + then + if [ -x "$(command -v "${util}")" ] + then + adb_fetchutil="${util}" + uci_set adblock global adb_fetchutil "${util}" + f_uci "adblock" + break + fi + fi + done + elif [ ! -x "$(command -v "${adb_fetchutil}")" ] then - f_log "err" "sort temp directory '${adb_sorttmpdir}' does not exist/is not mounted yet, please create the directory or raise the 'adb_triggerdelay' to defer the adblock start" + unset adb_fetchutil fi - - # check fetch utility - # case "${adb_fetchutil}" in - "uclient-fetch") - if [ -f "/lib/libustream-ssl.so" ] - then - adb_fetchparm="${adb_fetchparm:-"--timeout=10 --no-check-certificate -O"}" - ssl_lib="libustream-ssl" - else - adb_fetchparm="${adb_fetchparm:-"--timeout=10 -O"}" - fi - ;; - "wget") - adb_fetchparm="${adb_fetchparm:-"--no-cache --no-cookies --max-redirect=0 --timeout=10 --no-check-certificate -O"}" - ssl_lib="built-in" - ;; - "wget-nossl") - adb_fetchparm="${adb_fetchparm:-"--no-cache --no-cookies --max-redirect=0 --timeout=10 -O"}" - ;; - "busybox") - adb_fetchparm="${adb_fetchparm:-"-O"}" + "aria2c") + adb_fetchparm="${adb_fetchparm:-"--timeout=20 --allow-overwrite=true --auto-file-renaming=false --check-certificate=true --dir=" " -o"}" ;; "curl") - adb_fetchparm="${adb_fetchparm:-"--connect-timeout 10 --silent --show-error --location --insecure -o"}" - ssl_lib="built-in" + adb_fetchparm="${adb_fetchparm:-"--connect-timeout 20 --silent --show-error --location -o"}" ;; - "aria2c") - adb_fetchparm="${adb_fetchparm:-"--timeout=10 --allow-overwrite=true --auto-file-renaming=false --check-certificate=false -o"}" - ssl_lib="built-in" + "uclient-fetch") + adb_fetchparm="${adb_fetchparm:-"--timeout=20 -O"}" + ;; + "wget") + adb_fetchparm="${adb_fetchparm:-"--no-cache --no-cookies --max-redirect=0 --timeout=20 -O"}" ;; esac - adb_fetchutil="$(command -v "${adb_fetchutil}")" - - if [ ! -x "${adb_fetchutil}" ] || [ -z "${adb_fetchutil}" ] || [ -z "${adb_fetchparm}" ] + if [ -n "${adb_fetchutil}" ] && [ -n "${adb_fetchparm}" ] then - f_log "err" "download utility not found, please install 'uclient-fetch' with 'libustream-mbedtls' or the full 'wget' package" + adb_fetchutil="$(command -v "${adb_fetchutil}")" + else + f_log "err" "download utility with SSL support not found, please install 'uclient-fetch' with a 'libustream-*' variant or another download utility like 'wget', 'curl' or 'aria2'" fi - adb_fetchinfo="${adb_fetchutil} (${ssl_lib:-"-"})" - f_temp + f_log "debug" "f_fetch ::: fetch_util: ${adb_fetchutil:-"-"}, fetch_parm: ${adb_fetchparm:-"-"}" } -# create temporary files and directories +# create temporary files, directories and set dependent options # f_temp() { - if [ -d "/tmp" ] && [ -z "${adb_tmpdir}" ] + local cpu core cores + + cpu="$(grep -c '^processor' /proc/cpuinfo 2>/dev/null)" + core="$(grep -cm1 '^core id' /proc/cpuinfo 2>/dev/null)" + if [ "${cpu}" -eq 0 ] then - adb_tmpdir="$(mktemp -p /tmp -d)" - adb_tmpfile="$(mktemp -p "${adb_tmpdir}" -tu)" - elif [ ! -d "/tmp" ] + cpu=1 + fi + if [ "${core}" -eq 0 ] then - f_log "err" "the temp directory '/tmp' does not exist/is not mounted yet, please create the directory or raise the 'adb_triggerdelay' to defer the adblock start" + core=1 fi - if [ ! -f "${adb_pidfile}" ] || [ ! -s "${adb_pidfile}" ] + cores=$((cpu*core)) + + if [ -d "${adb_tmpbase}" ] + then + adb_tmpdir="$(mktemp -p "${adb_tmpbase}" -d)" + adb_tmpload="$(mktemp -p "${adb_tmpdir}" -tu)" + adb_tmpfile="$(mktemp -p "${adb_tmpdir}" -tu)" + adb_srtopts="--temporary-directory=${adb_tmpdir} --compress-program=gzip --batch-size=32 --parallel=${cores}" + else + f_log "err" "the temp base directory '${adb_tmpbase}' does not exist/is not mounted yet, please create the directory or raise the 'adb_triggerdelay' to defer the adblock start" + fi + if [ ! -s "${adb_pidfile}" ] then printf "%s" "${$}" > "${adb_pidfile}" fi + f_log "debug" "f_temp ::: tmp_base: ${adb_tmpbase:-"-"}, tmp_dir: ${adb_tmpdir:-"-"}, cores: ${cores:-"-"}, sort_options: ${adb_srtopts}, pid_file: ${adb_pidfile:-"-"}" } # remove temporary files and directories @@ -310,30 +434,30 @@ f_rmtemp() then rm -rf "${adb_tmpdir}" fi + rm -f "${adb_srcfile}" > "${adb_pidfile}" + f_log "debug" "f_rmtemp ::: tmp_dir: ${adb_tmpdir:-"-"}, src_file: ${adb_srcfile:-"-"}, pid_file: ${adb_pidfile:-"-"}" } -# remove dns related files, services and directories +# remove dns related files # f_rmdns() { - local status dns_status rc + local status status="$(ubus -S call service list '{"name":"adblock"}' 2>/dev/null | jsonfilter -l1 -e '@["adblock"].instances.*.running' 2>/dev/null)" - if [ -n "${adb_dns}" ] && [ -n "${status}" ] + if [ "${adb_dns}" = "raw" ] || { [ -n "${adb_dns}" ] && [ -n "${status}" ]; } then - dns_status="$(ubus -S call service list "{\"name\":\"${adb_dns}\"}" 2>/dev/null | jsonfilter -l1 -e "@[\"${adb_dns}\"].instances.*.running" 2>/dev/null)" - printf "%s\\n" "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" > "${adb_rtfile}" - rm "${adb_backupdir}/${adb_dnsprefix}".*.gz 2>/dev/null - rc="${?}" - if [ "${rc}" -eq 0 ] && [ -n "${dns_status}" ] + if [ "${adb_backup}" -eq 1 ] then - f_dnsup 4 + rm -f "${adb_backupdir}/${adb_dnsprefix}".*.gz fi + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + f_dnsup 4 fi f_rmtemp - f_log "debug" "f_rmdns ::: status: ${status:-"-"}, dns_status: ${dns_status:-"-"}, rc: ${rc:-"-"}, dns: ${adb_dns}, dns_dir: ${adb_dnsdir}, dns_file: ${adb_dnsfile}, rt_file: ${adb_rtfile}, backup_dir: ${adb_backupdir}" + f_log "debug" "f_rmdns ::: dns: ${adb_dns}, status: ${status:-"-"}, dns_dir: ${adb_dnsdir}, dns_file: ${adb_dnsfile}, rt_file: ${adb_rtfile}, backup_dir: ${adb_backupdir:-"-"}" } # commit uci changes @@ -344,7 +468,7 @@ f_uci() if [ -n "${config}" ] then - change="$(uci -q changes "${config}" | awk '{ORS=" "; print $0}')" + change="$(uci -q changes "${config}" | "${adb_awk}" '{ORS=" "; print $0}')" if [ -n "${change}" ] then uci_commit "${config}" @@ -352,8 +476,8 @@ f_uci() "firewall") "/etc/init.d/firewall" reload >/dev/null 2>&1 ;; - "dhcp"|"resolver") - printf "%s\\n" "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + "resolver") + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" f_count f_jsnup "running" "/etc/init.d/${adb_dns}" reload >/dev/null 2>&1 @@ -364,24 +488,31 @@ f_uci() fi } -# set/reset the global counter +# get list counter # f_count() { - local mode="${1}" + local file mode="${1}" name="${2}" adb_cnt=0 case "${mode}" in "blacklist") - if [ -s "${adb_tmpfile}.blacklist" ] + if [ -s "${adb_tmpfile}.${name}" ] then - adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpfile}.blacklist")" + adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpfile}.${name}")" fi ;; "whitelist") - if [ -s "${adb_tmpdir}/tmp.raw.whitelist" ] + if [ -s "${adb_tmpdir}/tmp.raw.${name}" ] then - adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.raw.whitelist")" + adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.raw.${name}")" + rm -f "${adb_tmpdir}/tmp.raw.${name}" + fi + ;; + "safesearch") + if [ -s "${adb_tmpdir}/tmp.safesearch.${name}" ] + then + adb_cnt="$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.safesearch.${name}")" fi ;; "merge") @@ -402,11 +533,18 @@ f_count() adb_cnt="$(wc -l 2>/dev/null < "${adb_dnsdir}/${adb_dnsfile}")" if [ -s "${adb_tmpdir}/tmp.add.whitelist" ] then - adb_cnt="$((adb_cnt-$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.add.whitelist")))" + adb_cnt=$((adb_cnt-$(wc -l 2>/dev/null < "${adb_tmpdir}/tmp.add.whitelist"))) fi - if [ "${adb_dns}" = "named" ] || [ "${adb_dns}" = "kresd" ] || { [ "${adb_dns}" = "dnsmasq" ] && [ "${adb_dnsvariant}" = "null (IPv4/IPv6)" ]; } + for file in "${adb_tmpdir}/tmp.safesearch".* + do + if [ -r "${file}" ] + then + adb_cnt=$((adb_cnt-$(wc -l 2>/dev/null < "${file}"))) + fi + done + if [ -n "${adb_dnsheader}" ] then - adb_cnt="$(((adb_cnt-$(printf "%s" "${adb_dnsheader}" | grep -c "^"))/2))" + adb_cnt=$(((adb_cnt-$(printf "${adb_dnsheader}" | grep -c "^"))/2)) fi fi ;; @@ -417,38 +555,21 @@ f_count() # f_extconf() { - local config port fwcfg + local config instance port fwcfg case "${adb_dns}" in "dnsmasq") config="dhcp" - if [ "${adb_dnsvariant}" = "nxdomain" ] - then - if [ "${adb_enabled}" -eq 1 ] && [ -z "$(uci_get dhcp "@dnsmasq[${adb_dnsinstance}]" serversfile | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" ] - then - uci_set dhcp "@dnsmasq[${adb_dnsinstance}]" serversfile "${adb_dnsdir}/${adb_dnsfile}" - if [ -n "$(uci_get dhcp "@dnsmasq[${adb_dnsinstance}]" addnhosts | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" ] - then - uci -q del_list dhcp.@dnsmasq[${adb_dnsinstance}].addnhosts="${adb_dnsdir}/${adb_dnsfile}" - fi - elif [ "${adb_enabled}" -eq 0 ] && [ -n "$(uci_get dhcp "@dnsmasq[${adb_dnsinstance}]" serversfile | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" ] - then - uci_remove dhcp "@dnsmasq[${adb_dnsinstance}]" serversfile - fi - elif [ "${adb_dnsvariant% *}" = "null" ] - then - if [ "${adb_enabled}" -eq 1 ] && [ -z "$(uci_get dhcp "@dnsmasq[${adb_dnsinstance}]" addnhosts | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" ] + for instance in ${adb_dnsinstance} + do + if [ "${adb_enabled}" -eq 1 ] && [ -z "$(uci_get dhcp "@dnsmasq[${instance}]" confdir | grep -Fo "${adb_dnsdir}")" ] then - uci -q add_list dhcp.@dnsmasq[${adb_dnsinstance}].addnhosts="${adb_dnsdir}/${adb_dnsfile}" - if [ -n "$(uci_get dhcp "@dnsmasq[${adb_dnsinstance}]" serversfile | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" ] - then - uci_remove dhcp "@dnsmasq[${adb_dnsinstance}]" serversfile - fi - elif [ "${adb_enabled}" -eq 0 ] && [ -n "$(uci_get dhcp "@dnsmasq[${adb_dnsinstance}]" addnhosts | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" ] + uci_set dhcp "@dnsmasq[${instance}]" confdir "${adb_dnsdir}" + elif [ "${adb_enabled}" -eq 0 ] && [ -n "$(uci_get dhcp "@dnsmasq[${instance}]" confdir | grep -Fo "${adb_dnsdir}")" ] then - uci_remove dhcp "@dnsmasq[${adb_dnsinstance}]" addnhosts + uci_remove dhcp "@dnsmasq[${instance}]" confdir fi - fi + done ;; "kresd") config="resolver" @@ -501,52 +622,22 @@ f_extconf() f_uci "${config}" } -# restart of the dns backend +# restart dns backend # f_dnsup() { - local dns_service dns_up dns_pid dns_procfile cache_util cache_rc cnt=0 out_rc=4 in_rc="${1:-0}" + local dns_service dns_up dns_pid dns_procfile restart_rc cnt=0 out_rc=4 in_rc="${1:-0}" - if [ "${in_rc}" -eq 0 ] && [ "${adb_dnsinotify}" = "true" ] + if [ "${adb_dns}" = "raw" ] || { [ "${in_rc}" -eq 0 ] && [ "${adb_dnsinotify}" -eq 1 ]; } then out_rc=0 else - if [ "${in_rc}" -eq 0 ] && [ "${adb_dnsflush}" -eq 0 ] && [ "${adb_enabled}" -eq 1 ] - then - case "${adb_dns}" in - "dnsmasq") - killall -q -HUP "${adb_dns}" - cache_rc="${?}" - ;; - "unbound") - cache_util="$(command -v unbound-control)" - if [ -x "${cache_util}" ] && [ -d "${adb_tmpdir}" ] && [ -f "${adb_dnsdir}/unbound.conf" ] - then - "${cache_util}" -c "${adb_dnsdir}/unbound.conf" dump_cache > "${adb_tmpdir}/adb_cache.dump" 2>/dev/null - fi - "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1 - ;; - "kresd") - "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1 - cache_rc="${?}" - ;; - "named") - cache_util="$(command -v rndc)" - if [ -x "${cache_util}" ] && [ -f "/etc/bind/rndc.conf" ] - then - "${cache_util}" -c "/etc/bind/rndc.conf" reload >/dev/null 2>&1 - cache_rc="${?}" - else - "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1 - fi - ;; - esac - else - "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1 - fi - sleep 5 - - while [ "${cnt}" -le 10 ] + "/etc/init.d/${adb_dns}" restart >/dev/null 2>&1 + restart_rc="${?}" + fi + if [ "${restart_rc}" -eq 0 ] + then + while [ "${cnt}" -le "${adb_dnstimeout}" ] do dns_service="$(ubus -S call service list "{\"name\":\"${adb_dns}\"}")" dns_up="$(printf "%s" "${dns_service}" | jsonfilter -l1 -e "@[\"${adb_dns}\"].instances.*.running")" @@ -554,33 +645,25 @@ f_dnsup() dns_procfile="$(ls -l "/proc/${dns_pid}/fd" 2>/dev/null | grep -Fo "${adb_dnsdir}/${adb_dnsfile}")" if [ "${dns_up}" = "true" ] && [ -n "${dns_pid}" ] && [ -z "${dns_procfile}" ] then - case "${adb_dns}" in - "unbound") - cache_util="$(command -v unbound-control)" - if [ -x "${cache_util}" ] && [ -d "${adb_tmpdir}" ] && [ -s "${adb_tmpdir}/adb_cache.dump" ] - then - while [ "${cnt}" -le 10 ] - do - "${cache_util}" -c "${adb_dnsdir}/unbound.conf" load_cache < "${adb_tmpdir}/adb_cache.dump" >/dev/null 2>&1 - cache_rc="${?}" - if [ "${cache_rc}" -eq 0 ] - then - break - fi - cnt=$((cnt+1)) - sleep 1 - done - fi - ;; - esac - out_rc=0 - break + if [ -x "${adb_lookupcmd}" ] && [ "${adb_lookupdomain}" != "false" ] + then + "${adb_lookupcmd}" "${adb_lookupdomain}" >/dev/null 2>&1 + if [ "${?}" -eq 0 ] + then + out_rc=0 + break + fi + else + sleep ${adb_dnstimeout} + out_rc=0 + break + fi fi cnt=$((cnt+1)) sleep 1 done fi - f_log "debug" "f_dnsup ::: inotify: ${adb_dnsinotify}, cache_util: ${cache_util:-"-"}, cache_flush: ${adb_dnsflush}, cache_rc: ${cache_rc:-0}, dns_cnt: ${cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}" + f_log "debug" "f_dnsup ::: lookup_util: ${adb_lookupcmd:-"-"}, lookup_domain: ${adb_lookupdomain:-"-"}, restart_rc: ${restart_rc:-"-"}, dns_timeout: ${adb_dnstimeout}, dns_cnt: ${cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}" return "${out_rc}" } @@ -588,102 +671,230 @@ f_dnsup() # f_list() { - local hold file name out_rc mode="${1}" in_rc="${src_rc:-0}" cnt=1 + local hold file rset item array safe_url safe_ips safe_cname safe_domains out_rc mode="${1}" src_name="${2:-"${src_name}"}" in_rc="${src_rc:-0}" cnt=1 ffiles="-maxdepth 1 -name ${adb_dnsprefix}.*.gz" case "${mode}" in "blacklist"|"whitelist") - if [ "${mode}" = "blacklist" ] && [ -s "${adb_blacklist}" ] + src_name="${mode}" + if [ "${src_name}" = "blacklist" ] && [ -s "${adb_blacklist}" ] then - adb_blacklist_rset="/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" - awk "${adb_blacklist_rset}" "${adb_blacklist}" > "${adb_tmpfile}.${mode}" + rset="/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" + "${adb_awk}" "${rset}" "${adb_blacklist}" | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${adb_tmpdir}/tmp.raw.${src_name}" + sort ${adb_srtopts} -u "${adb_tmpdir}/tmp.raw.${src_name}" 2>/dev/null > "${adb_tmpfile}.${src_name}" out_rc="${?}" - elif [ "${mode}" = "whitelist" ] && [ -s "${adb_whitelist}" ] + rm -f "${adb_tmpdir}/tmp.raw.${src_name}" + elif [ "${src_name}" = "whitelist" ] && [ -s "${adb_whitelist}" ] then - adb_whitelist_rset="/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" - awk "${adb_whitelist_rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.raw.${mode}" + rset="/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower(\$1)}" + "${adb_awk}" "${rset}" "${adb_whitelist}" > "${adb_tmpdir}/tmp.raw.${src_name}" out_rc="${?}" if [ "${out_rc}" -eq 0 ] then - adb_whitelist_rset="/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{gsub(\"\\\\.\",\"\\\\.\",\$1);print tolower(\"^(|.*\\\\.)\"\$1\"$\")}" - awk "${adb_whitelist_rset}" "${adb_tmpdir}/tmp.raw.${mode}" > "${adb_tmpdir}/tmp.rem.${mode}" + rset="/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{gsub(\"\\\\.\",\"\\\\.\",\$1);print tolower(\"^(|.*\\\\.)\"\$1\"$\")}" + "${adb_awk}" "${rset}" "${adb_tmpdir}/tmp.raw.${src_name}" > "${adb_tmpdir}/tmp.rem.${src_name}" out_rc="${?}" - if [ "${out_rc}" -eq 0 ] && [ -n "${adb_dnsallow}" ] + if [ "${out_rc}" -eq 0 ] && [ "${adb_dnsallow}" != "1" ] then - eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${mode}" > "${adb_tmpdir}/tmp.add.${mode}" + eval "${adb_dnsallow}" "${adb_tmpdir}/tmp.raw.${src_name}" > "${adb_tmpdir}/tmp.add.${src_name}" out_rc="${?}" + if [ "${out_rc}" -eq 0 ] && [ "${adb_jail}" = "1" ] && [ "${adb_dnssstop}" != "0" ] + then + > "${adb_jaildir}/${adb_dnsjail}" + if [ -n "${adb_dnsheader}" ] + then + printf "${adb_dnsheader}" >> "${adb_jaildir}/${adb_dnsjail}" + fi + cat "${adb_tmpdir}/tmp.add.${src_name}" >> "${adb_jaildir}/${adb_dnsjail}" + printf "%s\n" "${adb_dnsstop}" >> "${adb_jaildir}/${adb_dnsjail}" + fi fi fi - rm -f "${adb_tmpdir}/tmp.raw.${mode}" + fi + ;; + "safesearch") + case "${src_name}" in + "google") + rset="/^(\\.[[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{printf \"%s\n%s\n\",tolower(\"www\"\$1),tolower(substr(\$1,2,length(\$1)))}" + safe_url="https://www.google.com/supported_domains" + safe_ips="216.239.38.120 2001:4860:4802:32::78" + safe_cname="forcesafesearch.google.com" + safe_domains="${adb_tmpdir}/tmp.load.safesearch.${src_name}" + if [ "${adb_backup}" -eq 1 ] && [ -s "${adb_backupdir}/safesearch.${src_name}.gz" ] + then + zcat "${adb_backupdir}/safesearch.${src_name}.gz" > "${safe_domains}" + out_rc="${?}" + else + "${adb_fetchutil}" ${adb_fetchparm} "${safe_domains}" "${safe_url}" 2>/dev/null + out_rc="${?}" + if [ "${adb_backup}" -eq 1 ] && [ "${out_rc}" -eq 0 ] + then + gzip -cf "${safe_domains}" > "${adb_backupdir}/safesearch.${src_name}.gz" + fi + fi + if [ "${out_rc}" -eq 0 ] + then + "${adb_awk}" "${rset}" "${safe_domains}" > "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="${?}" + fi + ;; + "bing") + safe_ips="204.79.197.220 ::FFFF:CC4F:C5DC" + safe_cname="strict.bing.com" + safe_domains="www.bing.com" + printf "%s\n" ${safe_domains} > "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="${?}" + ;; + "duckduckgo") + safe_ips="50.16.250.179 54.208.102.2 52.204.96.252" + safe_cname="safe.duckduckgo.com" + safe_domains="duckduckgo.com" + printf "%s\n" ${safe_domains} > "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="${?}" + ;; + "pixabay") + safe_ips="104.18.82.97 2606:4700::6812:8d57 2606:4700::6812:5261" + safe_cname="safesearch.pixabay.com" + safe_domains="pixabay.com" + printf "%s\n" ${safe_domains} > "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="${?}" + ;; + "yandex") + safe_ips="213.180.193.56" + safe_cname="familysearch.yandex.ru" + safe_domains="ya.ru yandex.ru yandex.com yandex.com.tr yandex.ua yandex.by yandex.ee yandex.lt yandex.lv yandex.md yandex.uz yandex.tm yandex.tj yandex.az" + printf "%s\n" ${safe_domains} > "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="${?}" + ;; + "youtube") + if [ "${adb_safesearchmod}" -eq 0 ] + then + safe_ips="216.239.38.120 2001:4860:4802:32::78" + safe_cname="restrict.youtube.com" + else + safe_ips="216.239.38.119 2001:4860:4802:32::77" + safe_cname="restrictmoderate.youtube.com" + fi + safe_domains="www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com" + printf "%s\n" ${safe_domains} > "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" + out_rc="${?}" + ;; + esac + if [ "${out_rc}" -eq 0 ] + then + > "${adb_tmpdir}/tmp.safesearch.${src_name}" + if [ "${adb_dns}" = "named" ] || [ "${adb_dns}" = "kresd" ] + then + array="${safe_cname}" + else + array="${safe_ips}" + fi + for item in ${array} + do + eval "${adb_dnssafesearch}" "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" >> "${adb_tmpdir}/tmp.safesearch.${src_name}" + if [ "${?}" -ne 0 ] + then + rm -f "${adb_tmpdir}/tmp.safesearch.${src_name}" + break + fi + done + out_rc="${?}" + rm -f "${adb_tmpdir}/tmp.raw.safesearch.${src_name}" fi ;; "backup") - gzip -cf "${src_tmpfile}" 2>/dev/null > "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" - out_rc="${?}" + ( + gzip -cf "${src_tmpfile}" > "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" + out_rc="${?}" + )& ;; "restore") if [ -n "${src_name}" ] && [ -s "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" ] then - zcat "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" 2>/dev/null > "${src_tmpfile}" + zcat "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" > "${src_tmpfile}" out_rc="${?}" elif [ -z "${src_name}" ] then for file in "${adb_backupdir}/${adb_dnsprefix}".*.gz do - name="${file##*/}" - name="${name%.*}" - zcat "${file}" 2>/dev/null > "${adb_tmpfile}.${name}" & - hold=$((cnt%adb_maxqueue)) - if [ "${hold}" -eq 0 ] + if [ -r "${file}" ] then - wait + name="${file##*/}" + name="${name%.*}" + zcat "${file}" > "${adb_tmpfile}.${name}" & + hold=$((cnt%adb_maxqueue)) + if [ "${hold}" -eq 0 ] + then + wait + fi + cnt=$((cnt+1)) fi - cnt=$((cnt+1)) done wait out_rc="${?}" + else + out_rc=4 + fi + if [ "${adb_action}" != "start" ] && [ "${adb_action}" != "resume" ] && [ -n "${src_name}" ] && [ "${out_rc}" -ne 0 ] + then + adb_sources="${adb_sources/${src_name}}" fi ;; "remove") - if [ -f "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" ] + if [ "${adb_backup}" -eq 1 ] then - rm -f "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" - out_rc="${?}" + rm "${adb_backupdir}/${adb_dnsprefix}.${src_name}.gz" 2>/dev/null fi + out_rc="${?}" + adb_sources="${adb_sources/${src_name}}" ;; "merge") - > "${adb_tmpdir}/${adb_dnsfile}" - for file in "${adb_tmpfile}".* - do - cat "${file}" 2>/dev/null >> "${adb_tmpdir}/${adb_dnsfile}" - out_rc="${?}" - if [ "${out_rc}" -ne 0 ] + if [ "${adb_backup}" -eq 1 ] + then + for src_name in ${adb_sources} + do + ffiles="${ffiles} -a ! -name ${adb_dnsprefix}.${src_name}.gz" + done + if [ "${adb_safesearch}" -eq 1 ] && [ "${adb_dnssafesearch}" != "0" ] then - break + ffiles="${ffiles} -a ! -name safesearch.google.gz" fi - done + find "${adb_backupdir}" ${ffiles} -print0 2>/dev/null | xargs -0 rm 2>/dev/null + fi + unset src_name + sort ${adb_srtopts} -mu "${adb_tmpfile}".* 2>/dev/null > "${adb_tmpdir}/${adb_dnsfile}" + out_rc="${?}" rm -f "${adb_tmpfile}".* ;; "final") - > "${adb_dnsdir}/${adb_dnsfile}" + unset src_name + if [ -n "${adb_dnsheader}" ] + then + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + else + > "${adb_dnsdir}/${adb_dnsfile}" + fi if [ -s "${adb_tmpdir}/tmp.add.whitelist" ] then cat "${adb_tmpdir}/tmp.add.whitelist" >> "${adb_dnsdir}/${adb_dnsfile}" fi - if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ] + for file in "${adb_tmpdir}/tmp.safesearch".* + do + if [ -r "${file}" ] + then + cat "${file}" >> "${adb_dnsdir}/${adb_dnsfile}" + fi + done + if [ "${adb_dnsdeny}" != "0" ] then - egrep -vf "${adb_tmpdir}/tmp.rem.whitelist" "${adb_tmpdir}/${adb_dnsfile}" | eval "${adb_dnsdeny}" >> "${adb_dnsdir}/${adb_dnsfile}" - else eval "${adb_dnsdeny}" "${adb_tmpdir}/${adb_dnsfile}" >> "${adb_dnsdir}/${adb_dnsfile}" - fi - if [ -n "${adb_dnsheader}" ] - then - printf "%s\\n" "${adb_dnsheader}" | cat - "${adb_dnsdir}/${adb_dnsfile}" > "${adb_tmpdir}/${adb_dnsfile}" - mv -f "${adb_tmpdir}/${adb_dnsfile}" "${adb_dnsdir}/${adb_dnsfile}" + else + mv "${adb_tmpdir}/${adb_dnsfile}" "${adb_dnsdir}/${adb_dnsfile}" fi out_rc="${?}" ;; esac - f_count "${mode}" + f_count "${mode}" "${src_name}" out_rc="${out_rc:-"${in_rc}"}" f_log "debug" "f_list ::: name: ${src_name:-"-"}, mode: ${mode}, cnt: ${adb_cnt}, in_rc: ${in_rc}, out_rc: ${out_rc}" return "${out_rc}" @@ -693,80 +904,39 @@ f_list() # f_tld() { - local cnt cnt_srt cnt_tld source="${1}" temp_tld="${1}.tld" tld_ok="false" + local cnt cnt_tld source="${1}" temp_tld="${1}.tld" - cnt="${adb_cnt}" - if [ "${adb_dnsvariant% *}" != "null" ] && [ "${adb_cnt}" -le "${adb_maxtld}" ] + "${adb_awk}" '{if(NR==1){tld=$NF};while(getline){if(index($NF,tld".")==0){print tld;tld=$NF}}print tld}' "${source}" | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${temp_tld}" + if [ "${?}" -eq 0 ] then - awk 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "${source}" > "${temp_tld}" - if [ "${?}" -eq 0 ] - then - sort -T "${adb_sorttmpdir}" -u "${temp_tld}" > "${source}" - if [ "${?}" -eq 0 ] - then - cnt_srt="$(wc -l 2>/dev/null < "${source}")" - awk '{if(NR==1){tld=$NF};while(getline){if($NF!~tld"\\."){print tld;tld=$NF}}print tld}' "${source}" > "${temp_tld}" - if [ "${?}" -eq 0 ] - then - awk 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "${temp_tld}" > "${source}" - if [ "${?}" -eq 0 ] - then - rm -f "${temp_tld}" - cnt_tld="$(wc -l 2>/dev/null < "${source}")" - tld_ok="true" - fi - fi - fi - fi + mv -f "${temp_tld}" "${source}" + cnt_tld="$(wc -l 2>/dev/null < "${source}")" else - sort -T "${adb_sorttmpdir}" -u "${source}" > "${temp_tld}" - if [ "${?}" -eq 0 ] - then - mv -f "${temp_tld}" "${source}" - cnt_srt="$(wc -l 2>/dev/null < "${source}")" - tld_ok="true" - fi - fi - if [ "${tld_ok}" = "false" ] - then - unset cnt_srt cnt_tld - rm -f "${temp_tld}" "${source}" - f_list blacklist - f_list whitelist - f_list restore - f_list merge - f_list final - cnt="${adb_cnt}" + rm -f "${temp_tld}" fi - f_log "debug" "f_tld ::: source: ${source}, max_tld: ${adb_maxtld}, cnt: ${cnt:-"-"}, cnt_srt: ${cnt_srt:-"-"}, cnt_tld: ${cnt_tld:-"-"}, tld_ok: ${tld_ok}" + f_log "debug" "f_tld ::: source: ${source}, cnt: ${adb_cnt:-"-"}, cnt_tld: ${cnt_tld:-"-"}" } # suspend/resume adblock processing # f_switch() { - local status done="false" mode="${1}" + local status list entry done="false" mode="${1}" json_load_file "${adb_rtfile}" >/dev/null 2>&1 json_select "data" >/dev/null 2>&1 json_get_var status "adblock_status" if [ "${mode}" = "suspend" ] && [ "${status}" = "enabled" ] then - f_jsnup "running" - f_temp - printf "%s\\n" "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + f_env + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" f_count done="true" elif [ "${mode}" = "resume" ] && [ "${status}" = "paused" ] then - f_jsnup "running" - f_temp - f_list blacklist - f_list whitelist - f_list restore - f_list merge - f_tld "${adb_tmpdir}/${adb_dnsfile}" - f_list final + f_env + f_main done="true" fi if [ "${done}" = "true" ] @@ -774,16 +944,16 @@ f_switch() if [ "${mode}" = "suspend" ] then f_bgserv "stop" + f_dnsup fi - f_dnsup if [ "${mode}" = "resume" ] then f_bgserv "start" fi f_jsnup "${mode}" f_log "info" "${mode} adblock processing" - f_rmtemp fi + f_rmtemp } # query blocklist for certain (sub-)domains @@ -794,21 +964,13 @@ f_query() if [ -z "${domain}" ] || [ "${domain}" = "${tld}" ] then - printf "%s\\n" "::: invalid domain input, please submit a single domain, e.g. 'doubleclick.net'" + printf "%s\\n" "::: invalid input, please submit a single (sub-)domain :::" else case "${adb_dns}" in "dnsmasq") - if [ "${adb_dnsvariant}" = "nxdomain" ] - then - prefix=".*[\\/\\.]" - suffix="(\\/)" - field=2 - elif [ "${adb_dnsvariant% *}" = "null" ] - then - prefix="0\\..*[\\t\\.]" - suffix="" - field=2 - fi + prefix=".*[\\/\\.]" + suffix="(\\/)" + field=2 ;; "unbound") prefix=".*[\"\\.]" @@ -825,35 +987,49 @@ f_query() suffix="( \\.)" field=1 ;; + "raw") + prefix=".*[\\.]" + suffix="" + field=1 + ;; esac - if [ "${adb_dnsfilereset}" = "false" ] + if [ "${adb_dnsfilereset}" -eq 0 ] then while [ "${domain}" != "${tld}" ] do search="${domain//[+*~%\$&\"\']/}" search="${search//./\\.}" - result="$(awk -F '/|\"|\t| ' "/^(${search}|${prefix}+${search}.*${suffix}$)/{i++;{printf(\" + %s\\n\",\$${field})};if(i>9){printf(\" + %s\\n\",\"[...]\");exit}}" "${adb_dnsdir}/${adb_dnsfile}")" - printf "%s\\n%s\\n%s\\n" ":::" "::: results for domain '${domain}' in active blocklist" ":::" + result="$("${adb_awk}" -F '/|\"|\t| ' "/^(${search}|${prefix}+${search}.*${suffix})$/{i++;if(i<=9){printf \" + %s\\n\",\$${field}}else if(i==10){printf \" + %s\\n\",\"[...]\";exit}}" "${adb_dnsdir}/${adb_dnsfile}")" + printf "%s\\n%s\\n%s\\n" ":::" "::: domain '${domain}' in active blocklist" ":::" printf "%s\\n\\n" "${result:-" - no match"}" domain="${tld}" tld="${domain#*.}" done fi - if [ -d "${adb_backupdir}" ] + if [ "${adb_backup}" -eq 1 ] && [ -d "${adb_backupdir}" ] then search="${1//[+*~%\$&\"\']/}" search="${search//./\\.}" - printf "%s\\n%s\\n%s\\n" ":::" "::: results for domain '${1}' in backups and black-/whitelist" ":::" + printf "%s\\n%s\\n%s\\n" ":::" "::: domain '${1}' in backups and black-/whitelist" ":::" for file in "${adb_backupdir}/${adb_dnsprefix}".*.gz "${adb_blacklist}" "${adb_whitelist}" do suffix="${file##*.}" if [ "${suffix}" = "gz" ] then - zcat "${file}" 2>/dev/null | awk -v f="${file##*/}" "/^($search|.*\\.${search})/{i++;{printf(\" + %-30s%s\\n\",f,\$1)};if(i>=3){printf(\" + %-30s%s\\n\",f,\"[...]\");exit}}" + zcat "${file}" 2>/dev/null | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' | "${adb_awk}" -v f="${file##*/}" "BEGIN{rc=1};/^($search|.*\\.${search})$/{i++;if(i<=3){printf \" + %-30s%s\\n\",f,\$1;rc=0}else if(i==4){printf \" + %-30s%s\\n\",f,\"[...]\"}};END{exit rc}" else - awk -v f="${file##*/}" "/^($search|.*\\.${search})/{i++;{printf(\" + %-30s%s\\n\",f,\$1)};if(i>=3){printf(\" + %-30s%s\\n\",f,\"[...]\");exit}}" "${file}" + "${adb_awk}" -v f="${file##*/}" "BEGIN{rc=1};/^($search|.*\\.${search})$/{i++;if(i<=3){printf \" + %-30s%s\\n\",f,\$1;rc=0}else if(i==4){printf \" + %-30s%s\\n\",f,\"[...]\"}};END{exit rc}" "${file}" + fi + if [ "${?}" -eq 0 ] + then + result="true" fi done + if [ "${result}" != "true" ] + then + printf "%s\\n\\n" " - no match" + fi fi fi } @@ -862,11 +1038,22 @@ f_query() # f_jsnup() { - local run_time bg_pid status="${1:-"enabled"}" + local runtime utils memory bg_pid status="${1:-"enabled"}" case "${status}" in "enabled"|"error") - run_time="$(/bin/date "+%d.%m.%Y %H:%M:%S")" + adb_endtime="$(date "+%s")" + memory="$("${adb_awk}" '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null | "${adb_awk}" '{print substr($0,1,length($0)-1)}')" + if [ "$(( (adb_endtime-adb_starttime)/60 ))" -lt 60 ] + then + runtime="${adb_action}, $(( (adb_endtime-adb_starttime)/60 ))m $(( (adb_endtime-adb_starttime)%60 ))s, ${memory:-0}, $(date "+%d.%m.%Y %H:%M:%S")" + else + runtime="${adb_action}, n/a, ${memory:-0}, $(date "+%d.%m.%Y %H:%M:%S")" + fi + if [ "${status}" = "error" ] + then + adb_cnt=0 + fi ;; "suspend") status="paused" @@ -879,18 +1066,20 @@ f_jsnup() json_select "data" >/dev/null 2>&1 if [ "${?}" -eq 0 ] then - if [ -z "${adb_fetchinfo}" ] + if [ -z "${adb_fetchutil}" ] || [ -z "${adb_awk}" ] then - json_get_var adb_fetchinfo "fetch_utility" + json_get_var utils "utilities" + else + utils="${adb_fetchutil}, ${adb_awk}" fi if [ -z "${adb_cnt}" ] then - json_get_var adb_cnt "overall_domains" + json_get_var adb_cnt "blocked_domains" adb_cnt="${adb_cnt%% *}" fi - if [ -z "${run_time}" ] + if [ -z "${runtime}" ] then - json_get_var run_time "last_rundate" + json_get_var runtime "last_run" fi fi > "${adb_rtfile}" @@ -899,23 +1088,32 @@ f_jsnup() json_add_object "data" json_add_string "adblock_status" "${status:-"enabled"}" json_add_string "adblock_version" "${adb_ver}" - json_add_string "overall_domains" "${adb_cnt:-0}" - json_add_string "fetch_utility" "${adb_fetchinfo:-"-"}" + json_add_string "blocked_domains" "${adb_cnt:-0}" + json_add_array "active_sources" + for entry in ${adb_sources} + do + json_add_object + json_add_string "source" "${entry}" + json_close_object + done + json_close_array json_add_string "dns_backend" "${adb_dns}, ${adb_dnsdir}" - json_add_string "dns_variant" "${adb_dnsvariant}, ${adb_dnsfilereset:-"false"}" - json_add_string "backup_dir" "${adb_backupdir}" - json_add_string "last_rundate" "${run_time:-"-"}" - json_add_string "system_release" "${adb_sysver}" + json_add_string "run_utils" "${utils:-"-"}" + json_add_string "run_ifaces" "trigger: ${adb_trigger:-"-"}, report: ${adb_repiface:-"-"}" + json_add_string "run_directories" "base: ${adb_tmpbase}, backup: ${adb_backupdir}, report: ${adb_reportdir}, jail: ${adb_jaildir}" + json_add_string "run_flags" "backup: ${adb_backup}, reset: ${adb_dnsfilereset}, flush: ${adb_dnsflush}, force: ${adb_forcedns}, search: ${adb_safesearch}, report: ${adb_report}, mail: ${adb_mail}, jail: ${adb_jail}" + json_add_string "last_run" "${runtime:-"-"}" + json_add_string "system" "${adb_sysver}" json_close_object json_dump > "${adb_rtfile}" if [ "${adb_mail}" -eq 1 ] && [ -x "${adb_mailservice}" ] && \ - { [ "${status}" = "error" ] || { [ "${status}" = "enabled" ] && [ "${adb_cnt}" -le "${adb_mcnt}" ]; } } + { [ "${status}" = "error" ] || { [ "${status}" = "enabled" ] && [ "${adb_cnt}" -le "${adb_mailcnt}" ]; } } then - ("${adb_mailservice}" "${adb_ver}" >/dev/null 2>&1)& + ( "${adb_mailservice}" "${adb_ver}" >/dev/null 2>&1 )& bg_pid="${!}" fi - f_log "debug" "f_jsnup ::: status: ${status:-"-"}, cnt: ${adb_cnt}, mail: ${adb_mail}, mail_service: ${adb_mailservice}, mail_cnt: ${adb_mcnt}, mail_pid: ${bg_pid:-"-"}" + f_log "debug" "f_jsnup ::: status: ${status:-"-"}, cnt: ${adb_cnt}, mail: ${adb_mail}, mail_service: ${adb_mailservice}, mail_cnt: ${adb_mailcnt}, mail_pid: ${bg_pid:-"-"}" } # write to syslog @@ -926,9 +1124,9 @@ f_log() if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${adb_debug}" -eq 1 ]; } then - if [ -x "${adb_logger}" ] + if [ -x "${adb_loggercmd}" ] then - "${adb_logger}" -p "${class}" -t "adblock-${adb_ver}[${$}]" "${log_msg}" + "${adb_loggercmd}" -p "${class}" -t "adblock-${adb_ver}[${$}]" "${log_msg}" else printf "%s %s %s\\n" "${class}" "adblock-${adb_ver}[${$}]" "${log_msg}" fi @@ -948,9 +1146,9 @@ f_bgserv() { local bg_pid status="${1}" - bg_pid="$(pgrep -f "^/bin/sh ${adb_ubusservice}.*|^/bin/ubus -S -M r -m invoke monitor|^grep -qF \"method\":\"set\",\"data\":\\{\"name\":\"${adb_dns}\"" | awk '{ORS=" "; print $1}')" - if [ -z "${bg_pid}" ] && [ "${status}" = "start" ] \ - && [ -x "${adb_ubusservice}" ] && [ "${adb_dnsfilereset}" = "true" ] + bg_pid="$(pgrep -f "^/bin/sh ${adb_ubusservice}.*|^/bin/ubus -S -M r -m invoke monitor|^grep -qF \"method\":\"set\",\"data\":\\{\"name\":\"${adb_dns}\"" | "${adb_awk}" '{ORS=" "; print $1}')" + if [ "${adb_dns}" != "raw" ] && [ -z "${bg_pid}" ] && [ "${status}" = "start" ] \ + && [ -x "${adb_ubusservice}" ] && [ "${adb_dnsfilereset}" -eq 1 ] then ( "${adb_ubusservice}" "${adb_ver}" & ) elif [ -n "${bg_pid}" ] && [ "${status}" = "stop" ] @@ -964,30 +1162,53 @@ f_bgserv() # f_main() { - local src_tmpload src_tmpfile src_name src_rset src_url src_log src_arc src_cat src_item src_rc list entry suffix mem_total mem_free enabled cnt=1 + local src_tmpload src_tmpfile src_name src_rset src_url src_log src_arc src_cat src_item src_list src_entries src_suffix src_rc entry keylist memory cnt=1 - mem_total="$(awk '/^MemTotal/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)" - mem_free="$(awk '/^MemFree/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)" - f_log "debug" "f_main ::: dns: ${adb_dns}, fetch_util: ${adb_fetchinfo}, force_dns: ${adb_forcedns}, mem_total: ${mem_total:-0}, mem_free: ${mem_free:-0}, max_queue: ${adb_maxqueue}" + memory="$("${adb_awk}" '/^MemTotal|^MemFree|^MemAvailable/{ORS="/"; print int($2/1000)}' "/proc/meminfo" 2>/dev/null | "${adb_awk}" '{print substr($0,1,length($0)-1)}')" + f_log "debug" "f_main ::: memory: ${memory:-0}, max_queue: ${adb_maxqueue}, safe_search: ${adb_safesearch}, force_dns: ${adb_forcedns}, awk: ${adb_awk}" + + # white- and blacklist preparation + # + list="blacklist whitelist" + for entry in ${list} + do + ( f_list "${entry}" "${entry}" )& + done + + # safe search preparation + # + if [ "${adb_safesearch}" -eq 1 ] && [ "${adb_dnssafesearch}" != "0" ] + then + list="google bing duckduckgo pixabay yandex youtube" + for entry in ${list} + do + ( f_list safesearch "${entry}" )& + done + fi + wait # main loop # - f_list blacklist - f_list whitelist for src_name in ${adb_sources} do - enabled="$(eval printf "%s" \"\$\{enabled_${src_name}\}\")" - src_url="$(eval printf "%s" \"\$\{adb_src_${src_name}\}\")" - src_rset="$(eval printf "%s" \"\$\{adb_src_rset_${src_name}\}\")" - src_cat="$(eval printf "%s" \"\$\{adb_src_cat_${src_name}\}\")" - src_tmpload="${adb_tmpfile}.${src_name}.load" - src_tmpfile="${adb_tmpfile}.${src_name}.file" + json_select "${src_name}" >/dev/null 2>&1 + if [ "${?}" -ne 0 ] + then + adb_sources="${adb_sources/${src_name}}" + continue + fi + json_get_var src_url "url" >/dev/null 2>&1 + json_get_var src_rset "rule" >/dev/null 2>&1 + json_get_values src_cat "categories" >/dev/null 2>&1 + json_select .. + src_tmpload="${adb_tmpload}.${src_name}.load" + src_tmpsort="${adb_tmpload}.${src_name}.sort" + src_tmpfile="${adb_tmpfile}.${src_name}" src_rc=4 # basic pre-checks # - f_log "debug" "f_main ::: name: ${src_name}, enabled: ${enabled}" - if [ "${enabled}" != "1" ] || [ -f "${src_url}" ] || [ -z "${src_url}" ] || [ -z "${src_rset}" ] + if [ -z "${src_url}" ] || [ -z "${src_rset}" ] then f_list remove continue @@ -995,7 +1216,7 @@ f_main() # backup mode # - if [ "${adb_action}" = "start" ] + if [ "${adb_backup}" -eq 1 ] && { [ "${adb_action}" = "start" ] || [ "${adb_action}" = "resume" ]; } then f_list restore if [ "${?}" -eq 0 ] && [ -s "${src_tmpfile}" ] @@ -1014,65 +1235,94 @@ f_main() src_rc="${?}" if [ "${src_rc}" -eq 0 ] && [ -s "${src_arc}" ] then - list="$(tar -tzf "${src_arc}")" - suffix="$(eval printf "%s" \"\$\{adb_src_suffix_${src_name}:-\"domains\"\}\")" + unset src_entries + src_suffix="$(eval printf "%s" \"\$\{adb_src_suffix_${src_name}:-\"domains\"\}\")" + src_list="$(tar -tzf "${src_arc}" 2>/dev/null)" for src_item in ${src_cat} do - entry="$(printf "%s" "${list}" | grep -E "[\\^/]+${src_item}/${suffix}")" - if [ -n "${entry}" ] - then - tar -xOzf "${src_arc}" "${entry}" >> "${src_tmpload}" - src_rc="${?}" - if [ "${src_rc}" -ne 0 ] - then - break - fi - fi + src_entries="${src_entries} $(printf "%s" "${src_list}" | grep -E "${src_item}/${src_suffix}$")" done + if [ -n "${src_entries}" ] + then + tar -xOzf "${src_arc}" ${src_entries} 2>/dev/null > "${src_tmpload}" + src_rc="${?}" + fi + rm -f "${src_arc}" else - src_log="$(printf "%s" "${src_log}" | awk '{ORS=" ";print $0}')" - f_log "debug" "f_main ::: name: ${src_name}, url: ${src_url}, rc: ${src_rc}, log: ${src_log:-"-"}" + src_log="$(printf "%s" "${src_log}" | "${adb_awk}" '{ORS=" ";print $0}')" + f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}, log: ${src_log:-"-"}" fi if [ "${src_rc}" -eq 0 ] && [ -s "${src_tmpload}" ] then - rm -f "${src_arc}" - awk "${src_rset}" "${src_tmpload}" 2>/dev/null > "${src_tmpfile}" + if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ] + then + "${adb_awk}" "${src_rset}" "${src_tmpload}" | \ + grep -Evf "${adb_tmpdir}/tmp.rem.whitelist" | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${src_tmpsort}" + else + "${adb_awk}" "${src_rset}" "${src_tmpload}" | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${src_tmpsort}" + fi + rm -f "${src_tmpload}" + sort ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null > "${src_tmpfile}" src_rc="${?}" + rm -f "${src_tmpsort}" if [ "${src_rc}" -eq 0 ] && [ -s "${src_tmpfile}" ] then - rm -f "${src_tmpload}" f_list download - f_list backup - elif [ "${adb_action}" != "start" ] + if [ "${adb_backup}" -eq 1 ] + then + f_list backup + fi + elif [ "${adb_backup}" -eq 1 ] && [ "${adb_action}" != "start" ] then + f_log "info" "archive preparation of '${src_name}' failed, categories: ${src_cat:-"-"}, entries: ${src_entries}, rc: ${src_rc}" f_list restore + rm -f "${src_tmpfile}" fi - elif [ "${adb_action}" != "start" ] + elif [ "${adb_backup}" -eq 1 ] && [ "${adb_action}" != "start" ] then + f_log "info" "archive extraction of '${src_name}' failed, categories: ${src_cat:-"-"}, entries: ${src_entries}, rc: ${src_rc}" f_list restore fi )& + continue else ( src_log="$("${adb_fetchutil}" ${adb_fetchparm} "${src_tmpload}" "${src_url}" 2>&1)" src_rc="${?}" if [ "${src_rc}" -eq 0 ] && [ -s "${src_tmpload}" ] then - awk "${src_rset}" "${src_tmpload}" 2>/dev/null > "${src_tmpfile}" + if [ -s "${adb_tmpdir}/tmp.rem.whitelist" ] + then + "${adb_awk}" "${src_rset}" "${src_tmpload}" | \ + grep -Evf "${adb_tmpdir}/tmp.rem.whitelist" | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${src_tmpsort}" + else + "${adb_awk}" "${src_rset}" "${src_tmpload}" | \ + "${adb_awk}" 'BEGIN{FS="."}{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' > "${src_tmpsort}" + fi + rm -f "${src_tmpload}" + sort ${adb_srtopts} -u "${src_tmpsort}" 2>/dev/null > "${src_tmpfile}" src_rc="${?}" + rm -f "${src_tmpsort}" if [ "${src_rc}" -eq 0 ] && [ -s "${src_tmpfile}" ] then - rm -f "${src_tmpload}" f_list download - f_list backup - elif [ "${adb_action}" != "start" ] + if [ "${adb_backup}" -eq 1 ] + then + f_list backup + fi + elif [ "${adb_backup}" -eq 1 ] && [ "${adb_action}" != "start" ] then + f_log "info" "preparation of '${src_name}' failed, rc: ${src_rc}" f_list restore + rm -f "${src_tmpfile}" fi else - src_log="$(printf "%s" "${src_log}" | awk '{ORS=" ";print $0}')" - f_log "debug" "f_main ::: name: ${src_name}, url: ${src_url}, rc: ${src_rc}, log: ${src_log:-"-"}" - if [ "${adb_action}" != "start" ] + src_log="$(printf "%s" "${src_log}" | "${adb_awk}" '{ORS=" ";print $0}')" + f_log "info" "download of '${src_name}' failed, url: ${src_url}, rule: ${src_rset:-"-"}, categories: ${src_cat:-"-"}, rc: ${src_rc}, log: ${src_log:-"-"}" + if [ "${adb_backup}" -eq 1 ] && [ "${adb_action}" != "start" ] then f_list restore fi @@ -1087,7 +1337,6 @@ f_main() cnt=$((cnt+1)) done wait - unset src_name f_list merge # tld compression and dns restart @@ -1097,23 +1346,26 @@ f_main() f_tld "${adb_tmpdir}/${adb_dnsfile}" f_list final else - > "${adb_dnsdir}/${adb_dnsfile}" + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" fi chown "${adb_dnsuser}" "${adb_dnsdir}/${adb_dnsfile}" 2>/dev/null f_dnsup if [ "${?}" -eq 0 ] then - f_jsnup "enabled" - if [ "${adb_dnsfilereset}" = "true" ] + if [ "${adb_action}" != "resume" ] + then + f_jsnup "enabled" + fi + if [ "${adb_dns}" != "raw" ] && [ "${adb_dnsfilereset}" -eq 1 ] then - printf "%s\\n" "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" - f_log "info" "blocklist with overall ${adb_cnt} domains loaded successfully and reset afterwards (${adb_sysver})" + printf "${adb_dnsheader}" > "${adb_dnsdir}/${adb_dnsfile}" + f_log "info" "blocklist with overall ${adb_cnt} blocked domains loaded successfully and reset afterwards (${adb_sysver})" f_bgserv "start" else - f_log "info" "blocklist with overall ${adb_cnt} domains loaded successfully (${adb_sysver})" + f_log "info" "blocklist with overall ${adb_cnt} blocked domains loaded successfully (${adb_sysver})" fi else - f_log "err" "dns backend restart with active blocklist failed" + f_log "err" "dns backend restart with adblock blocklist failed" fi f_rmtemp } @@ -1122,19 +1374,19 @@ f_main() # f_report() { - local bg_pid status total blocked percent rep_clients rep_domains rep_blocked index hold ports cnt=0 search="${1}" count="${2}" filter="${3}" print="${4}" + local iface bg_pid status total start end blocked percent top_list top array item index hold ports cnt=0 search="${1}" count="${2}" process="${3}" print="${4}" - if [ "${adb_report}" -eq 1 ] && [ ! -x "${adb_reputil}" ] + if [ "${adb_report}" -eq 1 ] && [ ! -x "${adb_dumpcmd}" ] then - f_log "info" "Please install the package 'tcpdump' or 'tcpdump-mini' to use the adblock reporting feature!" + f_log "info" "Please install the package 'tcpdump' or 'tcpdump-mini' to use the reporting feature" elif [ "${adb_report}" -eq 0 ] && [ "${adb_action}" = "report" ] then - f_log "info" "Please enable the extra option 'adb_report' to use the adblock reporting feature!" + f_log "info" "Please enable the 'DNS Report' option to use the reporting feature" fi - if [ -x "${adb_reputil}" ] + if [ -x "${adb_dumpcmd}" ] then - bg_pid="$(pgrep -f "^${adb_reputil}.*adb_report\\.pcap$" | awk '{ORS=" "; print $1}')" + bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')" if [ "${adb_report}" -eq 0 ] || { [ -n "${bg_pid}" ] && { [ "${adb_action}" = "stop" ] || [ "${adb_action}" = "restart" ]; } } then if [ -n "${bg_pid}" ] @@ -1149,7 +1401,7 @@ f_report() fi fi - if [ -x "${adb_reputil}" ] && [ "${adb_report}" -eq 1 ] + if [ -x "${adb_dumpcmd}" ] && [ "${adb_report}" -eq 1 ] then if [ -z "${bg_pid}" ] && [ "${adb_action}" != "report" ] && [ "${adb_action}" != "stop" ] then @@ -1162,19 +1414,47 @@ f_report() ports="${ports} or port ${port}" fi done - ( "${adb_reputil}" -nn -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_repdir}/adb_report.pcap" >/dev/null 2>&1 & ) - bg_pid="$(pgrep -f "^${adb_reputil}.*adb_report\\.pcap$" | awk '{ORS=" "; print $1}')" + if [ -z "${adb_repiface}" ] + then + network_get_device iface "lan" + if [ -n "${iface}" ] + then + adb_repiface="${iface}" + else + network_get_physdev iface "lan" + if [ -n "${iface}" ] + then + adb_repiface="${iface}" + fi + fi + if [ -n "${adb_repiface}" ] + then + uci_set adblock global adb_repiface "${adb_repiface}" + f_uci "adblock" + fi + fi + if [ -n "${adb_reportdir}" ] && [ ! -d "${adb_reportdir}" ] + then + mkdir -p "${adb_reportdir}" + f_log "info" "report directory '${adb_reportdir}' created" + fi + if [ -n "${adb_repiface}" ] && [ -d "${adb_reportdir}" ] + then + ( "${adb_dumpcmd}" -nn -s0 -l -i ${adb_repiface} ${ports} -C${adb_repchunksize} -W${adb_repchunkcnt} -w "${adb_reportdir}/adb_report.pcap" >/dev/null 2>&1 & ) + bg_pid="$(pgrep -f "^${adb_dumpcmd}.*adb_report\\.pcap$" | "${adb_awk}" '{ORS=" "; print $1}')" + else + f_log "info" "Please set the name of the reporting network device 'adb_repiface' manually" + fi fi - if [ "${adb_action}" = "report" ] && [ "${filter}" = "false" ] + if [ "${adb_action}" = "report" ] && [ "${process}" = "true" ] then - > "${adb_repdir}/adb_report.raw" - for file in "${adb_repdir}/adb_report.pcap"* + > "${adb_reportdir}/adb_report.raw" + for file in "${adb_reportdir}/adb_report.pcap"* do ( - "${adb_reputil}" -tttt -r "${file}" 2>/dev/null | \ - awk -v cnt="${cnt}" '!/\.lan\. /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);d=cnt $7;sub(/\*$/,"",d); - e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);printf("%s\t%s\t%s\t%s\t%s\n", a,b,c,d,e)}' >> "${adb_repdir}/adb_report.raw" + "${adb_dumpcmd}" -tttt -r "${file}" 2>/dev/null | \ + "${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);d=cnt $7;sub(/\*$/,"",d);e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);printf "%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >> "${adb_reportdir}/adb_report.raw" )& hold=$((cnt%adb_maxqueue)) if [ "${hold}" -eq 0 ] @@ -1184,85 +1464,62 @@ f_report() cnt=$((cnt+1)) done wait - - if [ -s "${adb_repdir}/adb_report.raw" ] + if [ -s "${adb_reportdir}/adb_report.raw" ] then - awk '{printf("%s\t%s\t%s\t%s\t%s\t%s\n", $4,$5,$1,$2,$3,$4)}' "${adb_repdir}/adb_report.raw" | \ - sort -T "${adb_sorttmpdir}" -ur | uniq -uf2 | awk '{currA=($6+0);currB=$6;currC=substr($6,length($6),1); - if(reqA==currB){reqA=0;printf("%s\t%s\n",d,$2)}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' | sort -T "${adb_sorttmpdir}" -ur > "${adb_repdir}/adb_report" + sort ${adb_srtopts} -k 3 -k 4 -k 5 -k 1 -ur "${adb_reportdir}/adb_report.raw" | \ + "${adb_awk}" '{currA=($1+0);currB=$1;currC=substr($1,length($1),1);if(reqA==currB){reqA=0;printf "%s\t%s\n",d,$2}else if(currC=="+"){reqA=currA;d=$3"\t"$4"\t"$5"\t"$2}}' > "${adb_reportdir}/adb_report.srt" fi - if [ -s "${adb_repdir}/adb_report" ] + if [ -s "${adb_reportdir}/adb_report.srt" ] then - total="$(wc -l < "${adb_repdir}/adb_report")" - blocked="$(awk '{if($5=="NX")print $4}' "${adb_repdir}/adb_report" | wc -l)" - percent="$(awk -v t="${total}" -v b="${blocked}" 'BEGIN{printf("%.2f %s\n",b/t*100, "%")}')" - rep_clients="$(awk '{print $3}' "${adb_repdir}/adb_report" | sort -T "${adb_sorttmpdir}" | uniq -c | sort -T "${adb_sorttmpdir}" -r | awk '{ORS=" ";if(NR<=10) printf("%s_%s ",$1,$2)}')" - rep_domains="$(awk '{if($5!="NX")print $4}' "${adb_repdir}/adb_report" | sort -T "${adb_sorttmpdir}" | uniq -c | sort -T "${adb_sorttmpdir}" -r | awk '{ORS=" ";if(NR<=10)printf("%s_%s ",$1,$2)}')" - rep_blocked="$(awk '{if($5=="NX")print $4}' "${adb_repdir}/adb_report" | sort -T "${adb_sorttmpdir}" | uniq -c | sort -T "${adb_sorttmpdir}" -r | awk '{ORS=" ";if(NR<=10)printf("%s_%s ",$1,$2)}')" - - > "${adb_repdir}/adb_report.json" - json_load_file "${adb_repdir}/adb_report.json" >/dev/null 2>&1 - json_init - json_add_object "data" - json_add_string "start_date" "$(awk 'END{printf("%s",$1)}' "${adb_repdir}/adb_report")" - json_add_string "start_time" "$(awk 'END{printf("%s",$2)}' "${adb_repdir}/adb_report")" - json_add_string "end_date" "$(awk 'NR==1{printf("%s",$1)}' "${adb_repdir}/adb_report")" - json_add_string "end_time" "$(awk 'NR==1{printf("%s",$2)}' "${adb_repdir}/adb_report")" - json_add_string "total" "${total}" - json_add_string "blocked" "${blocked}" - json_add_string "percent" "${percent}" - json_close_array - json_add_array "top_clients" - for client in ${rep_clients} - do - json_add_object - json_add_string "count" "${client%%_*}" - json_add_string "address" "${client#*_}" - json_close_object - done - json_close_array - json_add_array "top_domains" - for domain in ${rep_domains} + start="$("${adb_awk}" 'END{printf "%s_%s",$1,$2}' "${adb_reportdir}/adb_report.srt")" + end="$("${adb_awk}" 'NR==1{printf "%s_%s",$1,$2}' "${adb_reportdir}/adb_report.srt")" + total="$(wc -l < "${adb_reportdir}/adb_report.srt")" + blocked="$("${adb_awk}" '{if($5=="NX")cnt++}END{printf "%s",cnt}' "${adb_reportdir}/adb_report.srt")" + percent="$("${adb_awk}" -v t="${total}" -v b="${blocked}" 'BEGIN{printf "%.2f%s",b/t*100,"%"}')" + > "${adb_reportdir}/adb_report.json" + printf "%s" "{ \"data\": { " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"start_date\": \"${start%_*}\", " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"start_time\": \"${start#*_}\", " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"end_date\": \"${end%_*}\", " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"end_time\": \"${end#*_}\", " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"total\": \"${total}\", " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"blocked\": \"${blocked}\", " >> "${adb_reportdir}/adb_report.json" + printf "%s" "\"percent\": \"${percent}\", " >> "${adb_reportdir}/adb_report.json" + + top_list="top_clients top_domains top_blocked" + for top in ${top_list} do - json_add_object - json_add_string "count" "${domain%%_*}" - json_add_string "address" "${domain#*_}" - json_close_object + printf "%s" " \"${top}\": [ " >> "${adb_reportdir}/adb_report.json" + case "${top}" in + "top_clients") + "${adb_awk}" '{print $3}' "${adb_reportdir}/adb_report.srt" | sort ${adb_srtopts} | uniq -c | \ + sort ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "\{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", \{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json" + ;; + "top_domains") + "${adb_awk}" '{if($5!="NX")print $4}' "${adb_reportdir}/adb_report.srt" | sort ${adb_srtopts} | uniq -c | \ + sort ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "\{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", \{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json" + ;; + "top_blocked") + "${adb_awk}" '{if($5=="NX")print $4}' "${adb_reportdir}/adb_report.srt" | sort ${adb_srtopts} | uniq -c | \ + sort ${adb_srtopts} -nr | "${adb_awk}" '{ORS=" ";if(NR==1)printf "\{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2; else if(NR<10)printf ", \{ \"count\": \"%s\", \"address\": \"%s\" }",$1,$2}' >> "${adb_reportdir}/adb_report.json" + ;; + esac + printf "%s" " ], " >> "${adb_reportdir}/adb_report.json" done - json_close_array - json_add_array "top_blocked" - for block in ${rep_blocked} - do - json_add_object - json_add_string "count" "${block%%_*}" - json_add_string "address" "${block#*_}" - json_close_object - done - json_close_object - json_dump > "${adb_repdir}/adb_report.json" - fi - rm -f "${adb_repdir}/adb_report.raw" - fi - - if [ -s "${adb_repdir}/adb_report" ] - then - search="${search//./\\.}" - search="${search//[+*~%\$&\"\' ]/}" - > "${adb_repdir}/adb_report.final" - awk "BEGIN{i=0}/(${search})/{i++;if(i<=${count}){printf \"%s\\t%s\\t%s\\t%s\\t%s\\n\",\$1,\$2,\$3,\$4,\$5}}" "${adb_repdir}/adb_report" > "${adb_repdir}/adb_report.final" - if [ ! -s "${adb_repdir}/adb_report.final" ] - then - printf "%s\\t%s\\t%s\\t%s\\t%s\\n" "-" "-" "-" "-" "-" > "${adb_repdir}/adb_report.final" + search="${search//./\\.}" + search="${search//[+*~%\$&\"\' ]/}" + "${adb_awk}" "BEGIN{i=0;printf \"%s\",\"\\\"requests\\\": [ \" }/(${search})/{i++;if(i==1)printf \"\{ \\\"date\\\": \\\"%s\\\", \\\"time\\\": \\\"%s\\\", \\\"client\\\": \\\"%s\\\", \\\"domain\\\": \\\"%s\\\", \\\"rc\\\": \\\"%s\\\" }\",\$1,\$2,\$3,\$4,\$5;else if(i<=${count})printf \", { \\\"date\\\": \\\"%s\\\", \\\"time\\\": \\\"%s\\\", \\\"client\\\": \\\"%s\\\", \\\"domain\\\": \\\"%s\\\", \\\"rc\\\": \\\"%s\\\" }\",\$1,\$2,\$3,\$4,\$5}END{printf \"%s\" \" \] } }\n\"}" "${adb_reportdir}/adb_report.srt" >> "${adb_reportdir}/adb_report.json" fi + rm -f "${adb_reportdir}/adb_report.raw" "${adb_reportdir}/adb_report.srt" fi - if [ "${print}" = "true" ] + if [ -s "${adb_reportdir}/adb_report.json" ] then - if [ -s "${adb_repdir}/adb_report.json" ] + if [ "${print}" = "cli" ] then printf "%s\\n%s\\n%s\\n" ":::" "::: Adblock DNS-Query Report" ":::" - json_load_file "${adb_repdir}/adb_report.json" + json_load_file "${adb_reportdir}/adb_report.json" json_select "data" json_get_keys keylist for key in ${keylist} @@ -1272,64 +1529,70 @@ f_report() done printf " + %s\\n + %s\\n" "Start ::: ${start_date}, ${start_time}" "End ::: ${end_date}, ${end_time}" printf " + %s\\n + %s %s\\n" "Total ::: ${total}" "Blocked ::: ${blocked}" "(${percent})" - json_select ".." - if json_get_type status "top_clients" && [ "${status}" = "array" ] - then - printf "%s\\n%s\\n%s\\n" ":::" "::: Top 10 Clients" ":::" - json_select "top_clients" - index=1 - while json_get_type status "${index}" && [ "${status}" = "object" ] - do - json_get_values client "${index}" - printf " + %-9s::: %s\\n" ${client} - index=$((index+1)) - done - fi - json_select ".." - if json_get_type status "top_domains" && [ "${status}" = "array" ] - then - printf "%s\\n%s\\n%s\\n" ":::" "::: Top 10 Domains" ":::" - json_select "top_domains" - index=1 - while json_get_type status "${index}" && [ "${status}" = "object" ] - do - json_get_values domain "${index}" - printf " + %-9s::: %s\\n" ${domain} - index=$((index+1)) - done - fi - json_select ".." - if json_get_type status "top_blocked" && [ "${status}" = "array" ] - then - printf "%s\\n%s\\n%s\\n" ":::" "::: Top 10 Blocked Domains" ":::" - json_select "top_blocked" - index=1 - while json_get_type status "${index}" && [ "${status}" = "object" ] - do - json_get_values blocked "${index}" - printf " + %-9s::: %s\\n" ${blocked} - index=$((index+1)) - done - fi - if [ -s "${adb_repdir}/adb_report.final" ] - then - printf "%s\\n%s\\n%s\\n" ":::" "::: Latest DNS Queries" ":::" - printf "%-15s%-15s%-45s%-50s%s\\n" "Date" "Time" "Client" "Domain" "Answer" - awk '{printf "%-15s%-15s%-45s%-50s%s\n",$1,$2,$3,$4,$5}' "${adb_repdir}/adb_report.final" - fi - else - printf "%s\\n%s\\n%s\\n" ":::" "::: no reporting data available yet" ":::" + + top_list="top_clients top_domains top_blocked requests" + for top in ${top_list} + do + case "${top}" in + "top_clients") + item="::: Top 10 Clients" + ;; + "top_domains") + item="::: Top 10 Domains" + ;; + "top_blocked") + item="::: Top 10 Blocked Domains" + ;; + esac + if json_get_type status "${top}" && [ "${top}" != "requests" ] && [ "${status}" = "array" ] + then + printf "%s\\n%s\\n%s\\n" ":::" "${item}" ":::" + json_select "${top}" + index=1 + while json_get_type status "${index}" && [ "${status}" = "object" ] + do + json_get_values item "${index}" + printf " + %-9s::: %s\\n" ${item} + index=$((index+1)) + done + elif json_get_type status "${top}" && [ "${top}" = "requests" ] && [ "${status}" = "array" ] + then + printf "%s\\n%s\\n%s\\n" ":::" "::: Latest DNS Queries" ":::" + printf "%-15s%-15s%-45s%-50s%s\\n" "Date" "Time" "Client" "Domain" "Answer" + json_select "${top}" + index=1 + while json_get_type status "${index}" && [ "${status}" = "object" ] + do + json_get_values item "${index}" + printf "%-15s%-15s%-45s%-50s%s\\n" ${item} + index=$((index+1)) + done + fi + json_select ".." + done + elif [ "${print}" = "json" ] + then + cat "${adb_reportdir}/adb_report.json" fi fi fi - f_log "debug" "f_report ::: action: ${adb_action}, report: ${adb_report}, search: ${1}, count: ${2}, filter: ${3}, print: ${4}, reputil: ${adb_reputil}, repdir: ${adb_repdir}, repiface: ${adb_repiface}, replisten: ${adb_replisten}, repchunksize: ${adb_repchunksize}, repchunkcnt: ${adb_repchunkcnt}, bg_pid: ${bg_pid}" + f_log "debug" "f_report ::: action: ${adb_action}, report: ${adb_report}, search: ${1}, count: ${2}, process: ${3}, print: ${4}, dump_util: ${adb_dumpcmd}, repdir: ${adb_reportdir}, repiface: ${adb_repiface:-"-"}, replisten: ${adb_replisten}, repchunksize: ${adb_repchunksize}, repchunkcnt: ${adb_repchunkcnt}, bg_pid: ${bg_pid}" } +# awk selection +# +adb_awk="$(command -v gawk)" +if [ -z "${adb_awk}" ] +then + adb_awk="$(command -v awk)" +fi + # source required system libraries # -if [ -r "/lib/functions.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ] +if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ] then . "/lib/functions.sh" + . "/lib/functions/network.sh" . "/usr/share/libubox/jshn.sh" else f_log "err" "system libraries not found" @@ -1352,10 +1615,16 @@ case "${adb_action}" in f_main ;; "suspend") - f_switch suspend + if [ "${adb_dns}" != "raw" ] + then + f_switch suspend + fi ;; "resume") - f_switch resume + if [ "${adb_dns}" != "raw" ] + then + f_switch resume + fi ;; "report") f_report "${2}" "${3}" "${4}" "${5}" diff --git a/net/adblock/files/adblock.sources b/net/adblock/files/adblock.sources new file mode 100644 index 000000000..806fab094 --- /dev/null +++ b/net/adblock/files/adblock.sources @@ -0,0 +1,280 @@ +{ + "adaway": { + "url": "https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt", + "rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "S", + "focus": "mobile", + "descurl": "https://github.com/AdAway/adaway.github.io" + }, + "adguard": { + "url": "https://filters.adtidy.org/windows/filters/15.txt", + "rule": "BEGIN{FS=\"[\/|^|\\r]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+[\\/\\^\\r]+$/{print tolower($3)}", + "size": "L", + "focus": "general", + "descurl": "https://adguard.com" + }, + "andryou": { + "url": "https://gitlab.com/andryou/block/raw/master/kouhai-compressed-domains", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "L", + "focus": "compilation", + "descurl": "https://gitlab.com/andryou/block/-/blob/master/readme.md" + }, + "bitcoin": { + "url": "https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt", + "rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "S", + "focus": "mining", + "descurl": "https://github.com/hoshsadiq/adblock-nocoin-list" + }, + "disconnect": { + "url": "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "S", + "focus": "general", + "descurl": "https://disconnect.me" + }, + "dshield": { + "url": "https://www.dshield.org/feeds/suspiciousdomains_Low.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XL", + "focus": "general", + "descurl": "https://www.dshield.org" + }, + "energized_blugo": { + "url": "https://raw.githubusercontent.com/EnergizedProtection/block/master/bluGo/formats/domains.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XL", + "focus": "compilation", + "descurl": "https://github.com/EnergizedProtection/block" + }, + "energized_blu": { + "url": "https://raw.githubusercontent.com/EnergizedProtection/block/master/blu/formats/domains.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XL", + "focus": "compilation", + "descurl": "https://github.com/EnergizedProtection/block" + }, + "energized_porn": { + "url": "https://raw.githubusercontent.com/EnergizedProtection/block/master/porn/formats/domains.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XXL", + "focus": "compilation+porn", + "descurl": "https://github.com/EnergizedProtection/block" + }, + "energized_unified": { + "url": "https://raw.githubusercontent.com/EnergizedProtection/block/master/unified/formats/domains.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XXL", + "focus": "compilation", + "descurl": "https://github.com/EnergizedProtection/block" + }, + "hphosts": { + "url": "https://hosts-file.net/ad_servers.txt", + "rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "M", + "focus": "general", + "descurl": "https://hosts-file.net" + }, + "malwaredomains": { + "url": "http://mirror.espoch.edu.ec/malwaredomains/justdomains", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "M", + "focus": "malware", + "descurl": "https://www.malwaredomains.com" + }, + "malwarelist": { + "url": "https://www.malwaredomainlist.com/hostslist/hosts.txt", + "rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "S", + "focus": "malware", + "descurl": "https://www.malwaredomainlist.com" + }, + "notracking": { + "url": "https://raw.githubusercontent.com/notracking/hosts-blocklists/master/dnscrypt-proxy/dnscrypt-proxy.blacklist.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XL", + "focus": "tracking", + "descurl": "https://github.com/notracking/hosts-blocklists" + }, + "oisd_nl": { + "url": "https://dbl.oisd.nl", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "XXL", + "focus": "general", + "descurl": "https://oisd.nl" + }, + "openphish": { + "url": "https://openphish.com/feed.txt", + "rule": "BEGIN{FS=\"\/\"}/^http[s]?:\\/\\/([[:alnum:]_-]+\\.)+[[:alpha:]]+(\\/|$)/{print tolower($3)}", + "size": "S", + "focus": "phishing", + "descurl": "https://openphish.com" + }, + "phishing_army": { + "url": "https://phishing.army/download/phishing_army_blocklist_extended.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "S", + "focus": "phishing", + "descurl": "https://phishing.army" + }, + "reg_cn": { + "url": "https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_china", + "descurl": "https://easylist.to" + }, + "reg_de": { + "url": "https://easylist-downloads.adblockplus.org/easylistgermany+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_germany", + "descurl": "https://easylist.to" + }, + "reg_es": { + "url": "https://easylist-downloads.adblockplus.org/easylistspanish+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_spain", + "descurl": "https://easylist.to" + }, + "reg_fi": { + "url": "https://raw.githubusercontent.com/finnish-easylist-addition/finnish-easylist-addition/master/Finland_adb.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "S", + "focus": "reg_finland", + "descurl": "https://github.com/finnish-easylist-addition" + }, + "reg_id": { + "url": "https://easylist-downloads.adblockplus.org/abpindo+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_indonesia", + "descurl": "https://easylist.to" + }, + "reg_nl": { + "url": "https://easylist-downloads.adblockplus.org/easylistdutch+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_netherlands", + "descurl": "https://easylist.to" + }, + "reg_pl": { + "url": "http://adblocklist.org/adblock-pxf-polish.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "S", + "focus": "reg_poland", + "descurl": "http://adblocklist.org" + }, + "reg_ro": { + "url": "https://easylist-downloads.adblockplus.org/rolist+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_romania", + "descurl": "https://easylist.to" + }, + "reg_ru": { + "url": "https://easylist-downloads.adblockplus.org/ruadlist+easylist.txt", + "rule": "BEGIN{FS=\"[|^]\"}/^\\|\\|([[:alnum:]_-]+\\.)+[[:alpha:]]+\\^(\\$third-party)?$/{print tolower($3)}", + "size": "M", + "focus": "reg_russia", + "descurl": "https://easylist.to" + }, + "shallalist": { + "url": "https://www.shallalist.de/Downloads/shallalist.tar.gz", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "categories": [ + "adv", "costtraps", "spyware", "tracker", "warez" + ], + "size": "L", + "focus": "general", + "descurl": "https://www.shallalist.de" + }, + "shallalist_porn": { + "url": "https://www.shallalist.de/Downloads/shallalist.tar.gz", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "categories": [ + "adv", "costtraps", "porn", "spyware", "tracker", "warez" + ], + "size": "XXL", + "focus": "general+porn", + "descurl": "https://www.shallalist.de" + }, + "smarttv": { + "url": "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "S", + "focus": "smarttv", + "descurl": "https://github.com/Perflyst/PiHoleBlocklist" + }, + "spam404": { + "url": "https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "S", + "focus": "general", + "descurl": "https://github.com/Dawsey21" + }, + "stevenblack": { + "url": "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts", + "rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "L", + "focus": "compilation", + "descurl": "https://github.com/StevenBlack/hosts" + }, + "sysctl": { + "url": "http://sysctl.org/cameleon/hosts", + "rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "M", + "focus": "general", + "descurl": "http://sysctl.org/cameleon" + }, + "utcapitole": { + "url": "https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "categories": [ + "publicite", "bitcoin", "cryptojacking", "ddos", "malware", "phishing", "warez" + ], + "size": "L", + "focus": "general", + "descurl": "https://dsi.ut-capitole.fr/blacklists/index_en.php" + }, + "utcapitole_porn": { + "url": "https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "categories": [ + "adult", "publicite", "bitcoin", "cryptojacking", "ddos", "malware", "phishing", "warez" + ], + "size": "XXL", + "focus": "general+porn", + "descurl": "https://dsi.ut-capitole.fr/blacklists/index_en.php" + }, + "whocares": { + "url": "https://someonewhocares.org/hosts/hosts", + "rule": "/^127\\.0\\.0\\.1[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "M", + "focus": "general", + "descurl": "https://someonewhocares.org" + }, + "winhelp": { + "url": "http://winhelp2002.mvps.org/hosts.txt", + "rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "S", + "focus": "general", + "descurl": "http://winhelp2002.mvps.org" + }, + "winspy": { + "url": "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt", + "rule": "/^0\\.0\\.0\\.0[[:space:]]+([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($2)}", + "size": "S", + "focus": "win_telemetry", + "descurl": "https://github.com/crazy-max/WindowsSpyBlocker" + }, + "yoyo": { + "url": "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext", + "rule": "/^([[:alnum:]_-]+\\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}", + "size": "S", + "focus": "general", + "descurl": "https://pgl.yoyo.org" + } +}