Update On Tue Jul 15 20:41:00 CEST 2025

openwrt-passwall2/luci-app-passwall2/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=25.7.11
+PKG_VERSION:=25.7.15
 PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \

openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua

@@ -303,7 +303,7 @@ o:depends("remote_dns_protocol", "tcp")
 o:depends("remote_dns_protocol", "doh")
 o:depends("remote_dns_protocol", "udp")
 
-o = s:option(Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy."))
+o = s:option(Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the domain that proxy."))
 o.default = "0"
 o.rmempty = false
 o:depends("remote_dns_protocol", "tcp")

openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua

@@ -322,7 +322,7 @@ o.default = "remote"
 o:value("remote", translate("Remote"))
 o:value("direct", translate("Direct"))
 
-o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the shunt domain that proxy."))
+o = s:taboption("DNS", Flag, "remote_fakedns", "FakeDNS", translate("Use FakeDNS work in the domain that proxy."))
 o.default = "0"
 o.rmempty = false
 

openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua

@@ -24,7 +24,7 @@ local ss_method_list = {
 local security_list = { "none", "auto", "aes-128-gcm", "chacha20-poly1305", "zero" }
 
 local header_type_list = {
-	"none", "srtp", "utp", "wechat-video", "dtls", "wireguard"
+	"none", "srtp", "utp", "wechat-video", "dtls", "wireguard", "dns"
 }
 
 local xray_version = api.get_app_version("xray")
@@ -468,10 +468,13 @@ o:depends({ [_n("tcp_guise")] = "http" })
 
 -- [[ mKCP部分 ]]--
 
-o = s:option(ListValue, _n("mkcp_guise"), translate("Camouflage Type"), translate('<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
+o = s:option(ListValue, _n("mkcp_guise"), translate("Camouflage Type"), translate('<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)<br />dns: Disguising traffic as DNS requests.'))
 for a, t in ipairs(header_type_list) do o:value(t) end
 o:depends({ [_n("transport")] = "mkcp" })
 
+o = s:option(Value, _n("mkcp_domain"), translate("Camouflage Domain"), translate("Use it together with the DNS disguised type. You can fill in any domain."))
+o:depends({ [_n("mkcp_guise")] = "dns" })
+
 o = s:option(Value, _n("mkcp_mtu"), translate("KCP MTU"))
 o.default = "1350"
 o:depends({ [_n("transport")] = "mkcp" })

openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/ray.lua

@@ -19,7 +19,7 @@ local x_ss_method_list = {
 }
 
 local header_type_list = {
-	"none", "srtp", "utp", "wechat-video", "dtls", "wireguard"
+	"none", "srtp", "utp", "wechat-video", "dtls", "wireguard", "dns"
 }
 
 -- [[ Xray ]]
@@ -294,10 +294,14 @@ o = s:option(DynamicList, _n("tcp_guise_http_path"), translate("HTTP Path"))
 o:depends({ [_n("tcp_guise")] = "http" })
 
 -- [[ mKCP部分 ]]--
-o = s:option(ListValue, _n("mkcp_guise"), translate("Camouflage Type"), translate('<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
+
+o = s:option(ListValue, _n("mkcp_guise"), translate("Camouflage Type"), translate('<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)<br />dns: Disguising traffic as DNS requests.'))
 for a, t in ipairs(header_type_list) do o:value(t) end
 o:depends({ [_n("transport")] = "mkcp" })
 
+o = s:option(Value, _n("mkcp_domain"), translate("Camouflage Domain"), translate("Use it together with the DNS disguised type. You can fill in any domain."))
+o:depends({ [_n("mkcp_guise")] = "dns" })
+
 o = s:option(Value, _n("mkcp_mtu"), translate("KCP MTU"))
 o.default = "1350"
 o:depends({ [_n("transport")] = "mkcp" })

openwrt-passwall2/luci-app-passwall2/luasrc/passwall2/api.lua

@@ -194,11 +194,16 @@ function curl_direct(url, file, args)
 end
 
 function curl_auto(url, file, args)
-	local return_code, result = curl_proxy(url, file, args)
-	if not return_code or return_code ~= 0 then
-		return_code, result = curl_direct(url, file, args)
+	local localhost_proxy = uci:get(appname, "@global[0]", "localhost_proxy") or "1"
+	if localhost_proxy == "1" then
+		return curl_base(url, file, args)
+	else
+		local return_code, result = curl_proxy(url, file, args)
+		if not return_code or return_code ~= 0 then
+			return_code, result = curl_direct(url, file, args)
+		end
+		return return_code, result
 	end
-	return return_code, result
 end
 
 function url(...)
@@ -212,8 +217,9 @@ function url(...)
 	return require "luci.dispatcher".build_url(url)
 end
 
-function trim(s)
-	return (s:gsub("^%s*(.-)%s*$", "%1"))
+function trim(text)
+	if not text or text == "" then return "" end
+	return text:match("^%s*(.-)%s*$")
 end
 
 -- 分割字符串
@@ -854,7 +860,7 @@ local function auto_get_arch()
 		end
 	end
 
-	return util.trim(arch)
+	return trim(arch)
 end
 
 local default_file_tree = {
@@ -980,7 +986,7 @@ function to_download(app_name, url, size)
 
 	sys.call("/bin/rm -f /tmp/".. app_name .."_download.*")
 
-	local tmp_file = util.trim(util.exec("mktemp -u -t ".. app_name .."_download.XXXXXX"))
+	local tmp_file = trim(util.exec("mktemp -u -t ".. app_name .."_download.XXXXXX"))
 
 	if size then
 		local kb1 = get_free_space("/tmp")
@@ -1043,7 +1049,7 @@ function to_extract(app_name, file, subfix)
 		return {code = 1, error = i18n.translatef("%s not enough space.", "/tmp")}
 	end
 
-	local tmp_dir = util.trim(util.exec("mktemp -d -t ".. app_name .."_extract.XXXXXX"))
+	local tmp_dir = trim(util.exec("mktemp -d -t ".. app_name .."_extract.XXXXXX"))
 
 	local output = {}
 

openwrt-passwall2/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua

@@ -1523,6 +1523,18 @@ function gen_config(var)
 				end
 			end
 		end
+
+		if remote_dns_fake and default_dns_flag == "remote" then
+			-- When default is not direct and enable fakedns, default DNS use FakeDNS.
+			local fakedns_dns_rule = {
+				query_type = {
+					"A", "AAAA"
+				},
+				server = fakedns_tag,
+				disable_cache = true
+			}
+			table.insert(dns.rules, fakedns_dns_rule)
+		end
 	
 		table.insert(inbounds, {
 			type = "direct",

openwrt-passwall2/luci-app-passwall2/luasrc/passwall2/util_xray.lua

@@ -38,7 +38,7 @@ local function get_domain_excluded()
 	if not content then return nil end
 	local hosts = {}
 	string.gsub(content, '[^' .. "\n" .. ']+', function(w)
-		local s = w:gsub("^%s*(.-)%s*$", "%1") -- Trim
+		local s = api.trim(w)
 		if s == "" then return end
 		if s:find("#") and s:find("#") == 1 then return end
 		if not s:find("#") or s:find("#") ~= 1 then table.insert(hosts, s) end
@@ -183,7 +183,10 @@ function gen_outbound(flag, node, tag, proxy_table)
 					readBufferSize = tonumber(node.mkcp_readBufferSize),
 					writeBufferSize = tonumber(node.mkcp_writeBufferSize),
 					seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil,
-					header = {type = node.mkcp_guise}
+					header = {
+						type = node.mkcp_guise,
+						domain = node.mkcp_domain
+					}
 				} or nil,
 				wsSettings = (node.transport == "ws") and {
 					path = node.ws_path or "/",
@@ -479,7 +482,10 @@ function gen_config_server(node)
 						readBufferSize = tonumber(node.mkcp_readBufferSize),
 						writeBufferSize = tonumber(node.mkcp_writeBufferSize),
 						seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil,
-						header = {type = node.mkcp_guise}
+						header = {
+							type = node.mkcp_guise,
+							domain = node.mkcp_domain
+						}
 					} or nil,
 					wsSettings = (node.transport == "ws") and {
 						host = node.ws_host or nil,
@@ -1374,8 +1380,13 @@ function gen_config(var)
 					default_dns_server = api.clone(value)
 					default_dns_server.server.tag = default_dns_tag
 					if value.server.tag == remote_dns_tag then
-						default_dns_server.outboundTag = value.outboundTag or COMMON.default_outbound_tag
-						default_dns_server.balancerTag = COMMON.default_balancer_tag
+						if remote_dns_fake then
+							default_dns_server.server = api.clone(_remote_fakedns)
+							default_dns_server.server.tag = default_dns_tag
+						else
+							default_dns_server.outboundTag = value.outboundTag or COMMON.default_outbound_tag
+							default_dns_server.balancerTag = COMMON.default_balancer_tag
+						end
 					end
 					table.insert(dns_servers, 1, default_dns_server)
 					break

openwrt-passwall2/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm

@@ -257,6 +257,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				} else if (v_transport === "mkcp") {
 					v_transport = "kcp";
 					params += opt.query("headerType", dom_prefix + "mkcp_guise");
+					params += opt.query("seed", dom_prefix + "mkcp_seed");
 				} else if (v_transport === "quic") {
 					params += opt.query("headerType", dom_prefix + "quic_guise");
 					params += opt.query("key", dom_prefix + "quic_key");
@@ -368,6 +369,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			} else if (v_transport === "mkcp") {
 				v_transport = "kcp";
 				info.type = opt.get(dom_prefix + "mkcp_guise").value;
+				info.seed = opt.get(dom_prefix + "mkcp_seed").value;
 			} else if (v_transport === "quic") {
 				info.type = opt.get(dom_prefix + "quic_guise")?.value;
 				info.key = opt.get(dom_prefix + "quic_key")?.value;
@@ -415,6 +417,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			} else if (v_transport === "mkcp") {
 				v_transport = "kcp";
 				params += opt.query("headerType", dom_prefix + "mkcp_guise");
+				params += opt.query("seed", dom_prefix + "mkcp_seed");
 			} else if (v_transport === "quic") {
 				params += opt.query("headerType", dom_prefix + "quic_guise");
 				params += opt.query("key", dom_prefix + "quic_key");
@@ -492,6 +495,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			} else if (v_transport === "mkcp") {
 				v_transport = "kcp";
 				params += opt.query("headerType", dom_prefix + "mkcp_guise");
+				params += opt.query("seed", dom_prefix + "mkcp_seed");
 			} else if (v_transport === "quic") {
 				params += opt.query("headerType", dom_prefix + "quic_guise");
 				params += opt.query("key", dom_prefix + "quic_key");
@@ -1031,6 +1035,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 					opt.set(dom_prefix + 'quic_key', queryParam.key);
 				} else if (queryParam.type === "mkcp") {
 					opt.set(dom_prefix + 'mkcp_guise', queryParam.headerType || "none");
+					opt.set(dom_prefix + 'mkcp_seed', queryParam.seed || "");
 				} else if (queryParam.type === "grpc") {
 					opt.set(dom_prefix + 'grpc_serviceName', (queryParam.serviceName || queryParam.path) || "");
 					opt.set(dom_prefix + 'grpc_mode', queryParam.mode || "gun");
@@ -1167,6 +1172,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				opt.set(dom_prefix + 'quic_key', queryParam.key);
 			} else if (queryParam.type === "kcp" || queryParam.type === "mkcp") {
 				opt.set(dom_prefix + 'mkcp_guise', queryParam.headerType || "none");
+				opt.set(dom_prefix + 'mkcp_seed', queryParam.seed || "");
 			} else if (queryParam.type === "grpc") {
 				opt.set(dom_prefix + 'grpc_serviceName', (queryParam.serviceName || queryParam.path) || "");
 				opt.set(dom_prefix + 'grpc_mode', queryParam.mode || "gun");
@@ -1277,7 +1283,8 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				opt.set(dom_prefix + 'quic_security', ssm.securty);
 				opt.set(dom_prefix + 'quic_key', ssm.key);
 			} else if (ssm.net === "kcp" || ssm.net === "mkcp") {
-				opt.set(dom_prefix + 'mkcp_guise', ssm.type);
+				opt.set(dom_prefix + 'mkcp_guise', ssm.type || "none");
+				opt.set(dom_prefix + 'mkcp_seed', ssm.seed || "");
 			} else if (ssm.net === "grpc") {
 				opt.set(dom_prefix + 'grpc_serviceName', ssm.path);
 			}
@@ -1406,6 +1413,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				opt.set(dom_prefix + 'quic_key', queryParam.key);
 			} else if (queryParam.type === "kcp" || queryParam.type === "mkcp") {
 				opt.set(dom_prefix + 'mkcp_guise', queryParam.headerType || "none");
+				opt.set(dom_prefix + 'mkcp_seed', queryParam.seed || "");
 			} else if (queryParam.type === "grpc") {
 				opt.set(dom_prefix + 'grpc_serviceName', (queryParam.serviceName || queryParam.path) || "");
 				opt.set(dom_prefix + 'grpc_mode', queryParam.mode || "gun");

openwrt-passwall2/luci-app-passwall2/po/zh-cn/passwall2.po

@@ -160,8 +160,8 @@ msgstr "直连查询策略"
 msgid "Remote Query Strategy"
 msgstr "远程查询策略"
 
-msgid "Use FakeDNS work in the shunt domain that proxy."
-msgstr "需要代理的分流规则域名使用 FakeDNS。"
+msgid "Use FakeDNS work in the domain that proxy."
+msgstr "需要代理的域名使用 FakeDNS。"
 
 msgid "Domain Override"
 msgstr "域名重写"
@@ -1177,6 +1177,9 @@ msgstr "系统接口名称"
 msgid "Decimal numbers separated by \",\" or Base64-encoded strings."
 msgstr "用“,”隔开的十进制数字或 Base64 编码字符串。"
 
+msgid "Camouflage Domain"
+msgstr "伪装域名"
+
 msgid "Camouflage Type"
 msgstr "伪装类型"
 
@@ -1255,8 +1258,11 @@ msgstr "TUIC socks5 服务器可以从外部接收的最大数据包大小（以
 msgid "Set if the listening socket should be dual-stack"
 msgstr "设置监听套接字为双栈"
 
-msgid "<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)"
-msgstr "<br />none：默认值，不进行伪装，发送的数据是没有特征的数据包。<br />srtp：伪装成 SRTP 数据包，会被识别为视频通话数据（如 FaceTime）。<br />utp：伪装成 uTP 数据包，会被识别为 BT 下载数据。<br />wechat-video：伪装成微信视频通话的数据包。<br />dtls：伪装成 DTLS 1.2 数据包。<br />wireguard：伪装成 WireGuard 数据包。(并不是真正的 WireGuard 协议)"
+msgid "<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)<br />dns: Disguising traffic as DNS requests."
+msgstr "<br />none：默认值，不进行伪装，发送的数据是没有特征的数据包。<br />srtp：伪装成 SRTP 数据包，会被识别为视频通话数据（如 FaceTime）。<br />utp：伪装成 uTP 数据包，会被识别为 BT 下载数据。<br />wechat-video：伪装成微信视频通话的数据包。<br />dtls：伪装成 DTLS 1.2 数据包。<br />wireguard：伪装成 WireGuard 数据包。(并不是真正的 WireGuard 协议)<br />dns：把流量伪装成 DNS 请求。"
+
+msgid "Use it together with the DNS disguised type. You can fill in any domain."
+msgstr "配合伪装类型 DNS 使用，可随便填一个域名。"
 
 msgid "A legal file path. This file must not exist before running."
 msgstr "一个合法的文件路径。在运行之前，这个文件必须不存在。"

openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua

@@ -412,12 +412,6 @@ local function UrlDecode(szText)
 	end) or nil
 end
 
--- trim
-local function trim(text)
-	if not text or text == "" then return "" end
-	return (sgsub(text, "^%s*(.-)%s*$", "%1"))
-end
-
 -- 取机场信息（剩余流量、到期时间）
 local subscribe_info = {}
 local function get_subscribe_info(cfgid, value)
@@ -1769,7 +1763,7 @@ local function parse_link(raw, add_mode, add_from, cfgid)
 					if szType == 'ssd' then
 						result = processData(szType, v, add_mode, add_from)
 					elseif not szType then
-						local node = trim(v)
+						local node = api.trim(v)
 						local dat = split(node, "://")
 						if dat and dat[1] and dat[2] then
 							if dat[1] == 'ss' or dat[1] == 'trojan' then
@@ -1896,7 +1890,7 @@ local execute = function()
 					local f = io.open(tmp_file, "r")
 					local stdout = f:read("*all")
 					f:close()
-					local raw_data = trim(stdout)
+					local raw_data = api.trim(stdout)
 					local old_md5 = value.md5 or ""
 					local new_md5 = luci.sys.exec("md5sum " .. tmp_file .. " 2>/dev/null | awk '{print $1}'"):gsub("\n", "")
 					os.remove(tmp_file)