openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-26 11:16:31 +04:00
Code Issues Packages Projects Releases Wiki Activity

adblock: update to 0.70.0

Browse Source 
* openwrt init system support, see /etc/init.d/adblock
* support for two new adblock sources: openphish and ruadlist/easylist
* partial block list restore, i.e. if a single list download failed
* fix performance regression on sites with links to https ad servers
* removed no longer used samples dir
* updated documentation

Signed-off-by: Dirk Brenken <openwrt@brenken.org>
This commit is contained in:
Dirk Brenken
2016-02-15 12:25:21 +01:00
parent 1b8358b1ab
commit 7609da872d
11 changed files with 332 additions and 357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
net/adblock/files/adblock-helper.sh
View File

@@ -9,6 +9,31 @@
#
f_envload()
{
local cfg_version
# get version string from default adblock configuration file
#
cfg_version="$(/sbin/uci -q get adblock.global.adb_cfgver 2>/dev/null)"
cfg_enabled="$(/sbin/uci -q get adblock.global.adb_enabled 2>/dev/null)"
rc=$?
if [ $((rc)) -ne 0 ] || [ "${cfg_version}" != "${adb_scriptver%.*}" ]
then
cp -pf "/etc/adblock/adblock.conf.default" "/etc/config/adblock" >/dev/null 2>&1
rc=$?
if [ $((rc)) -eq 0 ]
then
f_log "new default adblock configuration applied, please check your settings in '/etc/config/adblock'"
else
f_log "original adblock configuration not found, please (re-)install the adblock package via 'opkg install adblock --force-maintainer'" "${rc}"
f_exit
fi
elif [ $((rc)) -eq 0 ] && [ $((cfg_enabled)) -ne 1 ]
then
rc=-1
f_log "adblock is currently disabled, please run 'uci set adblock.global.adb_enabled=1' and 'uci commit adblock' to enable this service"
f_exit
fi
# source in openwrt function library
#
if [ -r "/lib/functions.sh" ]
@@ -31,8 +56,14 @@ f_envload()
f_exit
fi
# get list with all installed openwrt packages
# check opkg availability and get list with all installed openwrt packages
#
if [ -r "/var/lock/opkg.lock" ]
then
rc=-1
f_log "adblock installation finished, 'opkg' currently locked by package installer"
f_exit
fi
pkg_list="$(opkg list-installed 2>/dev/null)"
if [ -z "${pkg_list}" ]
then
@@ -146,11 +177,12 @@ f_envparse()
adb_outchain_ipv6="output_rule"
unset adb_srclist
unset adb_revsrclist
unset adb_errsrclist
# set adblock source ruleset definitions
#
rset_start="sed -r 's/[[:space:]]|[\[!#/:;_].*|[0-9\.]*localhost.*//g; s/[\^#/:;_\.\t ]*$//g'"
rset_end="sed '/^[#/:;_\s]*$/d'"
rset_end="tr -cd '[0-9a-z\.\-]\n' | sed -r 's/^[ \.\-].*$|^[a-z0-9]*[ \.\-]*$//g; /^[#/:;_\s]*$/d'"
rset_adaway="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
rset_blacklist="${rset_start} | ${rset_end}"
rset_disconnect="${rset_start} | ${rset_end}"
@@ -158,7 +190,9 @@ f_envparse()
rset_feodo="${rset_start} | ${rset_end}"
rset_malware="${rset_start} | ${rset_end}"
rset_malwarelist="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
rset_openphish="sed -e 's|^[^/]*//||' -e 's|/.*$||'"
rset_palevo="${rset_start} | ${rset_end}"
rset_ruadlist="sed -e '/^\|\|/! s/.*//; /\^$/! s/.*//; s/\^$//g; /[\.]/! s/.*//; s/^[\|]\{1,2\}//g' | ${rset_end}"
rset_shalla="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}$//g' | ${rset_end}"
rset_spam404="${rset_start} | sed 's/^\|\|//g' | ${rset_end}"
rset_whocares="${rset_start} | sed 's/\([0-9]\{1,3\}\.\)\{3\}[0-1]\{1,1\}//g' | ${rset_end}"
@@ -216,6 +250,8 @@ f_envparse()
#
f_envcheck()
{
local check
# check general package dependencies
#
f_depend "uhttpd"
@@ -247,9 +283,9 @@ f_envcheck()
check="$(printf "${pkg_list}" | grep "^ca-certificates -" 2>/dev/null)"
if [ -z "${check}" ]
then
wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
wget_parm="--no-config --no-check-certificate --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
else
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0"
wget_parm="--no-config --quiet --tries=1 --no-cache --no-cookies --max-redirect=0 --dns-timeout=5"
fi
# check adblock blacklist/whitelist configuration
@@ -302,7 +338,7 @@ f_envcheck()
f_space "${adb_backupdir}"
if [ "${space_ok}" = "false" ]
then
f_log "backup/restore will be disabled"
f_log "not enough space in '${adb_backupdir}', backup/restore will be disabled"
backup_ok="false"
else
f_log "backup/restore will be enabled"
@@ -336,22 +372,36 @@ f_envcheck()
#
if [ -n "${adb_wanif4}" ]
then
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-pre" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adblock-fwd" "-d ${adb_nullipv4} -j REJECT"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adblock-out" "-d ${adb_nullipv4} -j REJECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-prerouting" "-p tcp -d ${adb_nullipv4} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns1" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv4" "nat" "A" "${adb_prechain_ipv4}" "adb-dns2" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward1" "-p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
f_firewall "IPv4" "filter" "A" "${adb_fwdchain_ipv4}" "adb-forward2" "-d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output1" "-p tcp -d ${adb_nullipv4} -j REJECT --reject-with tcp-reset"
f_firewall "IPv4" "filter" "A" "${adb_outchain_ipv4}" "adb-output2" "-d ${adb_nullipv4} -j REJECT --reject-with icmp-port-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv4 firewall ruleset for adblock"
fw_done="false"
fi
fi
# check ipv6/ip6tables configuration
#
if [ -n "${adb_wanif6}" ]
then
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-pre" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adblock-dns" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adblock-fwd" "-d ${adb_nullipv6} -j REJECT"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adblock-out" "-d ${adb_nullipv6} -j REJECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-prerouting" "-p tcp -d ${adb_nullipv6} --dport 80 -j REDIRECT --to-ports ${adb_port}"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns1" "-p udp --dport 53 -j REDIRECT"
f_firewall "IPv6" "nat" "A" "${adb_prechain_ipv6}" "adb-dns2" "-p tcp --dport 53 -j REDIRECT"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward1" "-p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
f_firewall "IPv6" "filter" "A" "${adb_fwdchain_ipv6}" "adb-forward2" "-d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output1" "-p tcp -d ${adb_nullipv6} -j REJECT --reject-with tcp-reset"
f_firewall "IPv6" "filter" "A" "${adb_outchain_ipv6}" "adb-output2" "-d ${adb_nullipv6} -j REJECT --reject-with icmp-port-unreachable"
if [ "${fw_done}" = "true" ]
then
f_log "created volatile IPv6 firewall ruleset for adblock"
fw_done="false"
fi
fi
# check volatile adblock uhttpd instance configuration
@@ -433,7 +483,7 @@ f_envcheck()
done
done
# wait for ntp sync
# ntp time sync
#
if [ -n "${adb_ntpsrv}" ]
then
@@ -520,9 +570,9 @@ f_firewall()
rc=${?}
if [ $((rc)) -eq 0 ]
then
f_log "created volatile ${proto} firewall rule in '${chain}' chain (${notes})"
fw_done="true"
else
f_log "failed to initialize volatile ${proto} firewall rule in '${chain}' chain (${notes})" "${rc}"
f_log "failed to initialize volatile ${proto} firewall rule '${notes}'" "${rc}"
f_restore
fi
fi
@@ -533,28 +583,32 @@ f_firewall()
#
f_log()
{
local log_term
local log_msg="${1}"
local log_rc="${2}"
local class="info "
# check for terminal session
#
if [ -t 1 ]
then
log_term="-s"
fi
# log to different output devices, set log class accordingly
#
if [ -n "${log_msg}" ]
then
if [ $((log_rc)) -ne 0 ]
if [ $((log_rc)) -gt 0 ]
then
class="error"
log_rc=", rc: ${log_rc}"
log_msg="${log_msg}${log_rc}"
fi
/usr/bin/logger -t "adblock[${pid}] ${class}" "${log_msg}"
if [ -t 1 ]
then
printf "%s\n" "adblock[${pid}] ${class}: ${log_msg}"
fi
/usr/bin/logger ${log_term} -t "adblock[${adb_pid}] ${class}" "${log_msg}"
if [ "${log_ok}" = "true" ]
then
printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${pid}] ${class}: ${log_msg}" >> "${adb_logfile}"
printf "%s\n" "$(/bin/date "+%d.%m.%Y %H:%M:%S") adblock[${adb_pid}] ${class}: ${log_msg}" >> "${adb_logfile}"
fi
fi
}
@@ -570,30 +624,9 @@ f_space()
#
if [ -d "${mp}" ]
then
df "${mp}" 2>/dev/null |\
tail -n1 2>/dev/null |\
while read filesystem overall used available scrap
do
av_space="${available}"
if [ $((av_space)) -eq 0 ]
then
rc=155
f_log "no space left on device/not mounted (${mp})"
exit ${rc}
elif [ $((av_space)) -lt $((adb_minspace)) ]
then
rc=155
f_log "not enough space left on device (${mp})"
exit ${rc}
fi
done
# subshell return code handling, set space trigger accordingly
#
rc=${?}
if [ $((rc)) -ne 0 ]
av_space="$(df "${mp}" 2>/dev/null | tail -n1 2>/dev/null | awk '{print $4}')"
if [ $((av_space)) -lt $((adb_minspace)) ]
then
rc=0
space_ok="false"
fi
fi
@@ -604,49 +637,46 @@ f_space()
#
f_restore()
{
local removal_done
local rm_done
local restore_done
# remove bogus adblock lists
#
if [ -n "${adb_revsrclist}" ]
then
find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -exec rm -f "{}" \; 2>/dev/null
rm_done="$(find "${adb_dnsdir}" -maxdepth 1 -type f \( ${adb_revsrclist} \) -print -exec rm -f "{}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -ne 0 ]
if [ $((rc)) -eq 0 ] && [ -n "${rm_done}" ]
then
f_log "all bogus adblock lists removed"
elif [ $((rc)) -ne 0 ]
then
f_log "error during removal of bogus adblock lists" "${rc}"
f_exit
else
removal_done="true"
f_log "all bogus adblock lists removed"
fi
fi
# restore backups
#
if [ "${backup_ok}" = "true" ] && [ -d "${adb_backupdir}" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ]
if [ "${backup_ok}" = "true" ] && [ "$(printf "${adb_backupdir}/${adb_dnsprefix}."*)" != "${adb_backupdir}/${adb_dnsprefix}.*" ]
then
for file in ${adb_backupdir}/${adb_dnsprefix}.*
do
filename="${file##*/}"
cp -pf "${file}" "${adb_dnsdir}" 2>/dev/null
rc=${?}
if [ $((rc)) -ne 0 ]
then
f_log "error during restore of adblock list (${filename})" "${rc}"
f_exit
fi
restore_done="true"
done
f_log "all available backups restored"
restore_done="$(find "${adb_backupdir}" -maxdepth 1 -type f -name "${adb_dnsprefix}.*" -print -exec cp -pf "{}" "${adb_dnsdir}" \; 2>/dev/null)"
rc=${?}
if [ $((rc)) -eq 0 ] && [ -n "${restore_done}" ]
then
f_log "all available backups restored"
elif [ $((rc)) -ne 0 ]
then
f_log "error during restore of adblock lists" "${rc}"
f_exit
fi
else
f_log "no backups found, nothing to restore"
fi
# (re-)try dnsmasq restart without bogus adblock lists / with backups
#
if [ "${restore_done}" = "true" ] || [ "${removal_done}" = "true" ]
if [ -n "${restore_done}" ] || [ -n "${rm_done}" ]
then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
sleep 2
@@ -701,15 +731,15 @@ f_exit()
then
if [ -n "${adb_wanif4}" ]
then
ipv4_prerouting="$(${iptv4} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
ipv4_forward="$(${iptv4} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
ipv4_output="$(${iptv4} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
ipv4_prerouting="$(${iptv4} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
ipv4_forward="$(${iptv4} -vnL | awk '$11 ~ /^adb-forward[12]$/ {sum += $1} END {print sum}')"
ipv4_output="$(${iptv4} -vnL | awk '$11 ~ /^adb-output[12]$/ {sum += $1} END {print sum}')"
fi
if [ -n "${adb_wanif6}" ]
then
ipv6_prerouting="$(${iptv6} -t nat -vnL | grep -F "adblock-pre" | grep -Eo "[0-9]+" | head -n1)"
ipv6_forward="$(${iptv6} -vnL | grep -F "adblock-fwd" | grep -Eo "[0-9]+" | head -n1)"
ipv6_output="$(${iptv6} -vnL | grep -F "adblock-out" | grep -Eo "[0-9]+" | head -n1)"
ipv6_prerouting="$(${iptv6} -t nat -vnL | awk '$11 ~ /^adb-prerouting$/ {sum += $1} END {print sum}')"
ipv6_forward="$(${iptv6} -vnL | awk '$11 ~ /^adb-forward[12]$/ {sum += $1} END {print sum}')"
ipv6_output="$(${iptv6} -vnL | awk '$11 ~ /^adb-output[12]$/ {sum += $1} END {print sum}')"
fi
if [ -n "${adb_wanif4}" ] && [ -n "${adb_wanif6}" ]
then
@@ -729,9 +759,13 @@ f_exit()
f_log "${ipv6_forward} packets rejected in FORWARD chain"
f_log "${ipv6_output} packets rejected in OUTPUT chain"
fi
f_log "domain adblock processing finished successfully (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
f_log "domain adblock processing finished successfully (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
elif [ $((rc)) -gt 0 ]
then
f_log "domain adblock processing failed (${adb_scriptver}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
else
f_log "domain adblock processing failed (${adb_version}, ${openwrt_version}, $(/bin/date "+%d.%m.%Y %H:%M:%S"))"
rc=0
fi
rm -f "${adb_pidfile}" >/dev/null 2>&1
exit ${rc}
}