Add DNS cache to 4.14 kernel target

package/lean/luci-app-flowoffload/Makefile

@@ -6,10 +6,10 @@
 include $(TOPDIR)/rules.mk
 
 LUCI_TITLE:=LuCI support for Flow Offload
-LUCI_DEPENDS:=+kmod-ipt-offload @LINUX_4_14
+LUCI_DEPENDS:=+kmod-ipt-offload +pdnsd-alt @LINUX_4_14
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lean/luci-app-flowoffload/luasrc/controller/flowoffload.lua

 module("luci.controller.flowoffload", package.seeall)
 
 function index()
-	if not nixio.fs.access("/sys/module/xt_FLOWOFFLOAD/refcnt") then
+	if not nixio.fs.access("/etc/config/flowoffload") then
 		return
 	end
 	local page
@@ -24,12 +24,17 @@ local function is_fullcone()
 	return luci.sys.call("iptables -t nat -L -n --line-numbers | grep FULLCONENAT >/dev/null") == 0
 end
 
+local function is_dns()
+	return luci.sys.call("pgrep dnscache >/dev/null") == 0
+end
+
 function action_status()
 	luci.http.prepare_content("application/json")
 	luci.http.write_json({
 		run_state = is_running(),
 		down_state = is_bbr(),
-		up_state = is_fullcone()
+		up_state = is_fullcone(),
+		dns_state = is_dns()
 	})
 end
 

package/lean/luci-app-flowoffload/luasrc/model/cbi/flowoffload.lua

 local m,s,o
 local SYS  = require "luci.sys"
 
-m = Map("firewall")
+m = Map("flowoffload")
 m.title	= translate("Turbo ACC Acceleration Settings")
 m.description = translate("Opensource Linux Flow Offload driver (Fast Path or HWNAT)")
 m:append(Template("flow/status"))
 
-s = m:section(TypedSection, "defaults", "")
+s = m:section(TypedSection, "flow")
 s.addremove = false
 s.anonymous = true
 
@@ -17,8 +17,18 @@ flow.description = translate("Enable software flow offloading for connections. (
 
 hw = s:option(Flag, "flow_offloading_hw", translate("HWNAT"))
 hw.default = 0
-hw.rmempty = false
+hw.rmempty = true
 hw.description = translate("Enable Hardware NAT (depends on hw capability like MTK 762x)")
 hw:depends("flow_offloading", 1)
 
+dns = s:option(Flag, "dns", translate("DNS Acceleration"))
+dns.default = 0
+dns.rmempty = false
+dns.description = translate("Enable DNS Cache Acceleration and anti ISP DNS pollution")
+
+o = s:option(Value, "dns_server", translate("Upsteam DNS Server"))
+o.default = "114.114.114.114 ,114.114.115.115"
+o.description = translate("Muitiple DNS server can saperate with ','")
+o:depends("dns", 1)
+
 return m

package/lean/luci-app-flowoffload/luasrc/view/flow/status.htm

@@ -4,6 +4,7 @@
 		<tr><td width="33%">FLOW 加速状态</td><td id="_run_state"><em><%:Collecting data...%></em></td></tr>
 		<tr><td width="33%">BBR 加速</td><td id="_down_state"><em><%:Collecting data...%></em></td></tr>
 		<tr><td width="33%">FULLCONE NAT加速</td><td id="_up_state"><em><%:Collecting data...%></em></td></tr>
+		<tr><td width="33%">DNS 加速</td><td id="_dns_state"><em><%:Collecting data...%></em></td></tr>
 	</table>
 </fieldset>
 
@@ -11,11 +12,13 @@
 	var run_state = document.getElementById('_run_state');
 	var down_state = document.getElementById('_down_state');
 	var up_state = document.getElementById('_up_state');
+	var dns_state = document.getElementById('_dns_state');
 	XHR.poll(5, '<%=luci.dispatcher.build_url("admin", "network", "flowoffload", "status")%>', null, function(x, status) {
 		if ( x && x.status == 200 ) {
 			run_state.innerHTML = status.run_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 			down_state.innerHTML = status.down_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 			up_state.innerHTML = status.up_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
+			dns_state.innerHTML = status.dns_state ? '<em><b><font color=green><%:RUNNING%></font></b></em>' : '<em><b><font color=red><%:NOT RUNNING%></font></b></em>';
 		}
 	});
 //]]></script>

package/lean/luci-app-flowoffload/po/zh-cn/flowoffload.po

@@ -21,3 +21,15 @@ msgstr "开启 Flow Offloading 转发加速. (降低CPU占用 / 增强路由转
 
 msgid "Enable Hardware NAT (depends on hw capability like MTK 762x)"
 msgstr "启用硬件HWNAT加速（依赖特定的硬件，例如 MTK 762x 系列）"
+
+msgid "DNS Acceleration"
+msgstr "DNS 加速"
+
+msgid "Enable DNS Cache Acceleration and anti ISP DNS pollution"
+msgstr "启用DNS多线程查询、缓存，并防止ISP的DNS广告和域名劫持"
+
+msgid "Upsteam DNS Server"
+msgstr "上游 DNS 服务器(国内)"
+
+msgid "Muitiple DNS server can saperate with ','"
+msgstr "支持多个上游DNS服务器，用','分隔（注意用英文逗号).请填写您最快的DNS服务器"

package/lean/luci-app-flowoffload/root/etc/config/flowoffload

+
+config flow
+	option flow_offloading '1'
+	option flow_offloading_hw '0'
+	option dns '0'
+	option dns_server '114.114.114.114 ,114.114.115.115'
+

package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload

 #!/bin/sh /etc/rc.common
 # Copyright (c) 2011-2015 OpenWrt.org
 
-START=99
+START=60
+
+DNSMASQ_RESTART=N
+DNS_SERVER="114.114.114.114,114.114.115.115"
+
+start_pdnsd() {
+  DNS_SERVER=$(uci get flowoffload.@flow[0].dns_server 2>/dev/null)
+
+	[ -d /var/etc ] || mkdir -p /var/etc
+	
+  if [ ! -f /var/dnscache/pdnsd.cache ]; then
+    mkdir -p /var/dnscache
+    echo -ne "pd13\000\000\000\000" > /var/dnscache/pdnsd.cache
+    chown -R nobody.nogroup /var/dnscache
+	fi
+	
+	cat > /var/etc/dnscache.conf <<EOF
+global {
+    perm_cache=1024;        # dns缓存大小，单位KB，建议不要写的太大
+    cache_dir="/var/dnscache";     # 缓存文件的位置
+    pid_file = /var/run/dnscache.pid;
+    server_ip = 0.0.0.0;        # pdnsd监听的网卡，0.0.0.0是全部网卡
+    server_port=5333;           # pdnsd监听的端口，不要和别的服务冲突即可
+    status_ctl = on;
+    paranoid=on;                  # 二次请求模式，如果请求主DNS服务器返回的是垃圾地址，就向备用服务器请求
+    query_method=udp_only;      
+    neg_domain_pol = off;  
+    par_queries = 400;          # 最多同时请求数
+    min_ttl = 1h;               # DNS结果最短缓存时间
+    max_ttl = 1w;               # DNS结果最长缓存时间
+    timeout = 10;               # DNS请求超时时间，单位秒
+}
+
+server {  
+    label = "routine";         
+    ip = $DNS_SERVER;     # 这里为主要上级 dns 的 ip 地址，建议填写一个当地最快的DNS地址  
+    timeout = 5;              # DNS请求超时时间
+    reject = 74.125.127.102,  # 以下是脏IP，也就是DNS污染一般会返回的结果，如果收到如下DNS结果会触发二次请求（TCP协议一般不会碰到脏IP）
+        74.125.155.102,  
+        74.125.39.102,  
+        74.125.39.113,  
+        209.85.229.138,  
+        128.121.126.139,  
+        159.106.121.75,  
+        169.132.13.103,  
+        192.67.198.6,  
+        202.106.1.2,  
+        202.181.7.85,  
+        203.161.230.171,  
+        203.98.7.65,  
+        207.12.88.98,  
+        208.56.31.43,  
+        209.145.54.50,  
+        209.220.30.174,  
+        209.36.73.33,  
+        211.94.66.147,  
+        213.169.251.35,  
+        216.221.188.182,  
+        216.234.179.13,  
+        243.185.187.39,  
+        37.61.54.158,  
+        4.36.66.178,  
+        46.82.174.68,  
+        59.24.3.173,  
+        64.33.88.161,  
+        64.33.99.47,  
+        64.66.163.251,  
+        65.104.202.252,  
+        65.160.219.113,  
+        66.45.252.237,  
+        69.55.52.253,  
+        72.14.205.104,  
+        72.14.205.99,  
+        78.16.49.15,  
+        8.7.198.45,  
+        93.46.8.89,  
+        37.61.54.158,  
+        243.185.187.39,  
+        190.93.247.4,  
+        190.93.246.4,  
+        190.93.245.4,  
+        190.93.244.4,  
+        65.49.2.178,  
+        189.163.17.5,  
+        23.89.5.60,  
+        49.2.123.56,  
+        54.76.135.1,  
+        77.4.7.92,  
+        118.5.49.6,  
+        159.24.3.173,  
+        188.5.4.96,  
+        197.4.4.12,  
+        220.250.64.24,  
+        243.185.187.30,  
+        249.129.46.48,  
+        253.157.14.165;  
+    reject_policy = fail;  
+    exclude = ".google.com",  
+        ".gstatic.com",  
+        ".googleusercontent.com",  
+        ".googlepages.com",  
+        ".googlevideo.com",  
+        ".googlecode.com",  
+        ".googleapis.com",  
+        ".googlesource.com",  
+        ".googledrive.com",  
+        ".ggpht.com",  
+        ".youtube.com",  
+        ".youtu.be",  
+        ".ytimg.com",  
+        ".twitter.com",  
+        ".facebook.com",  
+        ".fastly.net",  
+        ".akamai.net",  
+        ".akamaiedge.net",  
+        ".akamaihd.net",  
+        ".edgesuite.net",  
+        ".edgekey.net";  
+}
+
+server {  
+    label = "special";                  # 这个随便写  
+    ip = 208.67.222.222,208.67.220.220; # 这里为备用DNS服务器的 ip 地址  
+    port = 5353;                        # 推荐使用53以外的端口（DNS服务器必须支持） 
+    proxy_only = on;
+    timeout = 5;  
+}  
+
+source {
+	owner=localhost;
+//	serve_aliases=on;
+	file="/etc/hosts";
+}
+
+rr {
+	name=localhost;
+	reverse=on;
+	a=127.0.0.1;
+	owner=localhost;
+	soa=localhost,root.localhost,42,86400,900,86400,86400;
+}
+EOF
+
+	/usr/sbin/dnscache -c /var/etc/dnscache.conf -d && echo "Start DNS Cache"
+}
+
+stop_pdnsd() {
+  kill $(pidof dnscache) >/dev/null 2>&1 || killall -9 dnscache >/dev/null 2>&1 
+  echo "Stop DNS Cache"
+}
+
+change_dns() {
+ 	uci delete dhcp.@dnsmasq[0].server >/dev/null 2>&1
+	uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#5333
+	uci delete dhcp.@dnsmasq[0].resolvfile >/dev/null 2>&1
+	uci set dhcp.@dnsmasq[0].noresolv=1
+	uci commit dhcp
+}
+
+revert_dns() {
+	uci del_list dhcp.@dnsmasq[0].server=127.0.0.1#5333 >/dev/null 2>&1
+	uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto
+	uci delete dhcp.@dnsmasq[0].noresolv >/dev/null 2>&1
+	uci commit dhcp
+}
+
+start(){
+  dns=$(uci get flowoffload.@flow[0].dns 2>/dev/null)
+  if [ $dns -eq 1 ];  then
+    start_pdnsd
+    change_dns
+  fi
+  uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading)
+  uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw)
+  uci commit firewall
+  if [ "$DNSMASQ_RESTART" = N ]; then
+    /etc/init.d/dnsmasq restart && echo "DNSMASQ change"
+    /etc/init.d/firewall restart
+  fi
+}
+
+stop(){
+    dns=$(uci get firewall.@defaults[0].dns 2>/dev/null)
+	  stop_pdnsd
+    revert_dns
+    uci set firewall.@defaults[0].flow_offloading=$(uci get flowoffload.@flow[0].flow_offloading)
+    uci set firewall.@defaults[0].flow_offloading_hw=$(uci get flowoffload.@flow[0].flow_offloading_hw)
+    uci commit firewall
+	  if [ "$DNSMASQ_RESTART" = N ]; then
+      /etc/init.d/dnsmasq restart && echo "DNSMASQ revert"
+      /etc/init.d/firewall restart
+    fi
+}
 
 restart(){
+    DNSMASQ_RESTART=Y
+    stop
+    start
+	  /etc/init.d/dnsmasq restart && echo "DNSMASQ restart"
     /etc/init.d/firewall restart
 }
 

package/lean/luci-app-flowoffload/root/etc/uci-defaults/flowoffload

@@ -2,4 +2,12 @@
 
 uci set firewall.@defaults[0].flow_offloading=1
 uci commit firewall
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@flowoffload[-1]
+	add ucitrack flowoffload
+	set ucitrack.@flowoffload[-1].init=flowoffload
+	commit ucitrack
+EOF
+
 exit 0

package/lean/luci-app-sfe/Makefile

@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for Turbo ACC (SFE)
 LUCI_DEPENDS:=+kmod-fast-classifier +pdnsd-alt @LINUX_4_9
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=9
+PKG_RELEASE:=10
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lean/luci-app-sfe/luasrc/model/cbi/sfe.lua

@@ -33,7 +33,7 @@ dns.rmempty = false
 dns.description = translate("Enable DNS Cache Acceleration and anti ISP DNS pollution")
 
 o = s:option(Value, "dns_server", translate("Upsteam DNS Server"))
-o.default = "114.114.114.114 ,114.114.115.115"
+o.default = "114.114.114.114,114.114.115.115"
 o.description = translate("Muitiple DNS server can saperate with ','")
 o:depends("dns", 1)
 

target/linux/x86/config-4.14

@@ -82,10 +82,7 @@ CONFIG_ATA=y
 CONFIG_ATA_GENERIC=y
 CONFIG_ATA_PIIX=y
 CONFIG_BINFMT_MISC=y
-CONFIG_BLK_DEV_BSG=y
-CONFIG_BLK_DEV_BSGLIB=y
 CONFIG_BLK_DEV_LOOP=y
-CONFIG_BLK_DEV_NVME=y
 CONFIG_BLK_DEV_SD=y
 CONFIG_BLK_MQ_PCI=y
 CONFIG_BLK_SCSI_REQUEST=y
@@ -118,7 +115,6 @@ CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
 CONFIG_CPU_FREQ_STAT=y
 CONFIG_CPU_IDLE=y
 CONFIG_CPU_IDLE_GOV_LADDER=y
-CONFIG_CPU_IDLE_GOV_MENU=y
 CONFIG_CPU_SUP_AMD=y
 CONFIG_CPU_SUP_CENTAUR=y
 CONFIG_CPU_SUP_CYRIX_32=y
@@ -179,7 +175,6 @@ CONFIG_FUSION=y
 # CONFIG_FUSION_CTL is not set
 # CONFIG_FUSION_LOGGING is not set
 CONFIG_FUSION_MAX_SGE=128
-CONFIG_FUSION_SAS=y
 CONFIG_FUSION_SPI=y
 CONFIG_GENERIC_ALLOCATOR=y
 CONFIG_GENERIC_BUG=y
@@ -198,7 +193,6 @@ CONFIG_GENERIC_ISA_DMA=y
 CONFIG_GENERIC_MSI_IRQ=y
 CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
 CONFIG_GENERIC_PCI_IOMAP=y
-CONFIG_GENERIC_PHY=y
 CONFIG_GENERIC_SMP_IDLE_THREAD=y
 CONFIG_GENERIC_STRNCPY_FROM_USER=y
 CONFIG_GENERIC_STRNLEN_USER=y
@@ -265,6 +259,7 @@ CONFIG_HAVE_PERF_EVENTS_NMI=y
 CONFIG_HAVE_PERF_REGS=y
 CONFIG_HAVE_PERF_USER_STACK_DUMP=y
 CONFIG_HAVE_RCU_TABLE_FREE=y
+CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
 CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
 CONFIG_HAVE_SETUP_PER_CPU_AREA=y
 CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
@@ -391,7 +386,6 @@ CONFIG_NLS=y
 CONFIG_NO_BOOTMEM=y
 CONFIG_NR_CPUS=1
 # CONFIG_NSC_GPIO is not set
-CONFIG_NVME_CORE=y
 CONFIG_NVRAM=y
 # CONFIG_OF is not set
 CONFIG_OLD_SIGACTION=y
@@ -400,11 +394,6 @@ CONFIG_OPROFILE_NMI_TIMER=y
 # CONFIG_OPTIMIZE_INLINING is not set
 CONFIG_OUTPUT_FORMAT="elf32-i386"
 CONFIG_PAGE_OFFSET=0xC0000000
-CONFIG_PATA_AMD=y
-CONFIG_PATA_MPIIX=y
-CONFIG_PATA_OLDPIIX=y
-CONFIG_PATA_SCH=y
-CONFIG_PATA_VIA=y
 CONFIG_PC104=y
 # CONFIG_PC8736x_GPIO is not set
 # CONFIG_PC87413_WDT is not set
@@ -452,17 +441,12 @@ CONFIG_RTC_CLASS=y
 CONFIG_RTC_MC146818_LIB=y
 CONFIG_RWSEM_XCHGADD_ALGORITHM=y
 # CONFIG_SAMSUNG_Q10 is not set
-CONFIG_SATA_AHCI=y
-CONFIG_SATA_MV=y
-CONFIG_SATA_NV=y
-CONFIG_SATA_VIA=y
 # CONFIG_SBC7240_WDT is not set
 # CONFIG_SBC8360_WDT is not set
 # CONFIG_SBC_EPX_C3_WATCHDOG is not set
 # CONFIG_SC1200_WDT is not set
 # CONFIG_SCHED_INFO is not set
 CONFIG_SCSI=y
-CONFIG_SCSI_SAS_ATTRS=y
 CONFIG_SCSI_SPI_ATTRS=y
 CONFIG_SCx200=y
 CONFIG_SCx200HR_TIMER=y
@@ -512,11 +496,15 @@ CONFIG_USB_EHCI_PCI=y
 CONFIG_USB_HID=y
 CONFIG_USB_HIDDEV=y
 CONFIG_USB_OHCI_HCD=y
+CONFIG_USB_OHCI_HCD_PCI=y
 # CONFIG_USB_OHCI_HCD_PLATFORM is not set
 CONFIG_USB_PCI=y
 CONFIG_USB_STORAGE=y
 CONFIG_USB_SUPPORT=y
-# CONFIG_USB_UHCI_HCD is not set
+CONFIG_USB_UHCI_HCD=y
+CONFIG_USB_XHCI_HCD=y
+CONFIG_USB_XHCI_PCI=y
+# CONFIG_USB_XHCI_PLATFORM is not set
 # CONFIG_USERIO is not set
 # CONFIG_USER_NS is not set
 CONFIG_USER_STACKTRACE_SUPPORT=y