From 124ac892c679143a8d25c0551eb2ca1e6155458a Mon Sep 17 00:00:00 2001 From: Dirk Brenken Date: Sun, 28 Aug 2016 17:34:30 +0300 Subject: [PATCH] adblock: update 1.4.7 Apply adblock update 1.4.5-1.4.7 Signed-off-by: Hannu Nyman Original commit messages: adblock: update 1.4.5 * change the default hphosts list source to ad and tracking servers only, the overall list includes to many false positives * new optional config parm 'adb_hotplugif' to restrict hotplug support to a certain wan interface or to disable it at all * documentation update * cosmetics adblock: update 1.4.6 * added a 'window.close()' to adblock landing page to automatically close any pop-ups that might get loaded with a blocked ad * simplified dnsmasq check in ap mode adblock: update 1.4.7 * add a query function to search the active blocklists for a specific domain (/etc/init.d/adblock query ) * fix bug in ap mode/uhttpd port detection * check general firewall and dnsmasq package dependencies and remove redundant checks in ap mode --- net/adblock/Makefile | 2 +- net/adblock/files/README.md | 21 ++++-------- net/adblock/files/adblock-helper.sh | 43 ++++++++++-------------- net/adblock/files/adblock-update.sh | 8 ++--- net/adblock/files/adblock.conf | 6 ++-- net/adblock/files/adblock.hotplug | 7 ++-- net/adblock/files/adblock.init | 17 ++++++++-- net/adblock/files/www/adblock/index.html | 5 ++- 8 files changed, 57 insertions(+), 52 deletions(-) diff --git a/net/adblock/Makefile b/net/adblock/Makefile index d5e84c13af..d7061772e4 100644 --- a/net/adblock/Makefile +++ b/net/adblock/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adblock -PKG_VERSION:=1.4.4 +PKG_VERSION:=1.4.7 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0+ PKG_MAINTAINER:=Dirk Brenken diff --git a/net/adblock/files/README.md b/net/adblock/files/README.md index 9bb8495267..7ee7d1fbf9 100644 --- a/net/adblock/files/README.md +++ b/net/adblock/files/README.md @@ -16,7 +16,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * [feodotracker](https://feodotracker.abuse.ch) * => daily updates, approx. 0-10 entries * [hphosts](https://hosts-file.net) - * => monthly updates, approx. 390.000 entries + * => monthly updates, approx. 50.000 entries * [malwaredomains](http://malwaredomains.com) * => daily updates, approx. 16.000 entries * [malwaredomainlist](http://www.malwaredomainlist.com) @@ -48,7 +48,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * [zeus tracker](https://zeustracker.abuse.ch) * => daily updates, approx. 440 entries * zero-conf like automatic installation & setup, usually no manual changes needed (i.e. ip address, network devices etc.) -* supports a wide range of router modes (incl. AP mode), as long as the firewall and the DNS server are enabled & in use +* supports a wide range of router modes (incl. AP mode), as long as firewall and dnsmasq are installed and in use * full IPv4 and IPv6 support * each blocklist source will be updated and processed separately * timestamp check to download and process only updated adblock list sources @@ -61,7 +61,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * use two dynamic uhttpd instances as adblock pixel server, separated for ads delivered on port 80 and on port 443 * use dynamic iptables chains/rulesets for adblock related redirects/rejects * init system support (start/stop/restart/reload/toggle/stats/cfgup) -* hotplug support, the adblock start will be triggered by wan 'ifup' event +* hotplug support, the adblock start will be triggered by wan 'ifup' event, this can be restricted to a certain wan interface or disabled at all (see config options below) * toggle to quickly switch adblock 'on' or 'off' * optional: automatic adblock list backup/restore, backups will be (de-)compressed on the fly (disabled by default) * optional: add new adblock sources via uci config (see example below) @@ -101,11 +101,13 @@ A lot of people already use adblocker plugins within their desktop browsers, but * **white-/blacklist:** add domain white- or blacklist entries to always-allow or -deny certain (sub) domains, by default both lists are located in _/etc/adblock_. Please add one domain per line - ip addresses, wildcards & regex are _not_ allowed (see example below) * **backup/restore:** enable the backup/restore feature, to restore automatically the latest compressed backup of your adblock lists in case of any processing error (i.e. a single blocklist source is down). Please use an (external) solid partition and _not_ your volatile router temp directory for this * **list updates:** for a scheduled call of the adblock service add an appropriate crontab entry (see example below) +* **hotplug fine tuning:** to restrict hotplug support to a certain wan interface or to disable it at all, you can set 'adb\_hotplugif' to an existing interface like 'wan' or to a non-existing 'dummy' interface * **new list sources:** you could add new blocklist sources on your own via uci config, all you need is a source url and an awk one-liner (see example below) -* **AP mode:** in 'AP mode' adblock uses automatically the local router ip as nullip address. To make sure that your LuCI interface will be still accessible, you have to change the local uhttpd instance to ports <> 80/443 (see example below) +* **AP mode:** in 'AP mode' adblock uses automatically the local router ip as nullip address. To make sure that your LuCI interface will be still accessible, you have to change the local uhttpd instance to ports <> 80/443 (see example below), also make sure that firewall and dnsmasq are installed and running * **restricted mode:** to disable flash writes with adblock status information to the adblock config file (used by LuCI frontend), please set 'adb\_restricted' to '1' * **adblock toggle:** to quickly switch adblocking 'on' or 'off', simply use _/etc/init.d/adblock toggle_ * **adblock statistics:** to update only the adblock statistics (without updating the block lists as well), please run _/etc/init.d/adblock stats_ +* **adblock query :** to query the active blocklists for a specific domain, please run _/etc/init.d/adblock query _ * **configuration update:** to update an outdated adblock config file with the current default version, please run _/etc/init.d/adblock cfgup_, make your individual changes and start the adblock service again * **debugging:** for script debugging please set the 'adb\_debug' variable in the header of _/etc/init.d/adblock_ to '1' * **disable active dns probing in windows:** to prevent a possible yellow exclamation mark on your internet connection icon (which wrongly means connected, but no internet), please change the following registry key/value from "1" to "0" _HKLM\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing_ @@ -122,6 +124,7 @@ A lot of people already use adblocker plugins within their desktop browsers, but * adb\_forcedns => redirect all local DNS queries to the local dnsmasq resolver (default: '1', enabled / always disabled in 'AP mode') * adb\_fetchttl => set the timeout for list downloads (default: '5' seconds) * adb\_restricted => disable updates of the adblock config file (no flash writes) during runtime (default: '0', disabled) + * adb\_hotplugif => restrict hotplug support to a certain wan interface or disable it at all (default: '', disabled) ## Examples @@ -177,16 +180,6 @@ config uhttpd 'main' list listen_https '0.0.0.0:445' -**example grep for blocked (sub-)domains in adblock source files:** -


-grep "google-analytics.com" "/tmp/dnsmasq.d/adb_list"*
-
-This will output all matches with corresponding source files:
-  /tmp/dnsmasq.d/adb_list.winhelp:address=/ssl.google-analytics.com/198.18.0.1
-  /tmp/dnsmasq.d/adb_list.winhelp:address=/www.google-analytics.com/198.18.0.1
-  /tmp/dnsmasq.d/adb_list.yoyo:address=/google-analytics.com/198.18.0.1
-

- **example to find blocked domains on certain sites for whitelisting:**


 1. the easy way ...
diff --git a/net/adblock/files/adblock-helper.sh b/net/adblock/files/adblock-helper.sh
index 88ad5e818e..9fbf6676a7 100644
--- a/net/adblock/files/adblock-helper.sh
+++ b/net/adblock/files/adblock-helper.sh
@@ -6,6 +6,7 @@
 #
 LC_ALL=C
 PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+adb_hotplugif=""
 adb_lanif="lan"
 adb_nullport="65534"
 adb_nullportssl="65535"
@@ -168,22 +169,12 @@ f_envcheck()
     then
         adb_nullipv4="${adb_ipv4}"
         adb_nullipv6="${adb_ipv6}"
-        if [ -n "$(${adb_uci} -q get uhttpd.main.listen_http | grep -Fo "80")" ] ||
-           [ -n "$(${adb_uci} -q get uhttpd.main.listen_https | grep -Fo "443")" ]
+        if [ -n "$(${adb_uci} -q get uhttpd.main.listen_http | grep -o ":80$")" ] ||
+           [ -n "$(${adb_uci} -q get uhttpd.main.listen_https | grep -o ":443$")" ]
         then
             rc=-1
             f_log "AP mode detected, please set local LuCI instance to ports <> 80/443"
             f_exit
-        elif [ -z "$(pgrep -f "dnsmasq")" ]
-        then
-            rc=-1
-            f_log "please enable the local dnsmasq instance to use adblock"
-            f_exit
-        elif [ ! -f "/var/run/fw3.state" ]
-        then
-            rc=-1
-            f_log "please enable the local firewall to use adblock"
-            f_exit
         else
             apmode_ok="true"
         fi
@@ -203,23 +194,25 @@ f_envcheck()
 
     # check general package dependencies
     #
-    f_depend "busybox"
-    f_depend "uci"
-    f_depend "uhttpd"
-    f_depend "iptables"
-    f_depend "kmod-ipt-nat"
+    f_depend "busybox -"
+    f_depend "uci -"
+    f_depend "uhttpd -"
+    f_depend "iptables -"
+    f_depend "kmod-ipt-nat -"
+    f_depend "firewall -"
+    f_depend "dnsmasq*"
 
     # check ipv6 related package dependencies
     #
     if [ -n "${adb_wanif6}" ]
     then
-        f_depend "ip6tables" "true"
+        f_depend "ip6tables -" "true"
         if [ "${package_ok}" = "false" ]
         then
             f_log "package 'ip6tables' not found, IPv6 support will be disabled"
             unset adb_wanif6
         else
-            f_depend "kmod-ipt-nat6" "true"
+            f_depend "kmod-ipt-nat6 -" "true"
             if [ "${package_ok}" = "false" ]
             then
                 f_log "package 'kmod-ipt-nat6' not found, IPv6 support will be disabled"
@@ -230,13 +223,13 @@ f_envcheck()
 
     # check uclient-fetch/wget dependencies
     #
-    f_depend "uclient-fetch" "true"
+    f_depend "uclient-fetch -" "true"
     if [ "${package_ok}" = "true" ]
     then
-        f_depend "libustream-polarssl" "true"
+        f_depend "libustream-polarssl -" "true"
         if [ "${package_ok}" = "false" ]
         then
-            f_depend "libustream-\(mbedtls\|openssl\|cyassl\)" "true"
+            f_depend "libustream-\(mbedtls\|openssl\|cyassl\) -" "true"
             if [ "${package_ok}" = "true" ]
             then
                 adb_fetch="$(which uclient-fetch)"
@@ -247,7 +240,7 @@ f_envcheck()
     fi
     if [ -z "${adb_fetch}" ]
     then
-        f_depend "wget" "true"
+        f_depend "wget -" "true"
         if [ "${package_ok}" = "true" ]
         then
             adb_fetch="$(which wget)"
@@ -262,7 +255,7 @@ f_envcheck()
 
     # check ca-certificate package and set fetch parm accordingly
     #
-    f_depend "ca-certificates" "true"
+    f_depend "ca-certificates -" "true"
     if [ "${package_ok}" = "false" ]
     then
         fetch_parm="${fetch_parm} --no-check-certificate"
@@ -451,7 +444,7 @@ f_depend()
     local check_only="${2}"
     package_ok="true"
 
-    check="$(printf "${pkg_list}" | grep "^${package} -")"
+    check="$(printf "${pkg_list}" | grep "^${package}")"
     if [ "${check_only}" = "true" ] && [ -z "${check}" ]
     then
         package_ok="false"
diff --git a/net/adblock/files/adblock-update.sh b/net/adblock/files/adblock-update.sh
index 0afd9b5b28..1136d37f79 100755
--- a/net/adblock/files/adblock-update.sh
+++ b/net/adblock/files/adblock-update.sh
@@ -10,8 +10,8 @@
 #
 adb_pid="${$}"
 adb_pidfile="/var/run/adblock.pid"
-adb_scriptver="1.4.4"
-adb_mincfgver="2.3"
+adb_scriptver="1.4.7"
+adb_mincfgver="2.4"
 adb_scriptdir="${0%/*}"
 if [ -r "${adb_pidfile}" ]
 then
@@ -97,7 +97,7 @@ do
     then
         if [ "${src_name}" = "blacklist" ]
         then
-            tmp_domains="$(cat "${url}" | strings -n 1)"
+            tmp_domains="$(strings -n 1 "${url}")"
         elif [ "${src_name}" = "shalla" ]
         then
             shalla_archive="${adb_tmpdir}/shallalist.tar.gz"
@@ -117,7 +117,7 @@ do
                         break
                     fi
                 done
-                tmp_domains="$(cat "${shalla_file}" | strings -n 1)"
+                tmp_domains="$(strings -n 1 "${shalla_file}")"
                 rm -rf "${adb_tmpdir}/BL"
                 rm -f "${shalla_archive}"
                 rm -f "${shalla_file}"
diff --git a/net/adblock/files/adblock.conf b/net/adblock/files/adblock.conf
index 5fdf224e1f..401a0a5ff2 100644
--- a/net/adblock/files/adblock.conf
+++ b/net/adblock/files/adblock.conf
@@ -3,7 +3,7 @@
 
 config adblock 'global'
 	option adb_enabled '1'
-	option adb_cfgver '2.3'
+	option adb_cfgver '2.4'
 	option adb_whitelist '/etc/adblock/adblock.whitelist'
 	option adb_whitelist_rset '\$1 ~/^([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\"^\"\$1\"\\\|[.]\"\$1)}'
 	option adb_forcedns '1'
@@ -44,9 +44,9 @@ config source 'feodo'
 
 config source 'hphosts'
 	option enabled '0'
-	option adb_src 'https://hosts-file.net/download/hosts.txt'
+	option adb_src 'https://hosts-file.net/ad_servers.txt'
 	option adb_src_rset '\$0 ~/^127\.0\.0\.1[ \t]+([A-Za-z0-9_-]+\.){1,}[A-Za-z]+/{print tolower(\$2)}'
-	option adb_src_desc 'broad blocklist against ad-, tracking- and other malicious hosts, monthly updates, approx. 390.000 entries'
+	option adb_src_desc 'broad blocklist against ad- and tracking hosts, monthly updates, approx. 50.000 entries'
 
 config source 'malware'
 	option enabled '0'
diff --git a/net/adblock/files/adblock.hotplug b/net/adblock/files/adblock.hotplug
index 8ea8a18350..33377b5e6c 100644
--- a/net/adblock/files/adblock.hotplug
+++ b/net/adblock/files/adblock.hotplug
@@ -15,6 +15,9 @@ f_envload
 
 if [ "${INTERFACE}" = "${adb_wanif4}" ] || [ "${INTERFACE}" = "${adb_wanif6}" ]
 then
-    /etc/init.d/adblock start
-    f_log "adblock service started due to '${ACTION}' of '${INTERFACE}' interface"
+    if [ -z "${adb_hotplugif}" ] || [ "${INTERFACE}" = "${adb_hotplugif}" ]
+    then
+        /etc/init.d/adblock start
+        f_log "adblock service started due to '${ACTION}' of '${INTERFACE}' interface"
+    fi
 fi
diff --git a/net/adblock/files/adblock.init b/net/adblock/files/adblock.init
index 15c7d9ee7b..b0dc777d04 100755
--- a/net/adblock/files/adblock.init
+++ b/net/adblock/files/adblock.init
@@ -2,10 +2,11 @@
 #
 
 START=99
-EXTRA_COMMANDS="toggle stats cfgup"
+EXTRA_COMMANDS="toggle stats cfgup query"
 EXTRA_HELP="	toggle	Toggle adblock 'on' or 'off'
 	stats	Update adblock statistics
-	cfgup	Update adblock configuration file"
+	cfgup	Update adblock configuration file
+	query	 Query active blocklists for specific domain"
 
 adb_debug=0
 adb_pid="${$}"
@@ -127,3 +128,15 @@ cfgup()
     fi
     return 0
 }
+
+query()
+{
+    if [ -z "${1}" ]
+    then
+        f_log "no domain query input, please submit a specific search domain"
+    else
+        f_log "results for search domain '${1}':"
+        grep "${1}" "/tmp/dnsmasq.d/adb_list"*
+    fi
+    return 0
+}
diff --git a/net/adblock/files/www/adblock/index.html b/net/adblock/files/www/adblock/index.html
index 2f8ba6e4e9..ff6c903424 100644
--- a/net/adblock/files/www/adblock/index.html
+++ b/net/adblock/files/www/adblock/index.html
@@ -1,5 +1,8 @@
 
-     
+    
+        
+    
+    
         
     
 
-- 
2.30.2