update app

2025-03-09 15:40:03 +00:00 · 2023-06-23 02:14:05 +08:00 · 2023-06-23 02:14:05 +08:00 · 8836ce80c2
commit 8836ce80c2
parent b8ec680e11
255 changed files with 9752 additions and 23582 deletions
--- a/https-dns-proxy/Makefile
+++ b/https-dns-proxy/Makefile
@ -1,14 +1,14 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=https-dns-proxy
-PKG_VERSION:=2021-11-22
-PKG_RELEASE:=3
+PKG_VERSION:=2023-05-25
+PKG_RELEASE:=2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy/
-PKG_SOURCE_DATE:=2021-11-22
-PKG_SOURCE_VERSION:=9336fd6272d67e8bb6e304fa54f3139a3d26f08f
-PKG_MIRROR_HASH:=60b1ddabaf1db3a9ee19f3294a1df714364d580cef5e3c2161363c371a557456
+PKG_SOURCE_DATE:=$(PKG_VERSION)
+PKG_SOURCE_VERSION:=d03e11572562f008f68df217a7378628f1bb7b79
+PKG_MIRROR_HASH:=5af3683c48bc9e493ca2761a6f7ee756431692a695d6008f61b8b92431036dca
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
@ -16,20 +16,20 @@ PKG_LICENSE_FILES:=LICENSE
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

-CMAKE_OPTIONS += -DCLANG_TIDY_EXE=
+CMAKE_OPTIONS += -DCLANG_TIDY_EXE= -DGIT_VERSION=$(PKG_VERSION)-$(PKG_RELEASE)

 define Package/https-dns-proxy
 	SECTION:=net
 	CATEGORY:=Network
 	TITLE:=DNS Over HTTPS Proxy
 	URL:=https://docs.openwrt.melmac.net/https-dns-proxy/
-	DEPENDS:=+libcares +libcurl +libev +ca-bundle
+	DEPENDS:=+libcares +libcurl +libev +ca-bundle +jsonfilter
 	CONFLICTS:=https_dns_proxy
 endef

 define Package/https-dns-proxy/description
-https-dns-proxy is a light-weight DNS<-->HTTPS, non-caching translation proxy for the RFC 8484 DoH standard.
-It receives regular (UDP) DNS requests and issues them via DoH.
+Light-weight DNS-over-HTTPS, non-caching translation proxy for the RFC 8484 DoH standard.
+It receives regular (UDP) DNS requests and resolves them via DoH resolver.
 Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information.
 endef

@ -40,12 +40,14 @@ endef
 define Package/https-dns-proxy/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_DIR) ${1}/etc/config
+	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DIR) $(1)/etc/uci-defaults/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy
 	$(INSTALL_BIN) ./files/https-dns-proxy.init $(1)/etc/init.d/https-dns-proxy
-	$(SED) "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy
+	$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy
 	$(INSTALL_CONF) ./files/https-dns-proxy.config $(1)/etc/config/https-dns-proxy
+	$(INSTALL_BIN) ./files/https-dns-proxy.defaults $(1)/etc/uci-defaults/50-https-dns-proxy-migrate-options.sh
 endef

 $(eval $(call BuildPackage,https-dns-proxy))
--- a/https-dns-proxy/files/README.md
+++ b/https-dns-proxy/files/README.md
--- a/https-dns-proxy/files/https-dns-proxy.config
+++ b/https-dns-proxy/files/https-dns-proxy.config
@ -1,5 +1,7 @@
 config main 'config'
-	option update_dnsmasq_config '*'
+	option canary_domains_icloud '1'
+	option canary_domains_mozilla '1'
+	option dnsmasq_config_update '*'
 	option force_dns '1'
 	list force_dns_port '53'
 	list force_dns_port '853'
@ -11,12 +13,13 @@ config main 'config'
 #	list force_dns_port '4434'
 #	list force_dns_port '5443'
 #	list force_dns_port '8443'
+	option procd_trigger_wan6 '0'

 config https-dns-proxy
 	option bootstrap_dns '1.1.1.1,1.0.0.1'
 	option resolver_url 'https://cloudflare-dns.com/dns-query'
 	option listen_addr '127.0.0.1'
-	option listen_port '5054'
+	option listen_port '5053'
 	option user 'nobody'
 	option group 'nogroup'

@ -24,6 +27,6 @@ config https-dns-proxy
 	option bootstrap_dns '8.8.8.8,8.8.4.4'
 	option resolver_url 'https://dns.google/dns-query'
 	option listen_addr '127.0.0.1'
-	option listen_port '5053'
+	option listen_port '5054'
 	option user 'nobody'
 	option group 'nogroup'
--- a/https-dns-proxy/files/https-dns-proxy.defaults
+++ b/https-dns-proxy/files/https-dns-proxy.defaults
@ -0,0 +1,3 @@
+#!/bin/sh
+	sed -i "s|update_dnsmasq_config|dnsmasq_config_update|" "/etc/config/https-dns-proxy"
+	sed -i "s|wan6_trigger|procd_trigger_wan6|" "/etc/config/https-dns-proxy"
--- a/https-dns-proxy/files/https-dns-proxy.hotplug.iface
+++ b/https-dns-proxy/files/https-dns-proxy.hotplug.iface
--- a/https-dns-proxy/files/https-dns-proxy.init
+++ b/https-dns-proxy/files/https-dns-proxy.init
@ -1,10 +1,9 @@
 #!/bin/sh /etc/rc.common
-# Copyright 2019-2020 Stan Grishin (stangri@melmac.net)
-# shellcheck disable=SC2039,SC3043,SC3060
-PKG_VERSION='dev-test'
+# Copyright 2019-2022 Stan Grishin (stangri@melmac.ca)
+# shellcheck disable=SC1091,SC3043,SC3060

 # shellcheck disable=SC2034
-START=80
+START=95
 # shellcheck disable=SC2034
 USE_PROCD=1

@ -15,8 +14,60 @@ else
 	EXTRA_COMMANDS='version'
 fi

+readonly PKG_VERSION='dev-test'
+readonly packageName='https-dns-proxy'
+readonly serviceName="$packageName $PKG_VERSION"
+readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m'
+readonly _FAIL_='\033[0;31m\xe2\x9c\x97\033[0m'
 readonly PROG=/usr/sbin/https-dns-proxy
-dnsmasqConfig=''; forceDNS=''; forceDNSPorts='';
+readonly BOOTSTRAP_CF='1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001'
+readonly BOOTSTRAP_GOOGLE='8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844'
+readonly DEFAULT_BOOTSTRAP="${BOOTSTRAP_CF},${BOOTSTRAP_GOOGLE}"
+readonly canaryDomainsMozilla='use-application-dns.net'
+readonly canaryDomainsiCloud='mask.icloud.com mask-h2.icloud.com'
+
+str_contains() { [ -n "$1" ] &&[ -n "$2" ] && [ "${1//$2}" != "$1" ]; }
+is_mac_address() { expr "$1" : '[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]:[0-9A-F][0-9A-F]$' >/dev/null; }
+is_ipv4() { expr "$1" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; }
+is_ipv6() { ! is_mac_address "$1" && str_contains "$1" ":"; }
+output() {
+	local msg memmsg logmsg
+	local sharedMemoryOutput="/dev/shm/$packageName-output"
+	[ -t 1 ] && printf "%b" "$@"
+	msg="${1//$serviceName /service }";
+	if [ "$(printf "%b" "$msg" | wc -l)" -gt 0 ]; then
+		[ -s "$sharedMemoryOutput" ] && memmsg="$(cat "$sharedMemoryOutput")"
+		logmsg="$(printf "%b" "${memmsg}${msg}" | sed 's/\x1b\[[0-9;]*m//g')"
+		logger -t "$packageName" "$(printf "%b" "$logmsg")"
+		rm -f "$sharedMemoryOutput"
+	else
+		printf "%b" "$msg" >> "$sharedMemoryOutput"
+	fi
+}
+output_ok() { output "$_OK_"; }
+output_okn() { output "${_OK_}\\n"; }
+output_fail() { output "$_FAIL_"; }
+output_failn() { output "${_FAIL_}\\n"; }
+uci_add_list_if_new() {
+	local PACKAGE="$1"
+	local CONFIG="$2"
+	local OPTION="$3"
+	local VALUE="$4"
+	local i
+	[ -n "$PACKAGE" ] && [ -n "$CONFIG" ] && [ -n "$OPTION" ] && [ -n "$VALUE" ] || return 1
+	for i in $(uci_get "$PACKAGE" "$CONFIG" "$OPTION"); do
+		[ "$i" = "$VALUE" ] && return 0
+	done
+	uci_add_list "$PACKAGE" "$CONFIG" "$OPTION" "$VALUE"
+}
+uci_changes() {
+	local PACKAGE="$1"
+	local CONFIG="$2"
+	local OPTION="$3"
+	/sbin/uci ${UCI_CONFIG_DIR:+-c $UCI_CONFIG_DIR} changes "$PACKAGE${CONFIG:+.$CONFIG}${OPTION:+.$OPTION}"
+}
+
+dnsmasq_restart() { [ -x /etc/init.d/dnsmasq ] || return 0; /etc/init.d/dnsmasq restart >/dev/null 2>&1; }

 version() { echo "$PKG_VERSION"; }

@ -26,11 +77,10 @@ append_bool() {
 	local section="$1"
 	local option="$2"
 	local value="$3"
-	local default="$4"
+	local default="${4:-0}"
 	local _loctmp
-	[ -z "$default" ] && default="0"
 	config_get_bool _loctmp "$section" "$option" "$default"
-	[ "$_loctmp" != "0" ] && xappend "$value"
+	[ "$_loctmp" -ne 0 ] && xappend "$value"
 }

 append_parm() {
@ -40,180 +90,280 @@ append_parm() {
 	local default="$4"
 	local _loctmp
 	config_get _loctmp "$section" "$option" "$default"
+	[ -n "$_loctmp" ] && xappend "$switch $_loctmp"
+}
+
+append_counter() {
+	local section="$1"
+	local option="$2"
+	local switch="$3"
+	local default="${4:-0}"
+	local _loctmp i
+	config_get _loctmp "$section" "$option" "$default"
+# shellcheck disable=SC2086,SC2154
+	for i in $(seq 1 $_loctmp); do
+		xappend '-v'
+	done
+}
+
+append_bootstrap() {
+	local section="$1"
+	local option="$2"
+	local switch="$3"
+	local default="$4"
+	local _old_ifs="$IFS"
+	local _loctmp _newtmp i
+	config_get _loctmp "$section" "$option" "$default"
 	[ -z "$_loctmp" ] && return 0
-	xappend "$switch $_loctmp"
+	IFS=" ,"
+	for i in $_loctmp; do
+		if { [ "$ipv6_resolvers_only" -eq 0 ] && is_ipv4 "$i"; } || \
+			{ [ "$ipv6_resolvers_only" -ne 0 ] && is_ipv6 "$i"; }; then
+			[ -z "$_newtmp" ] && _newtmp="$i" || _newtmp="${_newtmp},${i}"
+		fi
+	done
+	IFS="$_old_ifs"
+	[ -n "$_newtmp" ] && xappend "$switch $_newtmp"
+	[ "$ipv6_resolvers_only" -eq 0 ] && xappend '-4'
+}
+
+boot() {
+	ubus -t 30 wait_for network.interface 2>/dev/null
+	rc_procd start_service 'on_boot'
 }

 start_instance() {
-	local cfg="$1" param listen_addr listen_port i
+	local cfg="$1" param listen_addr listen_port ipv6_resolvers_only p url iface
+
+	config_get url "$cfg" 'resolver_url'
+	config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0'
 	append_parm "$cfg" 'resolver_url' '-r'
-	append_parm "$cfg" 'polling_interval' '-i'
 	append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1'
-	append_parm "$cfg" 'listen_port' '-p' "$p"
+	append_parm "$cfg" 'listen_port' '-p' "$port"
 	append_parm "$cfg" 'dscp_codepoint' '-c'
-	append_parm "$cfg" 'bootstrap_dns' '-b'
+	append_bootstrap "$cfg" 'bootstrap_dns' '-b' "$DEFAULT_BOOTSTRAP"
 	append_parm "$cfg" 'user' '-u' 'nobody'
 	append_parm "$cfg" 'group' '-g' 'nogroup'
+	append_parm "$cfg" 'ca_certs_file' '-C'
+	append_parm "$cfg" 'polling_interval' '-i'
 	append_parm "$cfg" 'proxy_server' '-t'
 	append_parm "$cfg" 'logfile' '-l'
 	append_bool "$cfg" 'use_http1' '-x'
-	config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0'
-	config_get verbosity "$cfg" 'verbosity' '0'
-
-# shellcheck disable=SC2086,SC2154
-	for i in $(seq 1 $verbosity); do
-		xappend '-v'
-	done
-# shellcheck disable=SC2154
-	if [ "$ipv6_resolvers_only" = 0 ]; then
-		xappend '-4'
-	fi
+	append_counter "$cfg" 'verbosity' '-v' '0'

 	procd_open_instance
 # shellcheck disable=SC2086
-	procd_set_param command ${PROG} ${param}
+	procd_set_param command $PROG $param
 	procd_set_param stderr 1
 	procd_set_param stdout 1
 	procd_set_param respawn
-	procd_close_instance
-
-	config_get listen_addr "$cfg" 'listen_addr' '127.0.0.1'
-	config_get listen_port "$cfg" 'listen_port' "$p"
-
-	if [ "$dnsmasqConfig" = "*" ]; then
-		config_load 'dhcp'
-		config_foreach dnsmasq_add_doh_server 'dnsmasq' "${listen_addr}" "${listen_port}"
-	elif [ -n "$dnsmasqConfig" ]; then
-		for i in $dnsmasqConfig; do
-			dnsmasq_add_doh_server "@dnsmasq[${i}]" "${listen_addr}" "${listen_port}"
-		done
-	fi
-	p="$((p+1))"
-}
-
-is_force_dns_active() { iptables-save 2>/dev/null | grep -q -w -- '--dport 53'; }
-
-start_service() {
-	local p=5053 c
-	config_load 'https-dns-proxy'
-	config_get dnsmasqConfig	'config' 'update_dnsmasq_config' '*'
-	config_get_bool forceDNS	'config' 'force_dns' '1'
-	config_get forceDNSPorts	'config' 'force_dns_port' '53 853'
-	dhcp_backup 'create'
-	config_load 'https-dns-proxy'
-	config_foreach start_instance 'https-dns-proxy'
-	if [ "$forceDNS" -ne 0 ]; then
-		procd_open_instance 'main'
-		procd_set_param command /bin/true
-		procd_set_param stdout 1
-		procd_set_param stderr 1
-		procd_open_data
+	procd_open_data
+	json_add_object mdns
+		procd_add_mdns_service "$packageName" 'udp' "$port" "DNS over HTTPS proxy"
+	json_close_object
+	json_add_string url "$url"
+	if [ "$force_dns" -ne 0 ]; then
 		json_add_array firewall
-		for c in $forceDNSPorts; do
-			if netstat -tuln | grep 'LISTEN' | grep ":${c}" >/dev/null 2>&1 || [ "$c" = "53" ]; then
-				json_add_object ""
-				json_add_string type redirect
-				json_add_string target DNAT
-				json_add_string src lan
-				json_add_string proto "tcp udp"
-				json_add_string src_dport "$c"
-				json_add_string dest_port "$c"
-				json_add_boolean reflection 0
-				json_close_object
-			else
-				json_add_object ""
-				json_add_string type rule
-				json_add_string src lan
-				json_add_string dest "*"
-				json_add_string proto "tcp udp"
-				json_add_string dest_port "$c"
-				json_add_string target REJECT
-				json_close_object
-			fi
+		for iface in $procd_fw_src_interfaces; do
+			for p in $force_dns_port; do
+				if netstat -tuln | grep 'LISTEN' | grep ":${p}" >/dev/null 2>&1 || [ "$p" = '53' ]; then
+					json_add_object ''
+					json_add_string type redirect
+					json_add_string target DNAT
+					json_add_string src "$iface"
+					json_add_string proto 'tcp udp'
+					json_add_string src_dport "$p"
+					json_add_string dest_port "$p"
+					json_add_string family any
+					json_add_boolean reflection 0
+					json_close_object
+				else
+					json_add_object ''
+					json_add_string type rule
+					json_add_string src "$iface"
+					json_add_string dest '*'
+					json_add_string proto 'tcp udp'
+					json_add_string dest_port "$p"
+					json_add_string target REJECT
+					json_close_object
+				fi
+			done
 		done
 		json_close_array
-		procd_close_data
-		procd_close_instance
 	fi
-	if [ -n "$(uci -q changes dhcp)" ]; then
-		uci -q commit dhcp
-		[ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq restart >/dev/null 2>&1
+	procd_close_data
+	procd_close_instance
+
+	if [ "$?" ]; then
+		config_get listen_addr "$cfg" 'listen_addr' '127.0.0.1'
+		config_get listen_port "$cfg" 'listen_port' "$port"
+		if [ "$dnsmasq_config_update" = '*' ]; then
+			config_load 'dhcp'
+			config_foreach dnsmasq_doh_server 'dnsmasq' 'add' "${listen_addr}" "${listen_port}"
+		elif [ -n "$dnsmasq_config_update" ]; then
+			for i in $dnsmasq_config_update; do
+				if [ -n "$(uci_get 'dhcp' "@dnsmasq[$i]")" ]; then
+					dnsmasq_doh_server "@dnsmasq[$i]" 'add' "${listen_addr}" "${listen_port}"
+				elif [ -n "$(uci_get 'dhcp' "$i")" ]; then
+					dnsmasq_doh_server "${i}" 'add' "${listen_addr}" "${listen_port}"
+				fi
+			done
+		fi
+		output_ok
+		port="$((port+1))"
+		force_dns=0
+	else
+		output_fail
 	fi
 }

+start_service() {
+	local canaryDomains canary_domains_icloud canary_domains_mozilla
+	local dnsmasq_config_update force_dns force_dns_port 
+	local procd_fw_src_interfaces
+
+	local port=5053
+	output "Starting $serviceName "
+	config_load "$packageName"
+	config_get_bool canary_domains_icloud  'config' 'canary_domains_icloud' '1'
+	config_get_bool canary_domains_mozilla 'config' 'canary_domains_mozilla' '1'
+	config_get_bool force_dns          'config' 'force_dns' '1'
+	config_get dnsmasq_config_update   'config' 'dnsmasq_config_update' '*'
+	config_get force_dns_port          'config' 'force_dns_port' '53 853'
+	config_get procd_fw_src_interfaces 'config' 'procd_fw_src_interfaces' 'lan'
+	if [ "$canary_domains_icloud" -ne 0 ]; then
+		canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}"
+	fi
+	if [ "$canary_domains_mozilla" -ne 0 ]; then
+		canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}"
+	fi
+	dhcp_backup 'create'
+	config_load "$packageName"
+	config_foreach start_instance "$packageName"
+	if [ -n "$(uci_changes dhcp)" ]; then
+		uci_commit 'dhcp'
+		dnsmasq_restart
+	fi
+	output "\\n"
+}
+
 stop_service() {
-	config_load 'https-dns-proxy'
-	config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
-	dhcp_backup 'restore'
-	if [ -n "$(uci -q changes dhcp)" ]; then
-		uci -q commit dhcp
-		[ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq restart >/dev/null 2>&1
+	local canaryDomains canary_domains_icloud canary_domains_mozilla
+	local dnsmasq_config_update
+	local s=0
+	output "Stopping $serviceName "
+	config_load "$packageName"
+	config_get dnsmasq_config_update        'config' 'dnsmasq_config_update' '*'
+	config_get_bool canary_domains_icloud   'config' 'canary_domains_icloud' '1'
+	config_get_bool canary_domains_mozilla  'config' 'canary_domains_mozilla' '1'
+	if [ "$canary_domains_icloud" -ne 0 ]; then
+		canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsiCloud}"
 	fi
+	if [ "$canary_domains_mozilla" -ne 0 ]; then
+		canaryDomains="${canaryDomains:+$canaryDomains }${canaryDomainsMozilla}"
+	fi
+	dhcp_backup 'restore'
+	if [ -n "$(uci_changes dhcp)" ]; then
+		uci_commit 'dhcp'
+		dnsmasq_restart || s=1
+	fi
+# shellcheck disable=SC2015
+	[ "$s" -eq 0 ] && output_okn || output_failn
 }

+# shellcheck disable=SC1091
 service_triggers() {
-	procd_add_config_trigger "config.change" "https-dns-proxy" /etc/init.d/https-dns-proxy reload
+	local wan wan6 i
+	local procd_trigger_wan6
+	config_load "$packageName"
+	config_get_bool procd_trigger_wan6 'config' 'procd_trigger_wan6' '0'
+	. /lib/functions/network.sh
+	network_flush_cache
+	network_find_wan wan
+	wan="${wan:-wan}"
+	if [ "$procd_trigger_wan6" -ne 0 ]; then
+		network_find_wan6 wan6
+		wan6="${wan6:-wan6}"
+	fi
+	for i in "$wan" "$wan6"; do
+		[ -n "$i" ] && procd_add_interface_trigger "interface.*" "$i" "/etc/init.d/${packageName}" restart
+	done
+	procd_add_config_trigger "config.change" "$packageName" "/etc/init.d/${packageName}" reload
 }

 service_started() { procd_set_config_changed firewall; }
 service_stopped() { procd_set_config_changed firewall; }
+restart() { procd_send_signal "$packageName"; rc_procd start_service; }

-dnsmasq_add_doh_server() {
-	local cfg="$1" address="$2" port="$3"
-	case $address in
-		0.0.0.0|::ffff:0.0.0.0) address='127.0.0.1';;
-		::) address='::1';;
+dnsmasq_doh_server() {
+	local cfg="$1" param="$2" address="${3:-127.0.0.1}" port="$4" i
+	case "$param" in
+		add)
+			if [ "$force_dns" -ne 0 ]; then
+				for i in $canaryDomains; do
+					uci_add_list_if_new 'dhcp' "$cfg" 'server' "/${i}/"
+				done
+			fi
+			case $address in
+				0.0.0.0|::ffff:0.0.0.0) address='127.0.0.1';;
+				::) address='::1';;
+			esac
+			uci_add_list_if_new 'dhcp' "$cfg" 'server' "${address}#${port}"
+		;;
+		remove)
+			eval "$(ubus call service list "{ 'verbose': true, 'name': '$packageName' }" | jsonfilter -F '# ' -e 'TUPLES=@[*].instances[*].command[4,6]')"
+			for i in $TUPLES; do
+				uci_remove_list 'dhcp' "$cfg" 'server' "$i"
+			done
+			for i in $canaryDomains; do
+				uci_remove_list 'dhcp' "$cfg" 'server' "/${i}/"
+			done
+		;;
 	esac
-	uci -q del_list "dhcp.${cfg}.server=${address}#${port}"
-	uci -q add_list "dhcp.${cfg}.server=${address}#${port}"
 }

 dnsmasq_create_server_backup() {
-	local cfg="$1"
-	local i
-	uci -q get "dhcp.${cfg}" >/dev/null || return 1
-	if ! uci -q get "dhcp.${cfg}.doh_backup_noresolv" >/dev/null; then
-		if [ -z "$(uci -q get "dhcp.${cfg}.noresolv")" ]; then
-			uci -q set "dhcp.${cfg}.noresolv=1"
-			uci -q set "dhcp.${cfg}.doh_backup_noresolv=-1"
-		elif [ "$(uci -q get "dhcp.${cfg}.noresolv")" != "1" ]; then
-			uci -q set "dhcp.${cfg}.noresolv=1"
-			uci -q set "dhcp.${cfg}.doh_backup_noresolv=0"
+	local cfg="$1" i
+	[ -n "$(uci_get 'dhcp' "$cfg")" ] || return 1
+	if [ -z "$(uci_get 'dhcp' "$cfg" 'doh_backup_noresolv')" ]; then
+		if [ -z "$(uci_get 'dhcp' "$cfg" 'noresolv')" ]; then
+			uci_set 'dhcp' "$cfg" 'doh_backup_noresolv' '-1'
+		else
+			uci_set 'dhcp' "$cfg" 'doh_backup_noresolv' "$(uci_get 'dhcp' "$cfg" noresolv)"
 		fi
+		uci_set 'dhcp' "$cfg" 'noresolv' 1
 	fi
-	if ! uci -q get "dhcp.${cfg}.doh_backup_server" >/dev/null; then
-		if [ -z "$(uci -q get "dhcp.${cfg}.server")" ]; then
-			uci -q add_list "dhcp.${cfg}.doh_backup_server="
+	if [ -z "$(uci_get 'dhcp' "$cfg" 'doh_backup_server')" ]; then
+		if [ -z "$(uci_get 'dhcp' "$cfg" 'server')" ]; then
+			uci_add_list 'dhcp' "$cfg" 'doh_backup_server' ""
 		fi
-		for i in $(uci -q get "dhcp.${cfg}.server"); do
-			uci -q add_list "dhcp.${cfg}.doh_backup_server=$i"
+		for i in $(uci_get 'dhcp' "$cfg" 'server'); do
+			uci_add_list 'dhcp' "$cfg" 'doh_backup_server' "$i"
 			if [ "$i" = "$(echo "$i" | tr -d /\#)" ]; then
-				uci -q del_list "dhcp.${cfg}.server=$i"
+				uci_remove_list 'dhcp' "$cfg" 'server' "$i"
 			fi
 		done
-		uci -q del_list "dhcp.${cfg}.server=127.0.0.1#5353"
 	fi
 	return 0
 }

 dnsmasq_restore_server_backup() {
-	local cfg="$1"
-	local i
-	uci -q get "dhcp.${cfg}" >/dev/null || return 0
-	if uci -q get "dhcp.${cfg}.doh_backup_noresolv" >/dev/null; then
-		if [ "$(uci -q get "dhcp.${cfg}.doh_backup_noresolv")" = "0" ]; then
-			uci -q set "dhcp.${cfg}.noresolv=0"
-		else 
-			uci -q del "dhcp.${cfg}.noresolv"
+	local cfg="$1" i
+	[ -n "$(uci_get 'dhcp' "$cfg")" ] || return 0
+	if [ -n "$(uci_get 'dhcp' "$cfg" 'doh_backup_noresolv')" ]; then
+		if [ "$(uci_get 'dhcp' "$cfg" 'doh_backup_noresolv')" = "-1" ]; then
+			uci_remove 'dhcp' "$cfg" 'noresolv'
+		else
+			uci_set 'dhcp' "$cfg" 'noresolv' "$(uci_get 'dhcp' "$cfg" 'doh_backup_noresolv')"
 		fi
-		uci -q del "dhcp.${cfg}.doh_backup_noresolv"
+		uci_remove 'dhcp' "$cfg" 'doh_backup_noresolv'
 	fi
-	if uci -q get "dhcp.${cfg}.doh_backup_server" >/dev/null; then
-		uci -q del "dhcp.${cfg}.server"
-		for i in $(uci -q get "dhcp.${cfg}.doh_backup_server"); do
-			uci -q add_list "dhcp.${cfg}.server=$i"
+	if uci_get 'dhcp' "$cfg" 'doh_backup_server' >/dev/null 2>&1; then
+		dnsmasq_doh_server "$cfg" 'remove'
+		for i in $(uci_get 'dhcp' "$cfg" 'doh_backup_server'); do
+			uci_add_list_if_new 'dhcp' "$cfg" 'server' "$i"
 		done
-	uci -q del "dhcp.${cfg}.doh_backup_server"
+		uci_remove 'dhcp' "$cfg" 'doh_backup_server'
 	fi
 }

@ -222,12 +372,15 @@ dhcp_backup() {
 	config_load 'dhcp'
 	case "$1" in
 		create)
-			if [ "$dnsmasqConfig" = "*" ]; then
+			if [ "$dnsmasq_config_update" = "*" ]; then
 				config_foreach dnsmasq_create_server_backup 'dnsmasq'
-			elif [ -n "$dnsmasqConfig" ]; then
-				for i in $dnsmasqConfig; do
-					dnsmasq_create_server_backup "@dnsmasq[${i}]" || \
+			elif [ -n "$dnsmasq_config_update" ]; then
+				for i in $dnsmasq_config_update; do
+					if [ -n "$(uci_get 'dhcp' "@dnsmasq[$i]")" ]; then
+						dnsmasq_create_server_backup "@dnsmasq[$i]"
+					elif [ -n "$(uci_get 'dhcp' "$i")" ]; then
 						dnsmasq_create_server_backup "$i"
+					fi
 				done
 			fi
 			;;
--- a/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch
+++ b/https-dns-proxy/patches/010-cmakelists-remove-cflags.patch
@ -1,13 +1,13 @@
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -21,9 +21,9 @@ if(NOT CMAKE_BUILD_TYPE)
-   message(STATUS "Setting build type to '${CMAKE_BUILD_TYPE}' as none was specified.")
+@@ -25,9 +25,9 @@ if (NOT CMAKE_INSTALL_BINDIR)
+   set(CMAKE_INSTALL_BINDIR bin)
 endif()
 
-set(CMAKE_C_FLAGS "-Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
+-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
 -set(CMAKE_C_FLAGS_DEBUG "-g -DDEBUG")
 -set(CMAKE_C_FLAGS_RELEASE "-O2")
-+#set(CMAKE_C_FLAGS "-Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
+#set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra --pedantic -Wno-strict-aliasing -Wno-variadic-macros")
 +#set(CMAKE_C_FLAGS_DEBUG "-g -DDEBUG")
 +#set(CMAKE_C_FLAGS_RELEASE "-O2")
 
--- a/https-dns-proxy/patches/020-src-options.c-add-version.patch
+++ b/https-dns-proxy/patches/020-src-options.c-add-version.patch
@ -0,0 +1,11 @@
+--- a/src/options.c
+++ b/src/options.c
+@@ -22,7 +22,7 @@ const char * options_sw_version() {
+ #ifdef SW_VERSION
+   return SW_VERSION;
+ #else
+-  return "2023.01.01-atLeast";  // update date sometimes, like 1-2 times a year
+  return "2023-05-25-1";  // update date sometimes, like 1-2 times a year
+ #endif
+ }
+ 
--- a/https-dns-proxy/test.sh
+++ b/https-dns-proxy/test.sh
@ -1,3 +1,3 @@
 #!/bin/sh

-/etc/init.d/"$1" version 2>&1 | grep "$2"
+/etc/init.d/"$1" version 2>&1 | grep "$2" && "$1" -V 2>&1 | grep "$2"