merge

README.md

@@ -9,33 +9,33 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
 
 ## Installation
 - Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
-- There are two option in installation progress. 
-### Auto redirect DNS queries using `iptables`
-Just flash and forget.
+
 ### Set DNS server manually with 3rd-party app (not included in this module)
-- DNS server address is 127.0.0.1:53 for ipv4 and [::1]:53 for ipv6
+- DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
 - If you use AfWall, you can write this enter custom script
   ```
-  iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
-  iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
-  ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
-  ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
+  iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+  iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+  ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
+  ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
   ```
   and this shutdown script
   ```
-  iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
-  iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
-  ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
-  ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
+  iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+  iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+  ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
+  ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
   ```
 
 ## Configuration (post-installing)
-- Configuration located on `/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml`
+- Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
 - For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
 
 ## Changelog
 ### v2.8.7
- - Update binaries to 2.0.25
+- changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard]
+- updated binary & configuration files to 2.0.25
+- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
 ### v2.8.5
  - Fix #40
 ### v2.8.4
@@ -56,6 +56,4 @@ Just flash and forget.
 
 ## Credit
 - DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
-- Keycheck binary | [someone755](https://github.com/someone755/kerneller/tree/master/extract/tools)
-- Idea for keycheck code implementation | [Zappo @xda-developers](https://forum.xda-developers.com/showpost.php?p=71016567&postcount=98)
 - [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)

changelog.md

@@ -1,6 +1,9 @@
 # Changelog
+## Changelog
 ### v2.8.7
-- Update binaries to 2.0.25
+- changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
+- updated binary & configuration files to 2.0.25
+- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
 ### v2.8.5
 - Fix #40
 ### v2.8.4
@@ -24,7 +27,7 @@
 ## v2.4.0
 * Update binary files to 2.0.14
 ## v2.3.0
-* Update binary files to 2.0.10 
+* Update binary files to 2.0.10
 * Add option to choose auto redirect DNS or manually set with 3rd-party app.
 ## v2.2.0
 * Update binary files to 2.0.8

common/option.sh

@@ -1,99 +1,13 @@
-keytest() {
-  ui_print " - Vol Key Test -"
-  ui_print "   Press Vol Up:"
-  (/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events) || return 1
-  return 0
-}
 
-chooseport() {
-  #note from chainfire @xda-developers: getevent behaves weird when piped, and busybox grep likes that even less than toolbox/toybox grep
-  while (true); do
-    /system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events
-    if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUME >/dev/null`); then
-      break
-    fi
-  done
-  if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUMEUP >/dev/null`); then
-    return 0
-  else
-    return 1
+CONFIG_FILE=/data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml
+
+  if ! [ -f "$CONFIG_FILE" ]; then
+    # ui_print "* Backing up config file"
+    # cp -afv $CONFIG_FILE $TMPDIR
+    # ui_print "* Restoring config files"
+    # cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE 
+    
+    cp -afv /data/media/0/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
+    sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
+    sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
   fi
-}
-
-chooseportold() {
-  # Calling it first time detects previous input. Calling it second time will do what we want
-  $KEYCHECK
-  $KEYCHECK
-  SEL=$?
-  if [ "$1" == "UP" ]; then
-    UP=$SEL
-  elif [ "$1" == "DOWN" ]; then
-    DOWN=$SEL
-  elif [ $SEL -eq $UP ]; then
-    return 0
-  elif [ $SEL -eq $DOWN ]; then
-    return 1
-  else
-    ui_print "   Vol key not detected!"
-    abort "   Use name change method in TWRP"
-  fi
-}
-
-# Keycheck binary by someone755 @Github, idea for code below by Zappo @xda-developers
-KEYCHECK=$TMPDIR/keycheck
-chmod 755 $KEYCHECK
-
-if keytest; then
-  FUNCTION=chooseport
-else
-  FUNCTION=chooseportold
-  ui_print "   ! Legacy device detected! Using old keycheck method"
-  ui_print " "
-  ui_print "- Vol Key Programming -"
-  ui_print "   Press Vol Up Again:"
-  $FUNCTION "UP"
-  ui_print "   Press Vol Down"
-  $FUNCTION "DOWN"
-fi
-
-ui_print " "
-ui_print " Vol+ = Replace previous config (mandatory for first install)"
-ui_print " "
-ui_print " Vol- = Use previous config"
-ui_print " "
-
-CONFIG_FILE=$MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
-
-if $FUNCTION; then
-  ui_print "Replace old config"
-  ui_print " "
-  cp -af $MODPATH/system/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
-  sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
-  sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
-else
-  if [ -f "$CONFIG_FILE" ]; then
-    ui_print "* Backing up config file"
-    cp -af $CONFIG_FILE $TMPDIR
-    ui_print "* Restoring config files"
-    cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE 
-  else
-    abort "First install have to choose replace mode"
-  fi
-fi
-
-ui_print " "
-ui_print " Vol+ = Auto redirect DNS request with iptables"
-ui_print " "
-ui_print " Vol- = Set DNS manually with 3rd-party app"
-ui_print " "
-
-if $FUNCTION; then
-  ui_print " "
-  ui_print " Auto mode"
-else
-  ui_print " "
-  ui_print " Manual mode"
-  ui_print " deleting iptables rules"
-  sed -i -e '/for/,$d' $TMPDIR/service.sh
-  sed -i -e "s/'127.0.0.1.*'/'127.0.0.1:53', '[::1]:53'/g" $MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
-fi

common/service.sh

@@ -6,18 +6,18 @@
 # if Magisk change its mount point in the future
 MODDIR=${0%/*}
 
-for i in 1 2 3 4 5 6 7 8 9 10 11 12; do
-	ping -c 1 download.dnscrypt.info
-	if [[ $? == 0 ]];
-	then
-		$MODDIR/system/bin/dnscrypt-proxy -config $MODDIR/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml &
-		sleep 15
-		iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
-		iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
-		ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
-		ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
-		break;
-	else
-		sleep 5
-	fi
-done
+# change config directory from /system/etc to /data/media/0/dnscrypt-proxy
+# /sdcard is softlink to /data/media/0 in lineageos 16. 
+#Check, every 15 seconds. whether an instance of dnscrypt-proxy is running,if not, keep looping
+# till network is available & start dnscrypt-proxy.
+
+	while ! [ `pgrep -x dnscrypt-proxy` ] ; do
+		$MODDIR/system/bin/dnscrypt-proxy -config  /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml && sleep 15;
+	done
+
+#IPTABLES
+# let dnscrypt-proxy do its job only. Let the user decide how to do the "redirection of dns request".
+#		iptables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+#		iptables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
+#		ip6tables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
+#		ip6tables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354

config/example-dnscrypt-proxy.toml

@@ -38,7 +38,7 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
 
 ## Maximum number of simultaneous client connections to accept
 
-max_clients = 150
+max_clients = 250
 
 
 ## Switch to a different system user after listening sockets have been created.
@@ -103,7 +103,7 @@ force_tcp = false
 
 ## How long a DNS query will wait for a response, in milliseconds
 
-timeout = 1500
+timeout = 2500
 
 
 ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
@@ -173,7 +173,7 @@ cert_refresh_delay = 240
 ## Keep tls_cipher_suite empty if you have issues fetching sources or
 ## connecting to some DoH servers. Google and Cloudflare are fine with it.
 
-tls_cipher_suite = [52392, 49199]
+# tls_cipher_suite = [52392, 49199]
 
 
 ## Fallback resolver
@@ -230,7 +230,7 @@ netprobe_address = "9.9.9.9:53"
 ## Automatic log files rotation
 
 # Maximum log files size in MB
-log_files_max_size = 1
+log_files_max_size = 10
 
 # How long to keep backup files, in days
 log_files_max_age = 7

config/public-resolvers.md.txt

@@ -0,0 +1,2 @@
+@ The file "public-resolvers.md" is the cache file which gets updated dynamically.
+#This file is only a placeholder for reference to developer(s) of previous versions.

install.sh

@@ -127,8 +127,8 @@ print_modname() {
   ui_print "*       DNSCrypt-Proxy2       *"
   ui_print "*        Magisk Module        *"
   ui_print "*******************************"
-  ui_print "*           v2.8.7            *"
-  ui_print "*          bluemeda           *"
+  ui_print "*            v2.8.7           *"
+  ui_print "*           bluemeda          *"
   ui_print "*******************************"
   ui_print " "
 }
@@ -151,13 +151,13 @@ on_install() {
 
   CONFIG_PATH=$TMPDIR/config
 
-  unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR 2>/dev/null
+  unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR
 
   ui_print "* Creating binary path"
-  mkdir -p $MODPATH/system/bin 2>/dev/null
+  mkdir -p $MODPATH/system/bin
 
   ui_print "* Creating config path"
-  mkdir -p $MODPATH/system/etc/dnscrypt-proxy 2>/dev/null
+  mkdir -p /data/media/0/dnscrypt-proxy
 
   if [ -f "$BINARY_PATH" ]; then
     ui_print "* Copying binary for $ARCH"
@@ -168,7 +168,7 @@ on_install() {
 
   if [ -d "$CONFIG_PATH" ]; then
     ui_print "* Copying example and license files"
-    cp -af $CONFIG_PATH/* $MODPATH/system/etc/dnscrypt-proxy
+    cp -af $CONFIG_PATH/* /data/media/0/dnscrypt-proxy/
   else
     abort "Config file is missing!"
   fi