This commit is contained in:
bluemeda 2019-06-16 03:18:38 +07:00
commit 74a760ebb2
9 changed files with 57 additions and 1199 deletions

View File

@ -9,33 +9,33 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
## Installation ## Installation
- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions. - Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
- There are two option in installation progress.
### Auto redirect DNS queries using `iptables`
Just flash and forget.
### Set DNS server manually with 3rd-party app (not included in this module) ### Set DNS server manually with 3rd-party app (not included in this module)
- DNS server address is 127.0.0.1:53 for ipv4 and [::1]:53 for ipv6 - DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
- If you use AfWall, you can write this enter custom script - If you use AfWall, you can write this enter custom script
``` ```
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53 iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53 iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53 ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53 ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
``` ```
and this shutdown script and this shutdown script
``` ```
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53 iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53 iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53 ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53 ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
``` ```
## Configuration (post-installing) ## Configuration (post-installing)
- Configuration located on `/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml` - Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
- For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration) - For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
## Changelog ## Changelog
### v2.8.7 ### v2.8.7
- Update binaries to 2.0.25 - changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard]
- updated binary & configuration files to 2.0.25
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
### v2.8.5 ### v2.8.5
- Fix #40 - Fix #40
### v2.8.4 ### v2.8.4
@ -56,6 +56,4 @@ Just flash and forget.
## Credit ## Credit
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy) - DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
- Keycheck binary | [someone755](https://github.com/someone755/kerneller/tree/master/extract/tools)
- Idea for keycheck code implementation | [Zappo @xda-developers](https://forum.xda-developers.com/showpost.php?p=71016567&postcount=98)
- [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors) - [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)

View File

@ -1,6 +1,9 @@
# Changelog # Changelog
## Changelog
### v2.8.7 ### v2.8.7
- Update binaries to 2.0.25 - changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
- updated binary & configuration files to 2.0.25
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
### v2.8.5 ### v2.8.5
- Fix #40 - Fix #40
### v2.8.4 ### v2.8.4

Binary file not shown.

View File

@ -1,99 +1,13 @@
keytest() {
ui_print " - Vol Key Test -"
ui_print " Press Vol Up:"
(/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events) || return 1
return 0
}
chooseport() { CONFIG_FILE=/data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml
#note from chainfire @xda-developers: getevent behaves weird when piped, and busybox grep likes that even less than toolbox/toybox grep
while (true); do
/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events
if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUME >/dev/null`); then
break
fi
done
if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUMEUP >/dev/null`); then
return 0
else
return 1
fi
}
chooseportold() { if ! [ -f "$CONFIG_FILE" ]; then
# Calling it first time detects previous input. Calling it second time will do what we want # ui_print "* Backing up config file"
$KEYCHECK # cp -afv $CONFIG_FILE $TMPDIR
$KEYCHECK # ui_print "* Restoring config files"
SEL=$? # cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE
if [ "$1" == "UP" ]; then
UP=$SEL
elif [ "$1" == "DOWN" ]; then
DOWN=$SEL
elif [ $SEL -eq $UP ]; then
return 0
elif [ $SEL -eq $DOWN ]; then
return 1
else
ui_print " Vol key not detected!"
abort " Use name change method in TWRP"
fi
}
# Keycheck binary by someone755 @Github, idea for code below by Zappo @xda-developers cp -afv /data/media/0/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
KEYCHECK=$TMPDIR/keycheck
chmod 755 $KEYCHECK
if keytest; then
FUNCTION=chooseport
else
FUNCTION=chooseportold
ui_print " ! Legacy device detected! Using old keycheck method"
ui_print " "
ui_print "- Vol Key Programming -"
ui_print " Press Vol Up Again:"
$FUNCTION "UP"
ui_print " Press Vol Down"
$FUNCTION "DOWN"
fi
ui_print " "
ui_print " Vol+ = Replace previous config (mandatory for first install)"
ui_print " "
ui_print " Vol- = Use previous config"
ui_print " "
CONFIG_FILE=$MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
if $FUNCTION; then
ui_print "Replace old config"
ui_print " "
cp -af $MODPATH/system/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
else
if [ -f "$CONFIG_FILE" ]; then
ui_print "* Backing up config file"
cp -af $CONFIG_FILE $TMPDIR
ui_print "* Restoring config files"
cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE
else
abort "First install have to choose replace mode"
fi
fi
ui_print " "
ui_print " Vol+ = Auto redirect DNS request with iptables"
ui_print " "
ui_print " Vol- = Set DNS manually with 3rd-party app"
ui_print " "
if $FUNCTION; then
ui_print " "
ui_print " Auto mode"
else
ui_print " "
ui_print " Manual mode"
ui_print " deleting iptables rules"
sed -i -e '/for/,$d' $TMPDIR/service.sh
sed -i -e "s/'127.0.0.1.*'/'127.0.0.1:53', '[::1]:53'/g" $MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
fi fi

View File

@ -6,18 +6,18 @@
# if Magisk change its mount point in the future # if Magisk change its mount point in the future
MODDIR=${0%/*} MODDIR=${0%/*}
for i in 1 2 3 4 5 6 7 8 9 10 11 12; do # change config directory from /system/etc to /data/media/0/dnscrypt-proxy
ping -c 1 download.dnscrypt.info # /sdcard is softlink to /data/media/0 in lineageos 16.
if [[ $? == 0 ]]; #Check, every 15 seconds. whether an instance of dnscrypt-proxy is running,if not, keep looping
then # till network is available & start dnscrypt-proxy.
$MODDIR/system/bin/dnscrypt-proxy -config $MODDIR/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml &
sleep 15 while ! [ `pgrep -x dnscrypt-proxy` ] ; do
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354 $MODDIR/system/bin/dnscrypt-proxy -config /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml && sleep 15;
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
break;
else
sleep 5
fi
done done
#IPTABLES
# let dnscrypt-proxy do its job only. Let the user decide how to do the "redirection of dns request".
# iptables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
# iptables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
# ip6tables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
# ip6tables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354

View File

@ -38,7 +38,7 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
## Maximum number of simultaneous client connections to accept ## Maximum number of simultaneous client connections to accept
max_clients = 150 max_clients = 250
## Switch to a different system user after listening sockets have been created. ## Switch to a different system user after listening sockets have been created.
@ -103,7 +103,7 @@ force_tcp = false
## How long a DNS query will wait for a response, in milliseconds ## How long a DNS query will wait for a response, in milliseconds
timeout = 1500 timeout = 2500
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
@ -173,7 +173,7 @@ cert_refresh_delay = 240
## Keep tls_cipher_suite empty if you have issues fetching sources or ## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. Google and Cloudflare are fine with it. ## connecting to some DoH servers. Google and Cloudflare are fine with it.
tls_cipher_suite = [52392, 49199] # tls_cipher_suite = [52392, 49199]
## Fallback resolver ## Fallback resolver
@ -230,7 +230,7 @@ netprobe_address = "9.9.9.9:53"
## Automatic log files rotation ## Automatic log files rotation
# Maximum log files size in MB # Maximum log files size in MB
log_files_max_size = 1 log_files_max_size = 10
# How long to keep backup files, in days # How long to keep backup files, in days
log_files_max_age = 7 log_files_max_age = 7

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,2 @@
@ The file "public-resolvers.md" is the cache file which gets updated dynamically.
#This file is only a placeholder for reference to developer(s) of previous versions.

View File

@ -151,13 +151,13 @@ on_install() {
CONFIG_PATH=$TMPDIR/config CONFIG_PATH=$TMPDIR/config
unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR 2>/dev/null unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR
ui_print "* Creating binary path" ui_print "* Creating binary path"
mkdir -p $MODPATH/system/bin 2>/dev/null mkdir -p $MODPATH/system/bin
ui_print "* Creating config path" ui_print "* Creating config path"
mkdir -p $MODPATH/system/etc/dnscrypt-proxy 2>/dev/null mkdir -p /data/media/0/dnscrypt-proxy
if [ -f "$BINARY_PATH" ]; then if [ -f "$BINARY_PATH" ]; then
ui_print "* Copying binary for $ARCH" ui_print "* Copying binary for $ARCH"
@ -168,7 +168,7 @@ on_install() {
if [ -d "$CONFIG_PATH" ]; then if [ -d "$CONFIG_PATH" ]; then
ui_print "* Copying example and license files" ui_print "* Copying example and license files"
cp -af $CONFIG_PATH/* $MODPATH/system/etc/dnscrypt-proxy cp -af $CONFIG_PATH/* /data/media/0/dnscrypt-proxy/
else else
abort "Config file is missing!" abort "Config file is missing!"
fi fi