Merge branch 'lindroidux-master'
This commit is contained in:
commit
afb2c0167a
30
README.md
30
README.md
|
@ -9,33 +9,33 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
|
|||
|
||||
## Installation
|
||||
- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
|
||||
- There are two option in installation progress.
|
||||
### Auto redirect DNS queries using `iptables`
|
||||
Just flash and forget.
|
||||
|
||||
### Set DNS server manually with 3rd-party app (not included in this module)
|
||||
- DNS server address is 127.0.0.1:53 for ipv4 and [::1]:53 for ipv6
|
||||
- DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
|
||||
- If you use AfWall, you can write this enter custom script
|
||||
```
|
||||
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
||||
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
||||
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
||||
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
||||
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
```
|
||||
and this shutdown script
|
||||
```
|
||||
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
||||
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
||||
ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
||||
ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
||||
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
```
|
||||
|
||||
## Configuration (post-installing)
|
||||
- Configuration located on `/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml`
|
||||
- Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
|
||||
- For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
|
||||
|
||||
## Changelog
|
||||
### v2.8.7
|
||||
- Update binaries to 2.0.25
|
||||
- changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard]
|
||||
- updated binary & configuration files to 2.0.25
|
||||
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
|
||||
### v2.8.5
|
||||
- Fix #40
|
||||
### v2.8.4
|
||||
|
@ -56,6 +56,4 @@ Just flash and forget.
|
|||
|
||||
## Credit
|
||||
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
|
||||
- Keycheck binary | [someone755](https://github.com/someone755/kerneller/tree/master/extract/tools)
|
||||
- Idea for keycheck code implementation | [Zappo @xda-developers](https://forum.xda-developers.com/showpost.php?p=71016567&postcount=98)
|
||||
- [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
# Changelog
|
||||
## Changelog
|
||||
### v2.8.7
|
||||
- Update binaries to 2.0.25
|
||||
- changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
|
||||
- updated binary & configuration files to 2.0.25
|
||||
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
|
||||
### v2.8.5
|
||||
- Fix #40
|
||||
### v2.8.4
|
||||
|
@ -24,7 +27,7 @@
|
|||
## v2.4.0
|
||||
* Update binary files to 2.0.14
|
||||
## v2.3.0
|
||||
* Update binary files to 2.0.10
|
||||
* Update binary files to 2.0.10
|
||||
* Add option to choose auto redirect DNS or manually set with 3rd-party app.
|
||||
## v2.2.0
|
||||
* Update binary files to 2.0.8
|
||||
|
|
BIN
common/keycheck
BIN
common/keycheck
Binary file not shown.
108
common/option.sh
108
common/option.sh
|
@ -1,99 +1,13 @@
|
|||
keytest() {
|
||||
ui_print " - Vol Key Test -"
|
||||
ui_print " Press Vol Up:"
|
||||
(/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events) || return 1
|
||||
return 0
|
||||
}
|
||||
|
||||
chooseport() {
|
||||
#note from chainfire @xda-developers: getevent behaves weird when piped, and busybox grep likes that even less than toolbox/toybox grep
|
||||
while (true); do
|
||||
/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events
|
||||
if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUME >/dev/null`); then
|
||||
break
|
||||
fi
|
||||
done
|
||||
if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUMEUP >/dev/null`); then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
CONFIG_FILE=/data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
|
||||
if ! [ -f "$CONFIG_FILE" ]; then
|
||||
# ui_print "* Backing up config file"
|
||||
# cp -afv $CONFIG_FILE $TMPDIR
|
||||
# ui_print "* Restoring config files"
|
||||
# cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE
|
||||
|
||||
cp -afv /data/media/0/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
|
||||
sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
|
||||
sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
|
||||
fi
|
||||
}
|
||||
|
||||
chooseportold() {
|
||||
# Calling it first time detects previous input. Calling it second time will do what we want
|
||||
$KEYCHECK
|
||||
$KEYCHECK
|
||||
SEL=$?
|
||||
if [ "$1" == "UP" ]; then
|
||||
UP=$SEL
|
||||
elif [ "$1" == "DOWN" ]; then
|
||||
DOWN=$SEL
|
||||
elif [ $SEL -eq $UP ]; then
|
||||
return 0
|
||||
elif [ $SEL -eq $DOWN ]; then
|
||||
return 1
|
||||
else
|
||||
ui_print " Vol key not detected!"
|
||||
abort " Use name change method in TWRP"
|
||||
fi
|
||||
}
|
||||
|
||||
# Keycheck binary by someone755 @Github, idea for code below by Zappo @xda-developers
|
||||
KEYCHECK=$TMPDIR/keycheck
|
||||
chmod 755 $KEYCHECK
|
||||
|
||||
if keytest; then
|
||||
FUNCTION=chooseport
|
||||
else
|
||||
FUNCTION=chooseportold
|
||||
ui_print " ! Legacy device detected! Using old keycheck method"
|
||||
ui_print " "
|
||||
ui_print "- Vol Key Programming -"
|
||||
ui_print " Press Vol Up Again:"
|
||||
$FUNCTION "UP"
|
||||
ui_print " Press Vol Down"
|
||||
$FUNCTION "DOWN"
|
||||
fi
|
||||
|
||||
ui_print " "
|
||||
ui_print " Vol+ = Replace previous config (mandatory for first install)"
|
||||
ui_print " "
|
||||
ui_print " Vol- = Use previous config"
|
||||
ui_print " "
|
||||
|
||||
CONFIG_FILE=$MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
|
||||
if $FUNCTION; then
|
||||
ui_print "Replace old config"
|
||||
ui_print " "
|
||||
cp -af $MODPATH/system/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
|
||||
sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
|
||||
sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
|
||||
else
|
||||
if [ -f "$CONFIG_FILE" ]; then
|
||||
ui_print "* Backing up config file"
|
||||
cp -af $CONFIG_FILE $TMPDIR
|
||||
ui_print "* Restoring config files"
|
||||
cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE
|
||||
else
|
||||
abort "First install have to choose replace mode"
|
||||
fi
|
||||
fi
|
||||
|
||||
ui_print " "
|
||||
ui_print " Vol+ = Auto redirect DNS request with iptables"
|
||||
ui_print " "
|
||||
ui_print " Vol- = Set DNS manually with 3rd-party app"
|
||||
ui_print " "
|
||||
|
||||
if $FUNCTION; then
|
||||
ui_print " "
|
||||
ui_print " Auto mode"
|
||||
else
|
||||
ui_print " "
|
||||
ui_print " Manual mode"
|
||||
ui_print " deleting iptables rules"
|
||||
sed -i -e '/for/,$d' $TMPDIR/service.sh
|
||||
sed -i -e "s/'127.0.0.1.*'/'127.0.0.1:53', '[::1]:53'/g" $MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||
fi
|
||||
|
|
|
@ -6,18 +6,18 @@
|
|||
# if Magisk change its mount point in the future
|
||||
MODDIR=${0%/*}
|
||||
|
||||
for i in 1 2 3 4 5 6 7 8 9 10 11 12; do
|
||||
ping -c 1 download.dnscrypt.info
|
||||
if [[ $? == 0 ]];
|
||||
then
|
||||
$MODDIR/system/bin/dnscrypt-proxy -config $MODDIR/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml &
|
||||
sleep 15
|
||||
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
break;
|
||||
else
|
||||
sleep 5
|
||||
fi
|
||||
done
|
||||
# change config directory from /system/etc to /data/media/0/dnscrypt-proxy
|
||||
# /sdcard is softlink to /data/media/0 in lineageos 16.
|
||||
#Check, every 15 seconds. whether an instance of dnscrypt-proxy is running,if not, keep looping
|
||||
# till network is available & start dnscrypt-proxy.
|
||||
|
||||
while ! [ `pgrep -x dnscrypt-proxy` ] ; do
|
||||
$MODDIR/system/bin/dnscrypt-proxy -config /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml && sleep 15;
|
||||
done
|
||||
|
||||
#IPTABLES
|
||||
# let dnscrypt-proxy do its job only. Let the user decide how to do the "redirection of dns request".
|
||||
# iptables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
# iptables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
# ip6tables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
# ip6tables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
|
|
|
@ -38,7 +38,7 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
|||
|
||||
## Maximum number of simultaneous client connections to accept
|
||||
|
||||
max_clients = 150
|
||||
max_clients = 250
|
||||
|
||||
|
||||
## Switch to a different system user after listening sockets have been created.
|
||||
|
@ -103,7 +103,7 @@ force_tcp = false
|
|||
|
||||
## How long a DNS query will wait for a response, in milliseconds
|
||||
|
||||
timeout = 1500
|
||||
timeout = 2500
|
||||
|
||||
|
||||
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
|
||||
|
@ -173,7 +173,7 @@ cert_refresh_delay = 240
|
|||
## Keep tls_cipher_suite empty if you have issues fetching sources or
|
||||
## connecting to some DoH servers. Google and Cloudflare are fine with it.
|
||||
|
||||
tls_cipher_suite = [52392, 49199]
|
||||
# tls_cipher_suite = [52392, 49199]
|
||||
|
||||
|
||||
## Fallback resolver
|
||||
|
@ -230,7 +230,7 @@ netprobe_address = "9.9.9.9:53"
|
|||
## Automatic log files rotation
|
||||
|
||||
# Maximum log files size in MB
|
||||
log_files_max_size = 1
|
||||
log_files_max_size = 10
|
||||
|
||||
# How long to keep backup files, in days
|
||||
log_files_max_age = 7
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,2 @@
|
|||
@ The file "public-resolvers.md" is the cache file which gets updated dynamically.
|
||||
#This file is only a placeholder for reference to developer(s) of previous versions.
|
12
install.sh
12
install.sh
|
@ -127,8 +127,8 @@ print_modname() {
|
|||
ui_print "* DNSCrypt-Proxy2 *"
|
||||
ui_print "* Magisk Module *"
|
||||
ui_print "*******************************"
|
||||
ui_print "* v2.8.7 *"
|
||||
ui_print "* bluemeda *"
|
||||
ui_print "* v2.8.7 *"
|
||||
ui_print "* bluemeda *"
|
||||
ui_print "*******************************"
|
||||
ui_print " "
|
||||
}
|
||||
|
@ -151,13 +151,13 @@ on_install() {
|
|||
|
||||
CONFIG_PATH=$TMPDIR/config
|
||||
|
||||
unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR 2>/dev/null
|
||||
unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR
|
||||
|
||||
ui_print "* Creating binary path"
|
||||
mkdir -p $MODPATH/system/bin 2>/dev/null
|
||||
mkdir -p $MODPATH/system/bin
|
||||
|
||||
ui_print "* Creating config path"
|
||||
mkdir -p $MODPATH/system/etc/dnscrypt-proxy 2>/dev/null
|
||||
mkdir -p /data/media/0/dnscrypt-proxy
|
||||
|
||||
if [ -f "$BINARY_PATH" ]; then
|
||||
ui_print "* Copying binary for $ARCH"
|
||||
|
@ -168,7 +168,7 @@ on_install() {
|
|||
|
||||
if [ -d "$CONFIG_PATH" ]; then
|
||||
ui_print "* Copying example and license files"
|
||||
cp -af $CONFIG_PATH/* $MODPATH/system/etc/dnscrypt-proxy
|
||||
cp -af $CONFIG_PATH/* /data/media/0/dnscrypt-proxy/
|
||||
else
|
||||
abort "Config file is missing!"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue