Merge branch 'lindroidux-master'
This commit is contained in:
commit
afb2c0167a
30
README.md
30
README.md
|
@ -9,33 +9,33 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
|
- Download [.zip module](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy-magisk/releases), flash it in Magisk Manager App or in Recovery and follow the instructions.
|
||||||
- There are two option in installation progress.
|
|
||||||
### Auto redirect DNS queries using `iptables`
|
|
||||||
Just flash and forget.
|
|
||||||
### Set DNS server manually with 3rd-party app (not included in this module)
|
### Set DNS server manually with 3rd-party app (not included in this module)
|
||||||
- DNS server address is 127.0.0.1:53 for ipv4 and [::1]:53 for ipv6
|
- DNS server address is 127.0.0.1:5354 for ipv4 and [::1]:5354 for ipv6
|
||||||
- If you use AfWall, you can write this enter custom script
|
- If you use AfWall, you can write this enter custom script
|
||||||
```
|
```
|
||||||
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||||
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||||
```
|
```
|
||||||
and this shutdown script
|
and this shutdown script
|
||||||
```
|
```
|
||||||
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
iptables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
iptables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
ip6tables -t nat -D OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||||
ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:53
|
ip6tables -t nat -D OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration (post-installing)
|
## Configuration (post-installing)
|
||||||
- Configuration located on `/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml`
|
- Configuration located on `/sdcard/dnscrypt-proxy/dnscrypt-proxy.toml` [or /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml]
|
||||||
- For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
|
- For more detailed configuration please refer to [official documentation](https://github.com/jedisct1/dnscrypt-proxy/wiki/Configuration)
|
||||||
|
|
||||||
## Changelog
|
## Changelog
|
||||||
### v2.8.7
|
### v2.8.7
|
||||||
- Update binaries to 2.0.25
|
- changed path of configuration file [dnscrypt-toml] from /system/etc/ to /data/media/0/ [or /sdcard]
|
||||||
|
- updated binary & configuration files to 2.0.25
|
||||||
|
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
|
||||||
### v2.8.5
|
### v2.8.5
|
||||||
- Fix #40
|
- Fix #40
|
||||||
### v2.8.4
|
### v2.8.4
|
||||||
|
@ -56,6 +56,4 @@ Just flash and forget.
|
||||||
|
|
||||||
## Credit
|
## Credit
|
||||||
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
|
- DNSCrypt-Proxy2 upstream | [jedisct1](https://github.com/jedisct1/dnscrypt-proxy)
|
||||||
- Keycheck binary | [someone755](https://github.com/someone755/kerneller/tree/master/extract/tools)
|
|
||||||
- Idea for keycheck code implementation | [Zappo @xda-developers](https://forum.xda-developers.com/showpost.php?p=71016567&postcount=98)
|
|
||||||
- [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)
|
- [All contributor](https://github.com/Magisk-Modules-Repo/dnscrypt-proxy/graphs/contributors)
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
|
## Changelog
|
||||||
### v2.8.7
|
### v2.8.7
|
||||||
- Update binaries to 2.0.25
|
- changed path of configuration file [dnscrypt.toml] from /system/etc/ to /data/media/0/ [or /sdcard]
|
||||||
|
- updated binary & configuration files to 2.0.25
|
||||||
|
- Removed automatic redirection of dns-request and let dnscrypt-proxy do its job only.
|
||||||
### v2.8.5
|
### v2.8.5
|
||||||
- Fix #40
|
- Fix #40
|
||||||
### v2.8.4
|
### v2.8.4
|
||||||
|
|
BIN
common/keycheck
BIN
common/keycheck
Binary file not shown.
100
common/option.sh
100
common/option.sh
|
@ -1,99 +1,13 @@
|
||||||
keytest() {
|
|
||||||
ui_print " - Vol Key Test -"
|
|
||||||
ui_print " Press Vol Up:"
|
|
||||||
(/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events) || return 1
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
chooseport() {
|
CONFIG_FILE=/data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml
|
||||||
#note from chainfire @xda-developers: getevent behaves weird when piped, and busybox grep likes that even less than toolbox/toybox grep
|
|
||||||
while (true); do
|
|
||||||
/system/bin/getevent -lc 1 2>&1 | /system/bin/grep VOLUME | /system/bin/grep " DOWN" > $TMPDIR/events
|
|
||||||
if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUME >/dev/null`); then
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
if (`cat $TMPDIR/events 2>/dev/null | /system/bin/grep VOLUMEUP >/dev/null`); then
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
chooseportold() {
|
if ! [ -f "$CONFIG_FILE" ]; then
|
||||||
# Calling it first time detects previous input. Calling it second time will do what we want
|
# ui_print "* Backing up config file"
|
||||||
$KEYCHECK
|
# cp -afv $CONFIG_FILE $TMPDIR
|
||||||
$KEYCHECK
|
# ui_print "* Restoring config files"
|
||||||
SEL=$?
|
# cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE
|
||||||
if [ "$1" == "UP" ]; then
|
|
||||||
UP=$SEL
|
|
||||||
elif [ "$1" == "DOWN" ]; then
|
|
||||||
DOWN=$SEL
|
|
||||||
elif [ $SEL -eq $UP ]; then
|
|
||||||
return 0
|
|
||||||
elif [ $SEL -eq $DOWN ]; then
|
|
||||||
return 1
|
|
||||||
else
|
|
||||||
ui_print " Vol key not detected!"
|
|
||||||
abort " Use name change method in TWRP"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Keycheck binary by someone755 @Github, idea for code below by Zappo @xda-developers
|
cp -afv /data/media/0/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
|
||||||
KEYCHECK=$TMPDIR/keycheck
|
|
||||||
chmod 755 $KEYCHECK
|
|
||||||
|
|
||||||
if keytest; then
|
|
||||||
FUNCTION=chooseport
|
|
||||||
else
|
|
||||||
FUNCTION=chooseportold
|
|
||||||
ui_print " ! Legacy device detected! Using old keycheck method"
|
|
||||||
ui_print " "
|
|
||||||
ui_print "- Vol Key Programming -"
|
|
||||||
ui_print " Press Vol Up Again:"
|
|
||||||
$FUNCTION "UP"
|
|
||||||
ui_print " Press Vol Down"
|
|
||||||
$FUNCTION "DOWN"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ui_print " "
|
|
||||||
ui_print " Vol+ = Replace previous config (mandatory for first install)"
|
|
||||||
ui_print " "
|
|
||||||
ui_print " Vol- = Use previous config"
|
|
||||||
ui_print " "
|
|
||||||
|
|
||||||
CONFIG_FILE=$MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
|
||||||
|
|
||||||
if $FUNCTION; then
|
|
||||||
ui_print "Replace old config"
|
|
||||||
ui_print " "
|
|
||||||
cp -af $MODPATH/system/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml $CONFIG_FILE
|
|
||||||
sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
|
sed -i -e 's/127.0.0.1:53/127.0.0.1:5354/g' $CONFIG_FILE
|
||||||
sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
|
sed -i -e 's/\[::1\]:53/\[::1\]:5354/g' $CONFIG_FILE
|
||||||
else
|
|
||||||
if [ -f "$CONFIG_FILE" ]; then
|
|
||||||
ui_print "* Backing up config file"
|
|
||||||
cp -af $CONFIG_FILE $TMPDIR
|
|
||||||
ui_print "* Restoring config files"
|
|
||||||
cp -af $TMPDIR/dnscrypt-proxy.toml $CONFIG_FILE
|
|
||||||
else
|
|
||||||
abort "First install have to choose replace mode"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
ui_print " "
|
|
||||||
ui_print " Vol+ = Auto redirect DNS request with iptables"
|
|
||||||
ui_print " "
|
|
||||||
ui_print " Vol- = Set DNS manually with 3rd-party app"
|
|
||||||
ui_print " "
|
|
||||||
|
|
||||||
if $FUNCTION; then
|
|
||||||
ui_print " "
|
|
||||||
ui_print " Auto mode"
|
|
||||||
else
|
|
||||||
ui_print " "
|
|
||||||
ui_print " Manual mode"
|
|
||||||
ui_print " deleting iptables rules"
|
|
||||||
sed -i -e '/for/,$d' $TMPDIR/service.sh
|
|
||||||
sed -i -e "s/'127.0.0.1.*'/'127.0.0.1:53', '[::1]:53'/g" $MODPATH/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -6,18 +6,18 @@
|
||||||
# if Magisk change its mount point in the future
|
# if Magisk change its mount point in the future
|
||||||
MODDIR=${0%/*}
|
MODDIR=${0%/*}
|
||||||
|
|
||||||
for i in 1 2 3 4 5 6 7 8 9 10 11 12; do
|
# change config directory from /system/etc to /data/media/0/dnscrypt-proxy
|
||||||
ping -c 1 download.dnscrypt.info
|
# /sdcard is softlink to /data/media/0 in lineageos 16.
|
||||||
if [[ $? == 0 ]];
|
#Check, every 15 seconds. whether an instance of dnscrypt-proxy is running,if not, keep looping
|
||||||
then
|
# till network is available & start dnscrypt-proxy.
|
||||||
$MODDIR/system/bin/dnscrypt-proxy -config $MODDIR/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml &
|
|
||||||
sleep 15
|
while ! [ `pgrep -x dnscrypt-proxy` ] ; do
|
||||||
iptables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
$MODDIR/system/bin/dnscrypt-proxy -config /data/media/0/dnscrypt-proxy/dnscrypt-proxy.toml && sleep 15;
|
||||||
iptables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
|
||||||
ip6tables -t nat -A OUTPUT -p tcp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
|
||||||
ip6tables -t nat -A OUTPUT -p udp ! -d 9.9.9.9 --dport 53 -j DNAT --to-destination [::1]:5354
|
|
||||||
break;
|
|
||||||
else
|
|
||||||
sleep 5
|
|
||||||
fi
|
|
||||||
done
|
done
|
||||||
|
|
||||||
|
#IPTABLES
|
||||||
|
# let dnscrypt-proxy do its job only. Let the user decide how to do the "redirection of dns request".
|
||||||
|
# iptables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
|
# iptables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||||
|
# ip6tables -t nat -A OUTPUT -p tcp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||||
|
# ip6tables -t nat -A OUTPUT -p udp ! -d 1.1.1.1 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||||
|
|
|
@ -38,7 +38,7 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
||||||
|
|
||||||
## Maximum number of simultaneous client connections to accept
|
## Maximum number of simultaneous client connections to accept
|
||||||
|
|
||||||
max_clients = 150
|
max_clients = 250
|
||||||
|
|
||||||
|
|
||||||
## Switch to a different system user after listening sockets have been created.
|
## Switch to a different system user after listening sockets have been created.
|
||||||
|
@ -103,7 +103,7 @@ force_tcp = false
|
||||||
|
|
||||||
## How long a DNS query will wait for a response, in milliseconds
|
## How long a DNS query will wait for a response, in milliseconds
|
||||||
|
|
||||||
timeout = 1500
|
timeout = 2500
|
||||||
|
|
||||||
|
|
||||||
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
|
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
|
||||||
|
@ -173,7 +173,7 @@ cert_refresh_delay = 240
|
||||||
## Keep tls_cipher_suite empty if you have issues fetching sources or
|
## Keep tls_cipher_suite empty if you have issues fetching sources or
|
||||||
## connecting to some DoH servers. Google and Cloudflare are fine with it.
|
## connecting to some DoH servers. Google and Cloudflare are fine with it.
|
||||||
|
|
||||||
tls_cipher_suite = [52392, 49199]
|
# tls_cipher_suite = [52392, 49199]
|
||||||
|
|
||||||
|
|
||||||
## Fallback resolver
|
## Fallback resolver
|
||||||
|
@ -230,7 +230,7 @@ netprobe_address = "9.9.9.9:53"
|
||||||
## Automatic log files rotation
|
## Automatic log files rotation
|
||||||
|
|
||||||
# Maximum log files size in MB
|
# Maximum log files size in MB
|
||||||
log_files_max_size = 1
|
log_files_max_size = 10
|
||||||
|
|
||||||
# How long to keep backup files, in days
|
# How long to keep backup files, in days
|
||||||
log_files_max_age = 7
|
log_files_max_age = 7
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,2 @@
|
||||||
|
@ The file "public-resolvers.md" is the cache file which gets updated dynamically.
|
||||||
|
#This file is only a placeholder for reference to developer(s) of previous versions.
|
|
@ -151,13 +151,13 @@ on_install() {
|
||||||
|
|
||||||
CONFIG_PATH=$TMPDIR/config
|
CONFIG_PATH=$TMPDIR/config
|
||||||
|
|
||||||
unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR 2>/dev/null
|
unzip -o "$ZIPFILE" 'config/*' 'binary/*' -d $TMPDIR
|
||||||
|
|
||||||
ui_print "* Creating binary path"
|
ui_print "* Creating binary path"
|
||||||
mkdir -p $MODPATH/system/bin 2>/dev/null
|
mkdir -p $MODPATH/system/bin
|
||||||
|
|
||||||
ui_print "* Creating config path"
|
ui_print "* Creating config path"
|
||||||
mkdir -p $MODPATH/system/etc/dnscrypt-proxy 2>/dev/null
|
mkdir -p /data/media/0/dnscrypt-proxy
|
||||||
|
|
||||||
if [ -f "$BINARY_PATH" ]; then
|
if [ -f "$BINARY_PATH" ]; then
|
||||||
ui_print "* Copying binary for $ARCH"
|
ui_print "* Copying binary for $ARCH"
|
||||||
|
@ -168,7 +168,7 @@ on_install() {
|
||||||
|
|
||||||
if [ -d "$CONFIG_PATH" ]; then
|
if [ -d "$CONFIG_PATH" ]; then
|
||||||
ui_print "* Copying example and license files"
|
ui_print "* Copying example and license files"
|
||||||
cp -af $CONFIG_PATH/* $MODPATH/system/etc/dnscrypt-proxy
|
cp -af $CONFIG_PATH/* /data/media/0/dnscrypt-proxy/
|
||||||
else
|
else
|
||||||
abort "Config file is missing!"
|
abort "Config file is missing!"
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue