Merge pull request #78 from whalechoi/master
[v1.0.14] Add USB guest proxy support, fix guest's dns request proxy.
This commit is contained in:
commit
8e81b4bf7b
@ -28,7 +28,7 @@ You can download the release installer zip file and install it via the Magisk Ma
|
||||
|
||||
`export V2RAY_LOCATION_ASSET=/data/v2ray; v2ray -test -config /data/v2ray/config.json` in android terminal or ssh.
|
||||
|
||||
- dnscrypt-proxy config file is store in `/data/v2ray/dnscrypt-proxy/` folder, you can update cn domains list via running the shell script `update-rules.sh` or if you dislike the default rules, you can edit them by yourself.
|
||||
- dnscrypt-proxy config file is store in `/data/v2ray/dnscrypt-proxy/` folder, you can update cn domains list via running the shell script `update-rules.sh` or if you dislike the default rules, you can edit them by yourself. ( If you want to disable dnscrypt-proxy, just delete the config file `/data/v2ray/dnscrypt-proxy/dnscrypt-proxy.toml` )
|
||||
|
||||
- Tips: Please notice that the default configuration has already set inbounds section to cooperate work with transparent proxy script. It is recommended that you only edit the first element of outbounds section to your proxy server and edit file `/data/v2ray/appid.list` to select which App to proxy.
|
||||
|
||||
@ -59,11 +59,11 @@ You can download the release installer zip file and install it via the Magisk Ma
|
||||
|
||||
|
||||
|
||||
#### Share transparent proxy to WiFi guest
|
||||
#### Share transparent proxy to WiFi guest or USB guest
|
||||
|
||||
- Transparent proxy is share to WiFi guest by default.
|
||||
- If you don't want to share proxy to WiFi guest, delete the file `/data/v2ray/softap.list` or empty it.
|
||||
- For most situation, Android WiFi hotspot interface is `softap0` . If your device is not conform to it , please write down the name of your WiFi hotspot name in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the name of WiFi hotspot interface )
|
||||
- If you don't want to share proxy to WiFi guest or USB guest, delete the file `/data/v2ray/softap.list` or empty it.
|
||||
- For most situation, Android WiFi hotspot subnet is `192.168.43.0/24`, and USB subnet is `192.168.42.0/24`. If your device is not conform to it , please write down the subnet you want proxy in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the subnet )
|
||||
|
||||
|
||||
|
||||
|
@ -55,7 +55,7 @@ rm "${download_v2ray_zip}"
|
||||
# copy v2ray data and config
|
||||
ui_print "- Copy V2Ray config and data files"
|
||||
[ -f /data/v2ray/softap.list ] || \
|
||||
echo "softap0" > /data/v2ray/softap.list
|
||||
echo "192.168.43.0/24" > /data/v2ray/softap.list
|
||||
[ -f /data/v2ray/resolv.conf ] || \
|
||||
unzip -j -o "${ZIPFILE}" "v2ray/etc/resolv.conf" -d /data/v2ray >&2
|
||||
unzip -j -o "${ZIPFILE}" "v2ray/etc/config.json.template" -d /data/v2ray >&2
|
||||
@ -85,11 +85,12 @@ echo "id=v2ray" > $MODPATH/module.prop
|
||||
echo "name=V2ray for Android" >> $MODPATH/module.prop
|
||||
echo -n "version=" >> $MODPATH/module.prop
|
||||
echo ${latest_v2ray_version} >> $MODPATH/module.prop
|
||||
echo "versionCode=20200815" >> $MODPATH/module.prop
|
||||
echo "versionCode=20200918" >> $MODPATH/module.prop
|
||||
echo "author=chendefine" >> $MODPATH/module.prop
|
||||
echo "description=V2ray core with service scripts for Android" >> $MODPATH/module.prop
|
||||
|
||||
inet_uid="3003"
|
||||
net_raw_uid="3004"
|
||||
set_perm_recursive $MODPATH 0 0 0755 0644
|
||||
set_perm $MODPATH/service.sh 0 0 0755
|
||||
set_perm $MODPATH/uninstall.sh 0 0 0755
|
||||
@ -98,7 +99,7 @@ set_perm $MODPATH/scripts/v2ray.inotify 0 0 0755
|
||||
set_perm $MODPATH/scripts/v2ray.service 0 0 0755
|
||||
set_perm $MODPATH/scripts/v2ray.tproxy 0 0 0755
|
||||
set_perm $MODPATH/scripts/dnscrypt-proxy.service 0 0 0755
|
||||
set_perm $MODPATH/system/bin/dnscrypt-proxy 0 0 0755
|
||||
set_perm $MODPATH/system/bin/v2ray ${inet_uid} ${inet_uid} 0755
|
||||
set_perm $MODPATH/system/bin/v2ctl ${inet_uid} ${inet_uid} 0755
|
||||
set_perm /data/v2ray ${inet_uid} ${inet_uid} 0755
|
||||
set_perm $MODPATH/system/bin/dnscrypt-proxy ${net_raw_uid} ${net_raw_uid} 0755
|
@ -1,6 +1,6 @@
|
||||
id=v2ray
|
||||
name=V2ray for Android
|
||||
version=latest_version
|
||||
versionCode=20200815
|
||||
versionCode=20200918
|
||||
author=chendefine
|
||||
description=V2ray core with service scripts for Android
|
||||
|
@ -1,183 +0,0 @@
|
||||
#!/sbin/sh
|
||||
|
||||
#################
|
||||
# Initialization
|
||||
#################
|
||||
|
||||
umask 022
|
||||
|
||||
# echo before loading util_functions
|
||||
ui_print() { echo "$1"; }
|
||||
|
||||
require_new_magisk() {
|
||||
ui_print "*******************************"
|
||||
ui_print " Please install Magisk v19.0+! "
|
||||
ui_print "*******************************"
|
||||
exit 1
|
||||
}
|
||||
|
||||
#########################
|
||||
# Load util_functions.sh
|
||||
#########################
|
||||
|
||||
OUTFD=$2
|
||||
ZIPFILE=$3
|
||||
|
||||
mount /data 2>/dev/null
|
||||
|
||||
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
|
||||
. /data/adb/magisk/util_functions.sh
|
||||
[ $MAGISK_VER_CODE -lt 19000 ] && require_new_magisk
|
||||
|
||||
if [ $MAGISK_VER_CODE -ge 20400 ]; then
|
||||
# New Magisk have complete installation logic within util_functions.sh
|
||||
install_module
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#################
|
||||
# Legacy Support
|
||||
#################
|
||||
|
||||
TMPDIR=/dev/tmp
|
||||
PERSISTDIR=/sbin/.magisk/mirror/persist
|
||||
|
||||
is_legacy_script() {
|
||||
unzip -l "$ZIPFILE" install.sh | grep -q install.sh
|
||||
return $?
|
||||
}
|
||||
|
||||
print_modname() {
|
||||
ui_print "*******************************"
|
||||
ui_print " V2Ray for Android "
|
||||
ui_print "*******************************"
|
||||
}
|
||||
|
||||
# Override abort as old scripts have some issues
|
||||
abort() {
|
||||
ui_print "$1"
|
||||
$BOOTMODE || recovery_cleanup
|
||||
[ -n $MODPATH ] && rm -rf $MODPATH
|
||||
rm -rf $TMPDIR
|
||||
exit 1
|
||||
}
|
||||
|
||||
rm -rf $TMPDIR 2>/dev/null
|
||||
mkdir -p $TMPDIR
|
||||
|
||||
# Preperation for flashable zips
|
||||
setup_flashable
|
||||
|
||||
# Mount partitions
|
||||
mount_partitions
|
||||
|
||||
# Detect version and architecture
|
||||
api_level_arch_detect
|
||||
|
||||
# Setup busybox and binaries
|
||||
$BOOTMODE && boot_actions || recovery_actions
|
||||
|
||||
##############
|
||||
# Preparation
|
||||
##############
|
||||
|
||||
# Extract prop file
|
||||
unzip -o "$ZIPFILE" module.prop -d $TMPDIR >&2
|
||||
[ ! -f $TMPDIR/module.prop ] && abort "! Unable to extract zip file!"
|
||||
|
||||
$BOOTMODE && MODDIRNAME=modules_update || MODDIRNAME=modules
|
||||
MODULEROOT=$NVBASE/$MODDIRNAME
|
||||
MODID=`grep_prop id $TMPDIR/module.prop`
|
||||
MODPATH=$MODULEROOT/$MODID
|
||||
MODNAME=`grep_prop name $TMPDIR/module.prop`
|
||||
|
||||
# Create mod paths
|
||||
rm -rf $MODPATH 2>/dev/null
|
||||
mkdir -p $MODPATH
|
||||
|
||||
##########
|
||||
# Install
|
||||
##########
|
||||
|
||||
if is_legacy_script; then
|
||||
unzip -oj "$ZIPFILE" module.prop install.sh uninstall.sh 'common/*' -d $TMPDIR >&2
|
||||
|
||||
# Load install script
|
||||
. $TMPDIR/install.sh
|
||||
|
||||
# Callbacks
|
||||
print_modname
|
||||
on_install
|
||||
|
||||
# Custom uninstaller
|
||||
[ -f $TMPDIR/uninstall.sh ] && cp -af $TMPDIR/uninstall.sh $MODPATH/uninstall.sh
|
||||
|
||||
# Skip mount
|
||||
$SKIPMOUNT && touch $MODPATH/skip_mount
|
||||
|
||||
# prop file
|
||||
$PROPFILE && cp -af $TMPDIR/system.prop $MODPATH/system.prop
|
||||
|
||||
# Module info
|
||||
cp -af $TMPDIR/module.prop $MODPATH/module.prop
|
||||
|
||||
# post-fs-data scripts
|
||||
$POSTFSDATA && cp -af $TMPDIR/post-fs-data.sh $MODPATH/post-fs-data.sh
|
||||
|
||||
# service scripts
|
||||
$LATESTARTSERVICE && cp -af $TMPDIR/service.sh $MODPATH/service.sh
|
||||
|
||||
ui_print "- Setting permissions"
|
||||
set_permissions
|
||||
else
|
||||
print_modname
|
||||
|
||||
unzip -o "$ZIPFILE" customize.sh -d $MODPATH >&2
|
||||
|
||||
if ! grep -q '^SKIPUNZIP=1$' $MODPATH/customize.sh 2>/dev/null; then
|
||||
ui_print "- Extracting module files"
|
||||
unzip -o "$ZIPFILE" -x 'META-INF/*' -d $MODPATH >&2
|
||||
|
||||
# Default permissions
|
||||
set_perm_recursive $MODPATH 0 0 0755 0644
|
||||
fi
|
||||
|
||||
# Load customization script
|
||||
[ -f $MODPATH/customize.sh ] && . $MODPATH/customize.sh
|
||||
fi
|
||||
|
||||
# Handle replace folders
|
||||
for TARGET in $REPLACE; do
|
||||
ui_print "- Replace target: $TARGET"
|
||||
mktouch $MODPATH$TARGET/.replace
|
||||
done
|
||||
|
||||
if $BOOTMODE; then
|
||||
# Update info for Magisk Manager
|
||||
mktouch $NVBASE/modules/$MODID/update
|
||||
cp -af $MODPATH/module.prop $NVBASE/modules/$MODID/module.prop
|
||||
fi
|
||||
|
||||
# Copy over custom sepolicy rules
|
||||
if [ -f $MODPATH/sepolicy.rule -a -e $PERSISTDIR ]; then
|
||||
ui_print "- Installing custom sepolicy patch"
|
||||
PERSISTMOD=$PERSISTDIR/magisk/$MODID
|
||||
mkdir -p $PERSISTMOD
|
||||
cp -af $MODPATH/sepolicy.rule $PERSISTMOD/sepolicy.rule
|
||||
fi
|
||||
|
||||
# Remove stuffs that don't belong to modules
|
||||
rm -rf \
|
||||
$MODPATH/system/placeholder $MODPATH/customize.sh \
|
||||
$MODPATH/README.md $MODPATH/.git* 2>/dev/null
|
||||
|
||||
#############
|
||||
# Finalizing
|
||||
#############
|
||||
|
||||
cd /
|
||||
$BOOTMODE || recovery_cleanup
|
||||
rm -rf $TMPDIR
|
||||
|
||||
ui_print "- Done"
|
||||
exit 0
|
@ -1,155 +0,0 @@
|
||||
// Config file of V2Ray. This file follows standard JSON format, with comments support.
|
||||
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
|
||||
// https://www.v2ray.com/
|
||||
{
|
||||
"log": {
|
||||
// By default, V2Ray writes access log to stdout.
|
||||
// "access": "/path/to/access/log/file",
|
||||
"access": "none",
|
||||
|
||||
// By default, V2Ray write error log to stdout.
|
||||
// "error": "/path/to/error/log/file",
|
||||
"error": "/data/v2ray/run/error.log",
|
||||
|
||||
// Log level, one of "debug", "info", "warning", "error", "none"
|
||||
"loglevel": "warning"
|
||||
},
|
||||
// List of inbound proxy configurations.
|
||||
"inbounds": [{
|
||||
// Port to listen on. You may need root access if the value is less than 1024.
|
||||
"port": 65535,
|
||||
|
||||
// IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
|
||||
"listen": "0.0.0.0",
|
||||
|
||||
// Tag of the inbound proxy. May be used for routing.
|
||||
"tag": "proxy-inbound",
|
||||
|
||||
// Protocol name of inbound proxy.
|
||||
"protocol": "dokodemo-door",
|
||||
|
||||
// Settings of the protocol. Varies based on protocol.
|
||||
"settings": {
|
||||
// Disable timeout setting for keeping persistent connection. Such as FCM.
|
||||
// "timeout": 10,
|
||||
"network": "tcp,udp",
|
||||
"followRedirect": true
|
||||
},
|
||||
|
||||
// If you wanna bypass BT streams, you should enable it.
|
||||
"sniffing": {
|
||||
"enabled": false
|
||||
// ,
|
||||
// "destOverride": ["http", "tls"]
|
||||
}
|
||||
}],
|
||||
// List of outbound proxy configurations.
|
||||
"outbounds": [{
|
||||
// Replace your proxy protocol in this section, like: vmess or shadowsocks
|
||||
"protocol": "freedom",
|
||||
|
||||
// Settings of the protocol. Varies based on protocol.
|
||||
"settings": {},
|
||||
|
||||
// Tag of the outbound. May be used for routing.
|
||||
"tag": "proxy"
|
||||
},{
|
||||
// Protocol name of the outbound proxy.
|
||||
"protocol": "freedom",
|
||||
|
||||
// Settings of the protocol. Varies based on protocol.
|
||||
"settings": {},
|
||||
|
||||
// Tag of the outbound. May be used for routing.
|
||||
"tag": "direct"
|
||||
},{
|
||||
"protocol": "blackhole",
|
||||
"settings": {},
|
||||
"tag": "blocked"
|
||||
}],
|
||||
|
||||
// Transport is for global transport settings. If you have multiple transports with same settings
|
||||
// (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
|
||||
//"transport": {},
|
||||
|
||||
// Routing controls how traffic from inbounds are sent to outbounds.
|
||||
"routing": {
|
||||
"domainStrategy": "AsIs",
|
||||
"rules":[
|
||||
{
|
||||
// Bypass private IPs.
|
||||
"type": "field",
|
||||
"ip": ["geoip:private"],
|
||||
"outboundTag": "direct"
|
||||
},
|
||||
{
|
||||
// Bypass all china IPs.
|
||||
"type": "field",
|
||||
"ip": ["geoip:cn"],
|
||||
"outboundTag": "direct"
|
||||
}
|
||||
//,
|
||||
//{
|
||||
// Bypass all china sites.
|
||||
// "type": "field",
|
||||
// "domain": ["geosite:cn"],
|
||||
// "outboundTag": "direct"
|
||||
//},
|
||||
//{
|
||||
// To bypass all BT streams, you should enable sniffing.
|
||||
// "type": "field",
|
||||
// "protocol":["bittorrent"],
|
||||
// "outboundTag": "direct"
|
||||
//},
|
||||
//{
|
||||
// If your network condition not very well, you could bypass dnscrypt-proxy's upstream DNS.
|
||||
// "type": "field",
|
||||
// "domain": [
|
||||
// "cloudflare-dns.com",
|
||||
// "doh.opendns.com",
|
||||
// "dns.google"
|
||||
// ],
|
||||
// "outboundTag": "direct"
|
||||
//},
|
||||
//{
|
||||
// Blocks major ads.
|
||||
// "type": "field",
|
||||
// "domain": ["geosite:category-ads"],
|
||||
// "outboundTag": "blocked"
|
||||
//}
|
||||
]
|
||||
},
|
||||
|
||||
// Policy controls some internal behavior of how V2Ray handles connections.
|
||||
// It may be on connection level by user levels in 'levels', or global settings in 'system.'
|
||||
"policy": {
|
||||
// Connection policys by user levels
|
||||
"levels": {
|
||||
"0": {
|
||||
"uplinkOnly": 0,
|
||||
"downlinkOnly": 0
|
||||
}
|
||||
},
|
||||
"system": {
|
||||
"statsInboundUplink": false,
|
||||
"statsInboundDownlink": false
|
||||
}
|
||||
},
|
||||
|
||||
// Stats enables internal stats counter.
|
||||
// This setting can be used together with Policy and Api.
|
||||
//"stats":{},
|
||||
|
||||
// Api enables gRPC APIs for external programs to communicate with V2Ray instance.
|
||||
//"api": {
|
||||
//"tag": "api",
|
||||
//"services": [
|
||||
// "HandlerService",
|
||||
// "LoggerService",
|
||||
// "StatsService"
|
||||
//]
|
||||
//},
|
||||
|
||||
// You may add other entries to the configuration, but they will not be recognized by V2Ray.
|
||||
"other": {}
|
||||
}
|
@ -45,7 +45,7 @@
|
||||
}],
|
||||
// List of outbound proxy configurations.
|
||||
"outbounds": [{
|
||||
// Replace your proxy protocol in this section, like: vmess or shadowsocks
|
||||
// Replace your proxy protocol in this section, like: VMESS, VLESS or Shadowsocks
|
||||
"protocol": "freedom",
|
||||
|
||||
// Settings of the protocol. Varies based on protocol.
|
||||
|
@ -3,7 +3,7 @@
|
||||
##################################
|
||||
listen_addresses = ['127.0.0.1:65534']
|
||||
max_clients = 250
|
||||
# user_name = 'nobody'
|
||||
# user_name = 'net_raw'
|
||||
ipv4_servers = true
|
||||
ipv6_servers = false
|
||||
dnscrypt_servers = false
|
||||
|
@ -117,6 +117,14 @@ timeout = 5000
|
||||
keepalive = 30
|
||||
|
||||
|
||||
## Add EDNS-client-subnet information to outgoing queries
|
||||
##
|
||||
## Multiple networks can be listed; they will be randomly chosen.
|
||||
## These networks don't have to match your actual networks.
|
||||
|
||||
# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"]
|
||||
|
||||
|
||||
## Response for blocked queries. Options are `refused`, `hinfo` (default) or
|
||||
## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
|
||||
## Using the `hinfo` option means that some responses will be lies.
|
||||
@ -253,7 +261,7 @@ netprobe_address = '9.9.9.9:53'
|
||||
## encrypted-dns-server can be configured to use this for access control
|
||||
## in the [access_control] section
|
||||
|
||||
# query_meta = ["key1:value1", "key2:value2", "token:MySecretToken"]
|
||||
# query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken']
|
||||
|
||||
|
||||
## Automatic log files rotation
|
||||
@ -386,14 +394,14 @@ cache_neg_max_ttl = 600
|
||||
## For each `listen_address` the complete URL to access the server will be:
|
||||
## `https://<listen_address><path>` (ex: `https://127.0.0.1/dns-query`)
|
||||
|
||||
# path = "/dns-query"
|
||||
# path = '/dns-query'
|
||||
|
||||
|
||||
## Certificate file and key - Note that the certificate has to be trusted.
|
||||
## See the documentation (wiki) for more information.
|
||||
|
||||
# cert_file = "localhost.pem"
|
||||
# cert_key_file = "localhost.pem"
|
||||
# cert_file = 'localhost.pem'
|
||||
# cert_key_file = 'localhost.pem'
|
||||
|
||||
|
||||
|
||||
@ -641,7 +649,7 @@ cache_neg_max_ttl = 600
|
||||
# The list below enables workarounds to make non-relayed usage more reliable
|
||||
# until the servers are fixed.
|
||||
|
||||
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-pri', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security']
|
||||
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security']
|
||||
|
||||
|
||||
|
||||
@ -734,13 +742,13 @@ skip_incompatible = false
|
||||
[dns64]
|
||||
|
||||
## (Option 1) Static prefix(es) as Pref64::/n CIDRs.
|
||||
# prefix = ["64:ff9b::/96"]
|
||||
# prefix = ['64:ff9b::/96']
|
||||
|
||||
## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs.
|
||||
## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only.
|
||||
## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96).
|
||||
## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only.
|
||||
# resolver = ["[2606:4700:4700::64]:53", "[2001:4860:4860::64]:53"]
|
||||
# resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53']
|
||||
|
||||
|
||||
|
||||
|
12
v2ray/etc/dnscrypt-proxy/update-rules.sh
Normal file → Executable file
12
v2ray/etc/dnscrypt-proxy/update-rules.sh
Normal file → Executable file
@ -1,18 +1,20 @@
|
||||
wget -N https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf
|
||||
rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt example-dnscrypt-proxy.toml
|
||||
|
||||
wget https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf
|
||||
echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/accelerated-domains.china.conf' >dnscrypt-forwarding-rules.txt
|
||||
echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-forwarding-rules.txt
|
||||
echo '# Thanks to all contributors.' >>dnscrypt-forwarding-rules.txt
|
||||
echo '' >>dnscrypt-forwarding-rules.txt
|
||||
cat accelerated-domains.china.conf | grep -v '^#server' | sed -e 's|/| |g' -e 's|^server= ||' | sed 's/114.114.114.114/114.114.114.114,114.114.115.115/g' >>dnscrypt-forwarding-rules.txt
|
||||
|
||||
wget -N https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf
|
||||
wget https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf
|
||||
echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/bogus-nxdomain.china.conf' >dnscrypt-blacklist-ips.txt
|
||||
echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-blacklist-ips.txt
|
||||
echo '# Thanks to all contributors.' >>dnscrypt-blacklist-ips.txt
|
||||
echo '' >>dnscrypt-blacklist-ips.txt
|
||||
cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's/bogus-nxdomain=//g' >>dnscrypt-blacklist-ips.txt
|
||||
|
||||
#wget -N https://github.com/missdeer/blocklist/raw/master/toblock-without-shorturl-optimized.lst
|
||||
#wget https://github.com/missdeer/blocklist/raw/master/toblock-without-shorturl-optimized.lst
|
||||
#echo '# Converted from https://github.com/missdeer/blocklist/blob/master/toblock-without-shorturl-optimized.lst' >dnscrypt-blacklist-domains.txt
|
||||
#echo '# https://github.com/missdeer/blocklist' >>dnscrypt-blacklist-domains.txt
|
||||
#echo '# Thanks to all contributors.' >>dnscrypt-blacklist-domains.txt
|
||||
@ -23,7 +25,7 @@ cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's
|
||||
#echo 'ads[0-9]*' >>dnscrypt-blacklist-domains.txt
|
||||
#cat toblock-without-shorturl-optimized.lst | grep -v '^#' | tr -s '\n' | tr A-Z a-z | grep -v '^ad\.' | grep -v -e '^ad[0-9]' | grep -v '^ads\.' | grep -v -e '^ads[0-9]' | rev | sort -n | uniq | rev >>dnscrypt-blacklist-domains.txt
|
||||
|
||||
#wget -N https://github.com/googlehosts/hosts/raw/master/hosts-files/dnscrypt-proxy-cloaking.txt
|
||||
#wget https://github.com/googlehosts/hosts/raw/master/hosts-files/dnscrypt-proxy-cloaking.txt
|
||||
#echo '# Converted from https://github.com/googlehosts/hosts/blob/master/hosts-files/dnscrypt-proxy-cloaking.txt' >dnscrypt-cloaking-rules.txt
|
||||
#echo '# https://github.com/googlehosts/hosts' >>dnscrypt-cloaking-rules.txt
|
||||
#echo '# Thanks to all contributors.' >>dnscrypt-cloaking-rules.txt
|
||||
@ -32,4 +34,4 @@ cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's
|
||||
|
||||
rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt
|
||||
|
||||
wget -N https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
|
||||
wget https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
|
||||
|
@ -1,5 +1,6 @@
|
||||
#!/system/bin/sh
|
||||
|
||||
dnsmasq_uid="1052"
|
||||
bin_name="dnscrypt-proxy"
|
||||
bin_file="/system/bin/${bin_name}"
|
||||
run_path="/data/v2ray/run"
|
||||
@ -7,14 +8,11 @@ pid_file="${run_path}/dnscrypt-proxy.pid"
|
||||
conf_path="/data/v2ray/dnscrypt-proxy"
|
||||
conf_file="${conf_path}/dnscrypt-proxy.toml"
|
||||
bin_opts="-config ${conf_file}"
|
||||
appid_file="/data/v2ray/appid.list"
|
||||
appid_list=()
|
||||
softap_file="/data/v2ray/softap.list"
|
||||
softap_list=()
|
||||
iptables_wait="iptables"
|
||||
v2ray_share=false
|
||||
proxy_for_app=false
|
||||
inet_uid="3003"
|
||||
softap_file="/data/v2ray/softap.list"
|
||||
appid_list=()
|
||||
proxy_for_guest=false
|
||||
host_ip="127.0.0.1"
|
||||
dns_port="65534"
|
||||
proxy_port="65535"
|
||||
@ -39,15 +37,6 @@ find_netstat_path() {
|
||||
return 1
|
||||
}
|
||||
|
||||
iptables_chain_exist() {
|
||||
local chain_list="$1"
|
||||
local target_chain="$2"
|
||||
if `echo "${chain_list}" | grep -q ":${target_chain} "` ; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
probe_dnscrypt-proxy_alive() {
|
||||
[ -f ${pid_file} ] && cmd_file="/proc/`cat ${pid_file}`/cmdline" || return 1
|
||||
[ -f ${cmd_file} ] && grep -q "dnscrypt-proxy" ${cmd_file} && return 0 || return 1
|
||||
@ -64,102 +53,26 @@ probe_v2ray_listen() {
|
||||
fi
|
||||
}
|
||||
|
||||
probe_v2ray_target() {
|
||||
check_proxy_guest() {
|
||||
## add eof to appid and softap file
|
||||
echo "" >> "${appid_file}"
|
||||
## trim empty line in appid and softap file
|
||||
sed -i '/^$/d' "${appid_file}"
|
||||
## probe proxy app
|
||||
if [ -f ${appid_file} ] ; then
|
||||
## check appid_file is white-list or black-list
|
||||
if head -1 "${appid_file}" | grep -q 'bypass' ; then
|
||||
app_proxy_mode="skip"
|
||||
else
|
||||
app_proxy_mode="pick"
|
||||
fi
|
||||
## filter appid number
|
||||
while read appid_line ; do
|
||||
appid_text=(`echo ${appid_line}`)
|
||||
for appid_word in ${appid_text[*]} ; do
|
||||
if echo "${appid_word}" | grep -q '#' ; then
|
||||
break
|
||||
elif [ "${appid_word}" -ge 0 ] 2>/dev/null ; then
|
||||
appid_list=(${appid_list[*]} ${appid_word})
|
||||
fi
|
||||
done
|
||||
done < ${appid_file}
|
||||
fi
|
||||
echo "" >> "${softap_file}"
|
||||
## trim empty line in softap file
|
||||
sed -i '/^$/d' "${softap_file}"
|
||||
## probe proxy wifi interface
|
||||
${v2ray_share} && [ -f ${softap_file} ] && softap_list=(`cat ${softap_file}`) || unset softap_list
|
||||
## check proxy app or not
|
||||
if ( [ "${app_proxy_mode}" = "skip" ] || ( [ "${app_proxy_mode}" = "pick" ] && [ ${#appid_list[@]} -gt 0 ] ) ) ; then
|
||||
proxy_for_app=true
|
||||
fi
|
||||
## check enable proxy iptables or not
|
||||
if ! ( ${proxy_for_app} ) ; then
|
||||
echo "[Error]: DNS is not proxy for APP."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
probe_uid_app_name() {
|
||||
app_handle="$2"
|
||||
if [ "$1" == "0" ] ; then
|
||||
app_name="root"
|
||||
else
|
||||
app_name=`grep " $1 " /data/system/packages.list | cut -d ' ' -f 1`
|
||||
app_name=`echo ${app_name} | sed 's/ / \& /g'`
|
||||
fi
|
||||
if [ "${app_name}" != "" ] ; then
|
||||
echo "[Info]: ${app_handle} ${app_name} APP's DNS request."
|
||||
else
|
||||
echo "[Warning]: APP with uid=$1 is not found."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
proxy_app_dns_iptables() {
|
||||
## create iptables proxy chains for app tcp
|
||||
${iptables_wait} -t nat -N APP_DNS_PROXY
|
||||
## bypass v2ray program
|
||||
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${inet_uid} -j RETURN
|
||||
## white-list mode
|
||||
if [ "${app_proxy_mode}" = "pick" ] ; then
|
||||
## proxy all apps network
|
||||
if [ "${appid_list[*]}" = "0" ] ; then
|
||||
echo "[Info]: Proxy all APP's DNS request."
|
||||
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY_APP_DNS
|
||||
## proxy assign app
|
||||
else
|
||||
for appid in ${appid_list[@]}; do
|
||||
probe_uid_app_name ${appid} "Proxy" && \
|
||||
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${appid} -j V2RAY_APP_DNS
|
||||
done
|
||||
fi
|
||||
## black-list mode
|
||||
elif [ "${app_proxy_mode}" = "skip" ] ; then
|
||||
for appid in ${appid_list[@]}; do
|
||||
probe_uid_app_name ${appid} "Ignore" && \
|
||||
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${appid} -j RETURN
|
||||
done
|
||||
echo "[Info]: Proxy all remaining APP's DNS request."
|
||||
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY_APP_DNS
|
||||
fi
|
||||
## apply proxy rules to iptables
|
||||
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner 0 -j V2RAY_APP_DNS
|
||||
${iptables_wait} -t nat -A OUTPUT -p udp --dport 53 -j APP_DNS_PROXY
|
||||
## check proxy wifi guest or not
|
||||
[ ${#softap_list[@]} -gt 0 ] && proxy_for_guest=true
|
||||
}
|
||||
|
||||
create_proxy_iptables() {
|
||||
echo "[Info]: Create DNS proxy chains."
|
||||
## create iptables proxy chains for dns
|
||||
${iptables_wait} -t nat -N V2RAY_APP_DNS
|
||||
## build basic iptables proxy chains
|
||||
${iptables_wait} -t nat -A V2RAY_APP_DNS -p udp -j DNAT --to-destination ${host_ip}:${dns_port}
|
||||
if ! iptables_chain_exist "${iptables_chains}" "APP_DNS_PROXY" && ${proxy_for_app} ; then
|
||||
## proxy app network
|
||||
proxy_app_dns_iptables
|
||||
fi
|
||||
echo "[Info]: Proxy local system's DNS request."
|
||||
${iptables_wait} -t nat -A OUTPUT -p udp -m owner --uid-owner 0 --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port}
|
||||
## proxy wifi guest DNS
|
||||
check_proxy_guest && \
|
||||
if ${proxy_for_guest} ; then
|
||||
echo "[Info]: Proxy dnsmasq's DNS request."
|
||||
${iptables_wait} -t nat -A OUTPUT -p udp -m owner --uid-owner ${dnsmasq_uid} --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port}
|
||||
fi
|
||||
}
|
||||
|
||||
display_dnscrypt-proxy_pid() {
|
||||
@ -172,23 +85,10 @@ display_dnscrypt-proxy_pid() {
|
||||
fi
|
||||
}
|
||||
|
||||
flush_endpoint_iptables() {
|
||||
${iptables_wait} -t nat -F V2RAY_APP_DNS 2>/dev/null
|
||||
}
|
||||
|
||||
flush_nat_iptables() {
|
||||
echo "[Info]: Clean nat proxy iptables rules."
|
||||
local iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " " | grep -o ":[0-9A-Z_]* "`
|
||||
${iptables_wait} -t nat -D OUTPUT -p udp --dport 53 -j APP_DNS_PROXY 2>/dev/null
|
||||
if iptables_chain_exist "${iptables_chains}" "APP_DNS_PROXY" ; then
|
||||
${iptables_wait} -t nat -F APP_DNS_PROXY
|
||||
${iptables_wait} -t nat -X APP_DNS_PROXY
|
||||
fi
|
||||
if iptables_chain_exist "${iptables_chains}" "V2RAY_APP_DNS" ; then
|
||||
${iptables_wait} -t nat -F V2RAY_APP_DNS
|
||||
${iptables_wait} -t nat -X V2RAY_APP_DNS
|
||||
fi
|
||||
unset iptables_chains
|
||||
flush_dns_iptables() {
|
||||
echo "[Info]: Clean DNS proxy iptables rules."
|
||||
${iptables_wait} -t nat -D OUTPUT -p udp -m owner --uid-owner 0 --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} 2>/dev/null
|
||||
${iptables_wait} -t nat -D OUTPUT -p udp -m owner --uid-owner ${dnsmasq_uid} --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} 2>/dev/null
|
||||
}
|
||||
|
||||
start_dnscrypt-proxy() {
|
||||
@ -198,6 +98,10 @@ start_dnscrypt-proxy() {
|
||||
elif probe_v2ray_listen ; then
|
||||
echo "[Info]: Starting ${bin_name} service."
|
||||
mkdir -p ${run_path}
|
||||
echo -n "" > ${conf_path}/dnscrypt-nxdomain.log
|
||||
echo -n "" > ${conf_path}/dnscrypt-query.log
|
||||
chown -R net_raw:net_raw ${conf_path}
|
||||
chown net_raw:net_raw ${bin_file}
|
||||
chmod 6755 ${bin_file}
|
||||
nohup ${bin_file} ${bin_opts} &
|
||||
sleep 1
|
||||
@ -231,15 +135,10 @@ suit_iptables_version
|
||||
|
||||
case "$1" in
|
||||
enable)
|
||||
if start_dnscrypt-proxy ; then
|
||||
flush_endpoint_iptables
|
||||
probe_v2ray_target
|
||||
sleep 2
|
||||
create_proxy_iptables
|
||||
fi
|
||||
start_dnscrypt-proxy && create_proxy_iptables
|
||||
;;
|
||||
disable)
|
||||
flush_nat_iptables
|
||||
flush_dns_iptables
|
||||
stop_dnscrypt-proxy
|
||||
;;
|
||||
status)
|
||||
|
@ -17,6 +17,13 @@ start_v2ray() {
|
||||
if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then
|
||||
${tproxy} enable
|
||||
[ -f "${dnscrypt_conf}" ] && ${dns_proxy_service} enable
|
||||
settings put global airplane_mode_on 1
|
||||
sleep 1
|
||||
am broadcast -a android.intent.action.AIRPLANE_MODE
|
||||
sleep 1
|
||||
settings put global airplane_mode_on 0
|
||||
sleep 1
|
||||
am broadcast -a android.intent.action.AIRPLANE_MODE
|
||||
fi
|
||||
}
|
||||
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
route_id="1130"
|
||||
inet_uid="3003"
|
||||
net_raw_uid="3004"
|
||||
route_name="v2ray"
|
||||
proxy_port="65535"
|
||||
proxy_mark="0x20151130"
|
||||
@ -15,7 +16,7 @@ softap_list=()
|
||||
v2ray_share=false
|
||||
proxy_for_app=false
|
||||
proxy_for_guest=false
|
||||
intranet=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4)
|
||||
intranet=(0.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 224.0.0.0/4 240.0.0.0/4)
|
||||
|
||||
suit_iptables_version() {
|
||||
iptables_version=`iptables -V | grep -o "v1\.[0-9]"`
|
||||
@ -163,6 +164,7 @@ proxy_app_tcp_iptables() {
|
||||
probe_uid_app_name ${appid} "Proxy" && \
|
||||
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${appid} -j V2RAY
|
||||
done
|
||||
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${net_raw_uid} -j V2RAY
|
||||
fi
|
||||
## black-list mode
|
||||
elif [ "${app_proxy_mode}" = "skip" ] ; then
|
||||
@ -174,7 +176,6 @@ proxy_app_tcp_iptables() {
|
||||
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY
|
||||
fi
|
||||
## apply proxy rules to iptables
|
||||
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner 0 -j V2RAY
|
||||
${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY
|
||||
}
|
||||
|
||||
@ -183,8 +184,8 @@ proxy_guest_tcp_iptables() {
|
||||
${iptables_wait} -t nat -N GUEST_TCP_PROXY
|
||||
## proxy assign softap
|
||||
for softap in ${softap_list[@]}; do
|
||||
echo "[Info]: Proxy ${softap} WiFi guest's TCP network."
|
||||
${iptables_wait} -t nat -A GUEST_TCP_PROXY -i ${softap} -j V2RAY
|
||||
echo "[Info]: Proxy ${softap} guest's TCP network."
|
||||
${iptables_wait} -t nat -A GUEST_TCP_PROXY -s ${softap} -j V2RAY
|
||||
done
|
||||
${iptables_wait} -t nat -A PREROUTING -p tcp -j GUEST_TCP_PROXY
|
||||
}
|
||||
@ -218,7 +219,7 @@ filter_proxy_iptables() {
|
||||
${iptables_wait} -t filter -A PROTECT_V2RAY -i lo -j RETURN
|
||||
## permit assign softap
|
||||
for softap in ${softap_list[@]}; do
|
||||
${iptables_wait} -t filter -A PROTECT_V2RAY -i ${softap} -j RETURN
|
||||
${iptables_wait} -t filter -A PROTECT_V2RAY -s ${softap} -j RETURN
|
||||
done
|
||||
## deny all other visit
|
||||
${iptables_wait} -t filter -A PROTECT_V2RAY -p tcp --dport ${proxy_port} -j DROP
|
||||
|
Loading…
Reference in New Issue
Block a user