diff --git a/README.md b/README.md index 9113b1a..6475c9f 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ You can download the release installer zip file and install it via the Magisk Ma `export V2RAY_LOCATION_ASSET=/data/v2ray; v2ray -test -config /data/v2ray/config.json` in android terminal or ssh. -- dnscrypt-proxy config file is store in `/data/v2ray/dnscrypt-proxy/` folder, you can update cn domains list via running the shell script `update-rules.sh` or if you dislike the default rules, you can edit them by yourself. +- dnscrypt-proxy config file is store in `/data/v2ray/dnscrypt-proxy/` folder, you can update cn domains list via running the shell script `update-rules.sh` or if you dislike the default rules, you can edit them by yourself. ( If you want to disable dnscrypt-proxy, just delete the config file `/data/v2ray/dnscrypt-proxy/dnscrypt-proxy.toml` ) - Tips: Please notice that the default configuration has already set inbounds section to cooperate work with transparent proxy script. It is recommended that you only edit the first element of outbounds section to your proxy server and edit file `/data/v2ray/appid.list` to select which App to proxy. @@ -59,11 +59,11 @@ You can download the release installer zip file and install it via the Magisk Ma -#### Share transparent proxy to WiFi guest +#### Share transparent proxy to WiFi guest or USB guest - Transparent proxy is share to WiFi guest by default. -- If you don't want to share proxy to WiFi guest, delete the file `/data/v2ray/softap.list` or empty it. -- For most situation, Android WiFi hotspot interface is `softap0` . If your device is not conform to it , please write down the name of your WiFi hotspot name in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the name of WiFi hotspot interface ) +- If you don't want to share proxy to WiFi guest or USB guest, delete the file `/data/v2ray/softap.list` or empty it. +- For most situation, Android WiFi hotspot subnet is `192.168.43.0/24`, and USB subnet is `192.168.42.0/24`. If your device is not conform to it , please write down the subnet you want proxy in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the subnet ) diff --git a/customize.sh b/customize.sh index 3b350b9..44250d5 100644 --- a/customize.sh +++ b/customize.sh @@ -55,7 +55,7 @@ rm "${download_v2ray_zip}" # copy v2ray data and config ui_print "- Copy V2Ray config and data files" [ -f /data/v2ray/softap.list ] || \ -echo "softap0" > /data/v2ray/softap.list +echo "192.168.43.0/24" > /data/v2ray/softap.list [ -f /data/v2ray/resolv.conf ] || \ unzip -j -o "${ZIPFILE}" "v2ray/etc/resolv.conf" -d /data/v2ray >&2 unzip -j -o "${ZIPFILE}" "v2ray/etc/config.json.template" -d /data/v2ray >&2 @@ -85,11 +85,12 @@ echo "id=v2ray" > $MODPATH/module.prop echo "name=V2ray for Android" >> $MODPATH/module.prop echo -n "version=" >> $MODPATH/module.prop echo ${latest_v2ray_version} >> $MODPATH/module.prop -echo "versionCode=20200815" >> $MODPATH/module.prop +echo "versionCode=20200918" >> $MODPATH/module.prop echo "author=chendefine" >> $MODPATH/module.prop echo "description=V2ray core with service scripts for Android" >> $MODPATH/module.prop inet_uid="3003" +net_raw_uid="3004" set_perm_recursive $MODPATH 0 0 0755 0644 set_perm $MODPATH/service.sh 0 0 0755 set_perm $MODPATH/uninstall.sh 0 0 0755 @@ -98,7 +99,7 @@ set_perm $MODPATH/scripts/v2ray.inotify 0 0 0755 set_perm $MODPATH/scripts/v2ray.service 0 0 0755 set_perm $MODPATH/scripts/v2ray.tproxy 0 0 0755 set_perm $MODPATH/scripts/dnscrypt-proxy.service 0 0 0755 -set_perm $MODPATH/system/bin/dnscrypt-proxy 0 0 0755 set_perm $MODPATH/system/bin/v2ray ${inet_uid} ${inet_uid} 0755 set_perm $MODPATH/system/bin/v2ctl ${inet_uid} ${inet_uid} 0755 set_perm /data/v2ray ${inet_uid} ${inet_uid} 0755 +set_perm $MODPATH/system/bin/dnscrypt-proxy ${net_raw_uid} ${net_raw_uid} 0755 \ No newline at end of file diff --git a/module.prop b/module.prop index e8708de..2540c9d 100644 --- a/module.prop +++ b/module.prop @@ -1,6 +1,6 @@ id=v2ray name=V2ray for Android version=latest_version -versionCode=20200815 +versionCode=20200918 author=chendefine description=V2ray core with service scripts for Android diff --git a/module_installer.sh b/module_installer.sh deleted file mode 100644 index f046d33..0000000 --- a/module_installer.sh +++ /dev/null @@ -1,183 +0,0 @@ -#!/sbin/sh - -################# -# Initialization -################# - -umask 022 - -# echo before loading util_functions -ui_print() { echo "$1"; } - -require_new_magisk() { - ui_print "*******************************" - ui_print " Please install Magisk v19.0+! " - ui_print "*******************************" - exit 1 -} - -######################### -# Load util_functions.sh -######################### - -OUTFD=$2 -ZIPFILE=$3 - -mount /data 2>/dev/null - -[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk -. /data/adb/magisk/util_functions.sh -[ $MAGISK_VER_CODE -lt 19000 ] && require_new_magisk - -if [ $MAGISK_VER_CODE -ge 20400 ]; then - # New Magisk have complete installation logic within util_functions.sh - install_module - exit 0 -fi - -################# -# Legacy Support -################# - -TMPDIR=/dev/tmp -PERSISTDIR=/sbin/.magisk/mirror/persist - -is_legacy_script() { - unzip -l "$ZIPFILE" install.sh | grep -q install.sh - return $? -} - -print_modname() { - ui_print "*******************************" - ui_print " V2Ray for Android " - ui_print "*******************************" -} - -# Override abort as old scripts have some issues -abort() { - ui_print "$1" - $BOOTMODE || recovery_cleanup - [ -n $MODPATH ] && rm -rf $MODPATH - rm -rf $TMPDIR - exit 1 -} - -rm -rf $TMPDIR 2>/dev/null -mkdir -p $TMPDIR - -# Preperation for flashable zips -setup_flashable - -# Mount partitions -mount_partitions - -# Detect version and architecture -api_level_arch_detect - -# Setup busybox and binaries -$BOOTMODE && boot_actions || recovery_actions - -############## -# Preparation -############## - -# Extract prop file -unzip -o "$ZIPFILE" module.prop -d $TMPDIR >&2 -[ ! -f $TMPDIR/module.prop ] && abort "! Unable to extract zip file!" - -$BOOTMODE && MODDIRNAME=modules_update || MODDIRNAME=modules -MODULEROOT=$NVBASE/$MODDIRNAME -MODID=`grep_prop id $TMPDIR/module.prop` -MODPATH=$MODULEROOT/$MODID -MODNAME=`grep_prop name $TMPDIR/module.prop` - -# Create mod paths -rm -rf $MODPATH 2>/dev/null -mkdir -p $MODPATH - -########## -# Install -########## - -if is_legacy_script; then - unzip -oj "$ZIPFILE" module.prop install.sh uninstall.sh 'common/*' -d $TMPDIR >&2 - - # Load install script - . $TMPDIR/install.sh - - # Callbacks - print_modname - on_install - - # Custom uninstaller - [ -f $TMPDIR/uninstall.sh ] && cp -af $TMPDIR/uninstall.sh $MODPATH/uninstall.sh - - # Skip mount - $SKIPMOUNT && touch $MODPATH/skip_mount - - # prop file - $PROPFILE && cp -af $TMPDIR/system.prop $MODPATH/system.prop - - # Module info - cp -af $TMPDIR/module.prop $MODPATH/module.prop - - # post-fs-data scripts - $POSTFSDATA && cp -af $TMPDIR/post-fs-data.sh $MODPATH/post-fs-data.sh - - # service scripts - $LATESTARTSERVICE && cp -af $TMPDIR/service.sh $MODPATH/service.sh - - ui_print "- Setting permissions" - set_permissions -else - print_modname - - unzip -o "$ZIPFILE" customize.sh -d $MODPATH >&2 - - if ! grep -q '^SKIPUNZIP=1$' $MODPATH/customize.sh 2>/dev/null; then - ui_print "- Extracting module files" - unzip -o "$ZIPFILE" -x 'META-INF/*' -d $MODPATH >&2 - - # Default permissions - set_perm_recursive $MODPATH 0 0 0755 0644 - fi - - # Load customization script - [ -f $MODPATH/customize.sh ] && . $MODPATH/customize.sh -fi - -# Handle replace folders -for TARGET in $REPLACE; do - ui_print "- Replace target: $TARGET" - mktouch $MODPATH$TARGET/.replace -done - -if $BOOTMODE; then - # Update info for Magisk Manager - mktouch $NVBASE/modules/$MODID/update - cp -af $MODPATH/module.prop $NVBASE/modules/$MODID/module.prop -fi - -# Copy over custom sepolicy rules -if [ -f $MODPATH/sepolicy.rule -a -e $PERSISTDIR ]; then - ui_print "- Installing custom sepolicy patch" - PERSISTMOD=$PERSISTDIR/magisk/$MODID - mkdir -p $PERSISTMOD - cp -af $MODPATH/sepolicy.rule $PERSISTMOD/sepolicy.rule -fi - -# Remove stuffs that don't belong to modules -rm -rf \ -$MODPATH/system/placeholder $MODPATH/customize.sh \ -$MODPATH/README.md $MODPATH/.git* 2>/dev/null - -############# -# Finalizing -############# - -cd / -$BOOTMODE || recovery_cleanup -rm -rf $TMPDIR - -ui_print "- Done" -exit 0 diff --git a/v2ray/etc/config.json b/v2ray/etc/config.json deleted file mode 100644 index 590b9b6..0000000 --- a/v2ray/etc/config.json +++ /dev/null @@ -1,155 +0,0 @@ -// Config file of V2Ray. This file follows standard JSON format, with comments support. -// Uncomment entries below to satisfy your needs. Also read our manual for more detail at -// https://www.v2ray.com/ -{ - "log": { - // By default, V2Ray writes access log to stdout. - // "access": "/path/to/access/log/file", - "access": "none", - - // By default, V2Ray write error log to stdout. - // "error": "/path/to/error/log/file", - "error": "/data/v2ray/run/error.log", - - // Log level, one of "debug", "info", "warning", "error", "none" - "loglevel": "warning" - }, - // List of inbound proxy configurations. - "inbounds": [{ - // Port to listen on. You may need root access if the value is less than 1024. - "port": 65535, - - // IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces. - "listen": "0.0.0.0", - - // Tag of the inbound proxy. May be used for routing. - "tag": "proxy-inbound", - - // Protocol name of inbound proxy. - "protocol": "dokodemo-door", - - // Settings of the protocol. Varies based on protocol. - "settings": { - // Disable timeout setting for keeping persistent connection. Such as FCM. - // "timeout": 10, - "network": "tcp,udp", - "followRedirect": true - }, - - // If you wanna bypass BT streams, you should enable it. - "sniffing": { - "enabled": false - // , - // "destOverride": ["http", "tls"] - } - }], - // List of outbound proxy configurations. - "outbounds": [{ - // Replace your proxy protocol in this section, like: vmess or shadowsocks - "protocol": "freedom", - - // Settings of the protocol. Varies based on protocol. - "settings": {}, - - // Tag of the outbound. May be used for routing. - "tag": "proxy" - },{ - // Protocol name of the outbound proxy. - "protocol": "freedom", - - // Settings of the protocol. Varies based on protocol. - "settings": {}, - - // Tag of the outbound. May be used for routing. - "tag": "direct" - },{ - "protocol": "blackhole", - "settings": {}, - "tag": "blocked" - }], - - // Transport is for global transport settings. If you have multiple transports with same settings - // (say mKCP), you may put it here, instead of in each individual inbound/outbounds. - //"transport": {}, - - // Routing controls how traffic from inbounds are sent to outbounds. - "routing": { - "domainStrategy": "AsIs", - "rules":[ - { - // Bypass private IPs. - "type": "field", - "ip": ["geoip:private"], - "outboundTag": "direct" - }, - { - // Bypass all china IPs. - "type": "field", - "ip": ["geoip:cn"], - "outboundTag": "direct" - } - //, - //{ - // Bypass all china sites. - // "type": "field", - // "domain": ["geosite:cn"], - // "outboundTag": "direct" - //}, - //{ - // To bypass all BT streams, you should enable sniffing. - // "type": "field", - // "protocol":["bittorrent"], - // "outboundTag": "direct" - //}, - //{ - // If your network condition not very well, you could bypass dnscrypt-proxy's upstream DNS. - // "type": "field", - // "domain": [ - // "cloudflare-dns.com", - // "doh.opendns.com", - // "dns.google" - // ], - // "outboundTag": "direct" - //}, - //{ - // Blocks major ads. - // "type": "field", - // "domain": ["geosite:category-ads"], - // "outboundTag": "blocked" - //} - ] - }, - - // Policy controls some internal behavior of how V2Ray handles connections. - // It may be on connection level by user levels in 'levels', or global settings in 'system.' - "policy": { - // Connection policys by user levels - "levels": { - "0": { - "uplinkOnly": 0, - "downlinkOnly": 0 - } - }, - "system": { - "statsInboundUplink": false, - "statsInboundDownlink": false - } - }, - - // Stats enables internal stats counter. - // This setting can be used together with Policy and Api. - //"stats":{}, - - // Api enables gRPC APIs for external programs to communicate with V2Ray instance. - //"api": { - //"tag": "api", - //"services": [ - // "HandlerService", - // "LoggerService", - // "StatsService" - //] - //}, - - // You may add other entries to the configuration, but they will not be recognized by V2Ray. - "other": {} -} diff --git a/v2ray/etc/config.json.template b/v2ray/etc/config.json.template index 590b9b6..a9a513c 100644 --- a/v2ray/etc/config.json.template +++ b/v2ray/etc/config.json.template @@ -45,7 +45,7 @@ }], // List of outbound proxy configurations. "outbounds": [{ - // Replace your proxy protocol in this section, like: vmess or shadowsocks + // Replace your proxy protocol in this section, like: VMESS, VLESS or Shadowsocks "protocol": "freedom", // Settings of the protocol. Varies based on protocol. diff --git a/v2ray/etc/dnscrypt-proxy/dnscrypt-proxy.toml b/v2ray/etc/dnscrypt-proxy/dnscrypt-proxy.toml index 8e63be0..4279b87 100644 --- a/v2ray/etc/dnscrypt-proxy/dnscrypt-proxy.toml +++ b/v2ray/etc/dnscrypt-proxy/dnscrypt-proxy.toml @@ -3,7 +3,7 @@ ################################## listen_addresses = ['127.0.0.1:65534'] max_clients = 250 -# user_name = 'nobody' +# user_name = 'net_raw' ipv4_servers = true ipv6_servers = false dnscrypt_servers = false diff --git a/v2ray/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml b/v2ray/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml index 7a36cac..0f79458 100644 --- a/v2ray/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/v2ray/etc/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -117,6 +117,14 @@ timeout = 5000 keepalive = 30 +## Add EDNS-client-subnet information to outgoing queries +## +## Multiple networks can be listed; they will be randomly chosen. +## These networks don't have to match your actual networks. + +# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"] + + ## Response for blocked queries. Options are `refused`, `hinfo` (default) or ## an IP response. To give an IP response, use the format `a:,aaaa:`. ## Using the `hinfo` option means that some responses will be lies. @@ -253,7 +261,7 @@ netprobe_address = '9.9.9.9:53' ## encrypted-dns-server can be configured to use this for access control ## in the [access_control] section -# query_meta = ["key1:value1", "key2:value2", "token:MySecretToken"] +# query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken'] ## Automatic log files rotation @@ -386,14 +394,14 @@ cache_neg_max_ttl = 600 ## For each `listen_address` the complete URL to access the server will be: ## `https://` (ex: `https://127.0.0.1/dns-query`) -# path = "/dns-query" +# path = '/dns-query' ## Certificate file and key - Note that the certificate has to be trusted. ## See the documentation (wiki) for more information. -# cert_file = "localhost.pem" -# cert_key_file = "localhost.pem" +# cert_file = 'localhost.pem' +# cert_key_file = 'localhost.pem' @@ -641,7 +649,7 @@ cache_neg_max_ttl = 600 # The list below enables workarounds to make non-relayed usage more reliable # until the servers are fixed. -fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-pri', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security'] +fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security'] @@ -734,13 +742,13 @@ skip_incompatible = false [dns64] ## (Option 1) Static prefix(es) as Pref64::/n CIDRs. -# prefix = ["64:ff9b::/96"] +# prefix = ['64:ff9b::/96'] ## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs. ## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only. ## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96). ## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only. -# resolver = ["[2606:4700:4700::64]:53", "[2001:4860:4860::64]:53"] +# resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53'] diff --git a/v2ray/etc/dnscrypt-proxy/update-rules.sh b/v2ray/etc/dnscrypt-proxy/update-rules.sh old mode 100644 new mode 100755 index f846b10..e93940f --- a/v2ray/etc/dnscrypt-proxy/update-rules.sh +++ b/v2ray/etc/dnscrypt-proxy/update-rules.sh @@ -1,18 +1,20 @@ -wget -N https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf +rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt example-dnscrypt-proxy.toml + +wget https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/accelerated-domains.china.conf' >dnscrypt-forwarding-rules.txt echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-forwarding-rules.txt echo '# Thanks to all contributors.' >>dnscrypt-forwarding-rules.txt echo '' >>dnscrypt-forwarding-rules.txt cat accelerated-domains.china.conf | grep -v '^#server' | sed -e 's|/| |g' -e 's|^server= ||' | sed 's/114.114.114.114/114.114.114.114,114.114.115.115/g' >>dnscrypt-forwarding-rules.txt -wget -N https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf +wget https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/bogus-nxdomain.china.conf' >dnscrypt-blacklist-ips.txt echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-blacklist-ips.txt echo '# Thanks to all contributors.' >>dnscrypt-blacklist-ips.txt echo '' >>dnscrypt-blacklist-ips.txt cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's/bogus-nxdomain=//g' >>dnscrypt-blacklist-ips.txt -#wget -N https://github.com/missdeer/blocklist/raw/master/toblock-without-shorturl-optimized.lst +#wget https://github.com/missdeer/blocklist/raw/master/toblock-without-shorturl-optimized.lst #echo '# Converted from https://github.com/missdeer/blocklist/blob/master/toblock-without-shorturl-optimized.lst' >dnscrypt-blacklist-domains.txt #echo '# https://github.com/missdeer/blocklist' >>dnscrypt-blacklist-domains.txt #echo '# Thanks to all contributors.' >>dnscrypt-blacklist-domains.txt @@ -23,7 +25,7 @@ cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's #echo 'ads[0-9]*' >>dnscrypt-blacklist-domains.txt #cat toblock-without-shorturl-optimized.lst | grep -v '^#' | tr -s '\n' | tr A-Z a-z | grep -v '^ad\.' | grep -v -e '^ad[0-9]' | grep -v '^ads\.' | grep -v -e '^ads[0-9]' | rev | sort -n | uniq | rev >>dnscrypt-blacklist-domains.txt -#wget -N https://github.com/googlehosts/hosts/raw/master/hosts-files/dnscrypt-proxy-cloaking.txt +#wget https://github.com/googlehosts/hosts/raw/master/hosts-files/dnscrypt-proxy-cloaking.txt #echo '# Converted from https://github.com/googlehosts/hosts/blob/master/hosts-files/dnscrypt-proxy-cloaking.txt' >dnscrypt-cloaking-rules.txt #echo '# https://github.com/googlehosts/hosts' >>dnscrypt-cloaking-rules.txt #echo '# Thanks to all contributors.' >>dnscrypt-cloaking-rules.txt @@ -32,4 +34,4 @@ cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt -wget -N https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy/example-dnscrypt-proxy.toml +wget https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy/example-dnscrypt-proxy.toml diff --git a/v2ray/scripts/dnscrypt-proxy.service b/v2ray/scripts/dnscrypt-proxy.service index 8c29efc..173ddfe 100644 --- a/v2ray/scripts/dnscrypt-proxy.service +++ b/v2ray/scripts/dnscrypt-proxy.service @@ -1,5 +1,6 @@ #!/system/bin/sh +dnsmasq_uid="1052" bin_name="dnscrypt-proxy" bin_file="/system/bin/${bin_name}" run_path="/data/v2ray/run" @@ -7,14 +8,11 @@ pid_file="${run_path}/dnscrypt-proxy.pid" conf_path="/data/v2ray/dnscrypt-proxy" conf_file="${conf_path}/dnscrypt-proxy.toml" bin_opts="-config ${conf_file}" -appid_file="/data/v2ray/appid.list" -appid_list=() -softap_file="/data/v2ray/softap.list" -softap_list=() iptables_wait="iptables" v2ray_share=false -proxy_for_app=false -inet_uid="3003" +softap_file="/data/v2ray/softap.list" +appid_list=() +proxy_for_guest=false host_ip="127.0.0.1" dns_port="65534" proxy_port="65535" @@ -39,15 +37,6 @@ find_netstat_path() { return 1 } -iptables_chain_exist() { - local chain_list="$1" - local target_chain="$2" - if `echo "${chain_list}" | grep -q ":${target_chain} "` ; then - return 0 - fi - return 1 -} - probe_dnscrypt-proxy_alive() { [ -f ${pid_file} ] && cmd_file="/proc/`cat ${pid_file}`/cmdline" || return 1 [ -f ${cmd_file} ] && grep -q "dnscrypt-proxy" ${cmd_file} && return 0 || return 1 @@ -64,102 +53,26 @@ probe_v2ray_listen() { fi } -probe_v2ray_target() { +check_proxy_guest() { ## add eof to appid and softap file - echo "" >> "${appid_file}" - ## trim empty line in appid and softap file - sed -i '/^$/d' "${appid_file}" - ## probe proxy app - if [ -f ${appid_file} ] ; then - ## check appid_file is white-list or black-list - if head -1 "${appid_file}" | grep -q 'bypass' ; then - app_proxy_mode="skip" - else - app_proxy_mode="pick" - fi - ## filter appid number - while read appid_line ; do - appid_text=(`echo ${appid_line}`) - for appid_word in ${appid_text[*]} ; do - if echo "${appid_word}" | grep -q '#' ; then - break - elif [ "${appid_word}" -ge 0 ] 2>/dev/null ; then - appid_list=(${appid_list[*]} ${appid_word}) - fi - done - done < ${appid_file} - fi + echo "" >> "${softap_file}" + ## trim empty line in softap file + sed -i '/^$/d' "${softap_file}" ## probe proxy wifi interface ${v2ray_share} && [ -f ${softap_file} ] && softap_list=(`cat ${softap_file}`) || unset softap_list - ## check proxy app or not - if ( [ "${app_proxy_mode}" = "skip" ] || ( [ "${app_proxy_mode}" = "pick" ] && [ ${#appid_list[@]} -gt 0 ] ) ) ; then - proxy_for_app=true - fi - ## check enable proxy iptables or not - if ! ( ${proxy_for_app} ) ; then - echo "[Error]: DNS is not proxy for APP." - exit 1 - fi -} - -probe_uid_app_name() { - app_handle="$2" - if [ "$1" == "0" ] ; then - app_name="root" - else - app_name=`grep " $1 " /data/system/packages.list | cut -d ' ' -f 1` - app_name=`echo ${app_name} | sed 's/ / \& /g'` - fi - if [ "${app_name}" != "" ] ; then - echo "[Info]: ${app_handle} ${app_name} APP's DNS request." - else - echo "[Warning]: APP with uid=$1 is not found." - return 1 - fi -} - -proxy_app_dns_iptables() { - ## create iptables proxy chains for app tcp - ${iptables_wait} -t nat -N APP_DNS_PROXY - ## bypass v2ray program - ${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${inet_uid} -j RETURN - ## white-list mode - if [ "${app_proxy_mode}" = "pick" ] ; then - ## proxy all apps network - if [ "${appid_list[*]}" = "0" ] ; then - echo "[Info]: Proxy all APP's DNS request." - ${iptables_wait} -t nat -A APP_DNS_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY_APP_DNS - ## proxy assign app - else - for appid in ${appid_list[@]}; do - probe_uid_app_name ${appid} "Proxy" && \ - ${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${appid} -j V2RAY_APP_DNS - done - fi - ## black-list mode - elif [ "${app_proxy_mode}" = "skip" ] ; then - for appid in ${appid_list[@]}; do - probe_uid_app_name ${appid} "Ignore" && \ - ${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${appid} -j RETURN - done - echo "[Info]: Proxy all remaining APP's DNS request." - ${iptables_wait} -t nat -A APP_DNS_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY_APP_DNS - fi - ## apply proxy rules to iptables - ${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner 0 -j V2RAY_APP_DNS - ${iptables_wait} -t nat -A OUTPUT -p udp --dport 53 -j APP_DNS_PROXY + ## check proxy wifi guest or not + [ ${#softap_list[@]} -gt 0 ] && proxy_for_guest=true } create_proxy_iptables() { - echo "[Info]: Create DNS proxy chains." - ## create iptables proxy chains for dns - ${iptables_wait} -t nat -N V2RAY_APP_DNS - ## build basic iptables proxy chains - ${iptables_wait} -t nat -A V2RAY_APP_DNS -p udp -j DNAT --to-destination ${host_ip}:${dns_port} - if ! iptables_chain_exist "${iptables_chains}" "APP_DNS_PROXY" && ${proxy_for_app} ; then - ## proxy app network - proxy_app_dns_iptables - fi + echo "[Info]: Proxy local system's DNS request." + ${iptables_wait} -t nat -A OUTPUT -p udp -m owner --uid-owner 0 --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} + ## proxy wifi guest DNS + check_proxy_guest && \ + if ${proxy_for_guest} ; then + echo "[Info]: Proxy dnsmasq's DNS request." + ${iptables_wait} -t nat -A OUTPUT -p udp -m owner --uid-owner ${dnsmasq_uid} --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} + fi } display_dnscrypt-proxy_pid() { @@ -172,23 +85,10 @@ display_dnscrypt-proxy_pid() { fi } -flush_endpoint_iptables() { - ${iptables_wait} -t nat -F V2RAY_APP_DNS 2>/dev/null -} - -flush_nat_iptables() { - echo "[Info]: Clean nat proxy iptables rules." - local iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " " | grep -o ":[0-9A-Z_]* "` - ${iptables_wait} -t nat -D OUTPUT -p udp --dport 53 -j APP_DNS_PROXY 2>/dev/null - if iptables_chain_exist "${iptables_chains}" "APP_DNS_PROXY" ; then - ${iptables_wait} -t nat -F APP_DNS_PROXY - ${iptables_wait} -t nat -X APP_DNS_PROXY - fi - if iptables_chain_exist "${iptables_chains}" "V2RAY_APP_DNS" ; then - ${iptables_wait} -t nat -F V2RAY_APP_DNS - ${iptables_wait} -t nat -X V2RAY_APP_DNS - fi - unset iptables_chains +flush_dns_iptables() { + echo "[Info]: Clean DNS proxy iptables rules." + ${iptables_wait} -t nat -D OUTPUT -p udp -m owner --uid-owner 0 --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} 2>/dev/null + ${iptables_wait} -t nat -D OUTPUT -p udp -m owner --uid-owner ${dnsmasq_uid} --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} 2>/dev/null } start_dnscrypt-proxy() { @@ -198,6 +98,10 @@ start_dnscrypt-proxy() { elif probe_v2ray_listen ; then echo "[Info]: Starting ${bin_name} service." mkdir -p ${run_path} + echo -n "" > ${conf_path}/dnscrypt-nxdomain.log + echo -n "" > ${conf_path}/dnscrypt-query.log + chown -R net_raw:net_raw ${conf_path} + chown net_raw:net_raw ${bin_file} chmod 6755 ${bin_file} nohup ${bin_file} ${bin_opts} & sleep 1 @@ -231,15 +135,10 @@ suit_iptables_version case "$1" in enable) - if start_dnscrypt-proxy ; then - flush_endpoint_iptables - probe_v2ray_target - sleep 2 - create_proxy_iptables - fi + start_dnscrypt-proxy && create_proxy_iptables ;; disable) - flush_nat_iptables + flush_dns_iptables stop_dnscrypt-proxy ;; status) diff --git a/v2ray/scripts/v2ray.inotify b/v2ray/scripts/v2ray.inotify index 4062fef..f582d3f 100644 --- a/v2ray/scripts/v2ray.inotify +++ b/v2ray/scripts/v2ray.inotify @@ -17,6 +17,13 @@ start_v2ray() { if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then ${tproxy} enable [ -f "${dnscrypt_conf}" ] && ${dns_proxy_service} enable + settings put global airplane_mode_on 1 + sleep 1 + am broadcast -a android.intent.action.AIRPLANE_MODE + sleep 1 + settings put global airplane_mode_on 0 + sleep 1 + am broadcast -a android.intent.action.AIRPLANE_MODE fi } diff --git a/v2ray/scripts/v2ray.tproxy b/v2ray/scripts/v2ray.tproxy index 0990fc1..26d3bf9 100644 --- a/v2ray/scripts/v2ray.tproxy +++ b/v2ray/scripts/v2ray.tproxy @@ -2,6 +2,7 @@ route_id="1130" inet_uid="3003" +net_raw_uid="3004" route_name="v2ray" proxy_port="65535" proxy_mark="0x20151130" @@ -15,7 +16,7 @@ softap_list=() v2ray_share=false proxy_for_app=false proxy_for_guest=false -intranet=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4) +intranet=(0.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 224.0.0.0/4 240.0.0.0/4) suit_iptables_version() { iptables_version=`iptables -V | grep -o "v1\.[0-9]"` @@ -163,6 +164,7 @@ proxy_app_tcp_iptables() { probe_uid_app_name ${appid} "Proxy" && \ ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${appid} -j V2RAY done + ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${net_raw_uid} -j V2RAY fi ## black-list mode elif [ "${app_proxy_mode}" = "skip" ] ; then @@ -174,7 +176,6 @@ proxy_app_tcp_iptables() { ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY fi ## apply proxy rules to iptables - ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner 0 -j V2RAY ${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY } @@ -183,8 +184,8 @@ proxy_guest_tcp_iptables() { ${iptables_wait} -t nat -N GUEST_TCP_PROXY ## proxy assign softap for softap in ${softap_list[@]}; do - echo "[Info]: Proxy ${softap} WiFi guest's TCP network." - ${iptables_wait} -t nat -A GUEST_TCP_PROXY -i ${softap} -j V2RAY + echo "[Info]: Proxy ${softap} guest's TCP network." + ${iptables_wait} -t nat -A GUEST_TCP_PROXY -s ${softap} -j V2RAY done ${iptables_wait} -t nat -A PREROUTING -p tcp -j GUEST_TCP_PROXY } @@ -218,7 +219,7 @@ filter_proxy_iptables() { ${iptables_wait} -t filter -A PROTECT_V2RAY -i lo -j RETURN ## permit assign softap for softap in ${softap_list[@]}; do - ${iptables_wait} -t filter -A PROTECT_V2RAY -i ${softap} -j RETURN + ${iptables_wait} -t filter -A PROTECT_V2RAY -s ${softap} -j RETURN done ## deny all other visit ${iptables_wait} -t filter -A PROTECT_V2RAY -p tcp --dport ${proxy_port} -j DROP