[v1.0.14] Add USB guest proxy support, fix guest's dns request proxy.

This commit is contained in:
Whale Choi 2020-09-18 20:03:46 +08:00
parent d3722aa044
commit b651e49190
12 changed files with 74 additions and 494 deletions

View File

@ -28,7 +28,7 @@ You can download the release installer zip file and install it via the Magisk Ma
`export V2RAY_LOCATION_ASSET=/data/v2ray; v2ray -test -config /data/v2ray/config.json` in android terminal or ssh. `export V2RAY_LOCATION_ASSET=/data/v2ray; v2ray -test -config /data/v2ray/config.json` in android terminal or ssh.
- dnscrypt-proxy config file is store in `/data/v2ray/dnscrypt-proxy/` folder, you can update cn domains list via running the shell script `update-rules.sh` or if you dislike the default rules, you can edit them by yourself. - dnscrypt-proxy config file is store in `/data/v2ray/dnscrypt-proxy/` folder, you can update cn domains list via running the shell script `update-rules.sh` or if you dislike the default rules, you can edit them by yourself. ( If you want to disable dnscrypt-proxy, just delete the config file `/data/v2ray/dnscrypt-proxy/dnscrypt-proxy.toml` )
- Tips: Please notice that the default configuration has already set inbounds section to cooperate work with transparent proxy script. It is recommended that you only edit the first element of outbounds section to your proxy server and edit file `/data/v2ray/appid.list` to select which App to proxy. - Tips: Please notice that the default configuration has already set inbounds section to cooperate work with transparent proxy script. It is recommended that you only edit the first element of outbounds section to your proxy server and edit file `/data/v2ray/appid.list` to select which App to proxy.
@ -59,11 +59,11 @@ You can download the release installer zip file and install it via the Magisk Ma
#### Share transparent proxy to WiFi guest #### Share transparent proxy to WiFi guest or USB guest
- Transparent proxy is share to WiFi guest by default. - Transparent proxy is share to WiFi guest by default.
- If you don't want to share proxy to WiFi guest, delete the file `/data/v2ray/softap.list` or empty it. - If you don't want to share proxy to WiFi guest or USB guest, delete the file `/data/v2ray/softap.list` or empty it.
- For most situation, Android WiFi hotspot interface is `softap0` . If your device is not conform to it , please write down the name of your WiFi hotspot name in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the name of WiFi hotspot interface ) - For most situation, Android WiFi hotspot subnet is `192.168.43.0/24`, and USB subnet is `192.168.42.0/24`. If your device is not conform to it , please write down the subnet you want proxy in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the subnet )

View File

@ -55,7 +55,7 @@ rm "${download_v2ray_zip}"
# copy v2ray data and config # copy v2ray data and config
ui_print "- Copy V2Ray config and data files" ui_print "- Copy V2Ray config and data files"
[ -f /data/v2ray/softap.list ] || \ [ -f /data/v2ray/softap.list ] || \
echo "softap0" > /data/v2ray/softap.list echo "192.168.43.0/24" > /data/v2ray/softap.list
[ -f /data/v2ray/resolv.conf ] || \ [ -f /data/v2ray/resolv.conf ] || \
unzip -j -o "${ZIPFILE}" "v2ray/etc/resolv.conf" -d /data/v2ray >&2 unzip -j -o "${ZIPFILE}" "v2ray/etc/resolv.conf" -d /data/v2ray >&2
unzip -j -o "${ZIPFILE}" "v2ray/etc/config.json.template" -d /data/v2ray >&2 unzip -j -o "${ZIPFILE}" "v2ray/etc/config.json.template" -d /data/v2ray >&2
@ -85,11 +85,12 @@ echo "id=v2ray" > $MODPATH/module.prop
echo "name=V2ray for Android" >> $MODPATH/module.prop echo "name=V2ray for Android" >> $MODPATH/module.prop
echo -n "version=" >> $MODPATH/module.prop echo -n "version=" >> $MODPATH/module.prop
echo ${latest_v2ray_version} >> $MODPATH/module.prop echo ${latest_v2ray_version} >> $MODPATH/module.prop
echo "versionCode=20200815" >> $MODPATH/module.prop echo "versionCode=20200918" >> $MODPATH/module.prop
echo "author=chendefine" >> $MODPATH/module.prop echo "author=chendefine" >> $MODPATH/module.prop
echo "description=V2ray core with service scripts for Android" >> $MODPATH/module.prop echo "description=V2ray core with service scripts for Android" >> $MODPATH/module.prop
inet_uid="3003" inet_uid="3003"
net_raw_uid="3004"
set_perm_recursive $MODPATH 0 0 0755 0644 set_perm_recursive $MODPATH 0 0 0755 0644
set_perm $MODPATH/service.sh 0 0 0755 set_perm $MODPATH/service.sh 0 0 0755
set_perm $MODPATH/uninstall.sh 0 0 0755 set_perm $MODPATH/uninstall.sh 0 0 0755
@ -98,7 +99,7 @@ set_perm $MODPATH/scripts/v2ray.inotify 0 0 0755
set_perm $MODPATH/scripts/v2ray.service 0 0 0755 set_perm $MODPATH/scripts/v2ray.service 0 0 0755
set_perm $MODPATH/scripts/v2ray.tproxy 0 0 0755 set_perm $MODPATH/scripts/v2ray.tproxy 0 0 0755
set_perm $MODPATH/scripts/dnscrypt-proxy.service 0 0 0755 set_perm $MODPATH/scripts/dnscrypt-proxy.service 0 0 0755
set_perm $MODPATH/system/bin/dnscrypt-proxy 0 0 0755
set_perm $MODPATH/system/bin/v2ray ${inet_uid} ${inet_uid} 0755 set_perm $MODPATH/system/bin/v2ray ${inet_uid} ${inet_uid} 0755
set_perm $MODPATH/system/bin/v2ctl ${inet_uid} ${inet_uid} 0755 set_perm $MODPATH/system/bin/v2ctl ${inet_uid} ${inet_uid} 0755
set_perm /data/v2ray ${inet_uid} ${inet_uid} 0755 set_perm /data/v2ray ${inet_uid} ${inet_uid} 0755
set_perm $MODPATH/system/bin/dnscrypt-proxy ${net_raw_uid} ${net_raw_uid} 0755

View File

@ -1,6 +1,6 @@
id=v2ray id=v2ray
name=V2ray for Android name=V2ray for Android
version=latest_version version=latest_version
versionCode=20200815 versionCode=20200918
author=chendefine author=chendefine
description=V2ray core with service scripts for Android description=V2ray core with service scripts for Android

View File

@ -1,183 +0,0 @@
#!/sbin/sh
#################
# Initialization
#################
umask 022
# echo before loading util_functions
ui_print() { echo "$1"; }
require_new_magisk() {
ui_print "*******************************"
ui_print " Please install Magisk v19.0+! "
ui_print "*******************************"
exit 1
}
#########################
# Load util_functions.sh
#########################
OUTFD=$2
ZIPFILE=$3
mount /data 2>/dev/null
[ -f /data/adb/magisk/util_functions.sh ] || require_new_magisk
. /data/adb/magisk/util_functions.sh
[ $MAGISK_VER_CODE -lt 19000 ] && require_new_magisk
if [ $MAGISK_VER_CODE -ge 20400 ]; then
# New Magisk have complete installation logic within util_functions.sh
install_module
exit 0
fi
#################
# Legacy Support
#################
TMPDIR=/dev/tmp
PERSISTDIR=/sbin/.magisk/mirror/persist
is_legacy_script() {
unzip -l "$ZIPFILE" install.sh | grep -q install.sh
return $?
}
print_modname() {
ui_print "*******************************"
ui_print " V2Ray for Android "
ui_print "*******************************"
}
# Override abort as old scripts have some issues
abort() {
ui_print "$1"
$BOOTMODE || recovery_cleanup
[ -n $MODPATH ] && rm -rf $MODPATH
rm -rf $TMPDIR
exit 1
}
rm -rf $TMPDIR 2>/dev/null
mkdir -p $TMPDIR
# Preperation for flashable zips
setup_flashable
# Mount partitions
mount_partitions
# Detect version and architecture
api_level_arch_detect
# Setup busybox and binaries
$BOOTMODE && boot_actions || recovery_actions
##############
# Preparation
##############
# Extract prop file
unzip -o "$ZIPFILE" module.prop -d $TMPDIR >&2
[ ! -f $TMPDIR/module.prop ] && abort "! Unable to extract zip file!"
$BOOTMODE && MODDIRNAME=modules_update || MODDIRNAME=modules
MODULEROOT=$NVBASE/$MODDIRNAME
MODID=`grep_prop id $TMPDIR/module.prop`
MODPATH=$MODULEROOT/$MODID
MODNAME=`grep_prop name $TMPDIR/module.prop`
# Create mod paths
rm -rf $MODPATH 2>/dev/null
mkdir -p $MODPATH
##########
# Install
##########
if is_legacy_script; then
unzip -oj "$ZIPFILE" module.prop install.sh uninstall.sh 'common/*' -d $TMPDIR >&2
# Load install script
. $TMPDIR/install.sh
# Callbacks
print_modname
on_install
# Custom uninstaller
[ -f $TMPDIR/uninstall.sh ] && cp -af $TMPDIR/uninstall.sh $MODPATH/uninstall.sh
# Skip mount
$SKIPMOUNT && touch $MODPATH/skip_mount
# prop file
$PROPFILE && cp -af $TMPDIR/system.prop $MODPATH/system.prop
# Module info
cp -af $TMPDIR/module.prop $MODPATH/module.prop
# post-fs-data scripts
$POSTFSDATA && cp -af $TMPDIR/post-fs-data.sh $MODPATH/post-fs-data.sh
# service scripts
$LATESTARTSERVICE && cp -af $TMPDIR/service.sh $MODPATH/service.sh
ui_print "- Setting permissions"
set_permissions
else
print_modname
unzip -o "$ZIPFILE" customize.sh -d $MODPATH >&2
if ! grep -q '^SKIPUNZIP=1$' $MODPATH/customize.sh 2>/dev/null; then
ui_print "- Extracting module files"
unzip -o "$ZIPFILE" -x 'META-INF/*' -d $MODPATH >&2
# Default permissions
set_perm_recursive $MODPATH 0 0 0755 0644
fi
# Load customization script
[ -f $MODPATH/customize.sh ] && . $MODPATH/customize.sh
fi
# Handle replace folders
for TARGET in $REPLACE; do
ui_print "- Replace target: $TARGET"
mktouch $MODPATH$TARGET/.replace
done
if $BOOTMODE; then
# Update info for Magisk Manager
mktouch $NVBASE/modules/$MODID/update
cp -af $MODPATH/module.prop $NVBASE/modules/$MODID/module.prop
fi
# Copy over custom sepolicy rules
if [ -f $MODPATH/sepolicy.rule -a -e $PERSISTDIR ]; then
ui_print "- Installing custom sepolicy patch"
PERSISTMOD=$PERSISTDIR/magisk/$MODID
mkdir -p $PERSISTMOD
cp -af $MODPATH/sepolicy.rule $PERSISTMOD/sepolicy.rule
fi
# Remove stuffs that don't belong to modules
rm -rf \
$MODPATH/system/placeholder $MODPATH/customize.sh \
$MODPATH/README.md $MODPATH/.git* 2>/dev/null
#############
# Finalizing
#############
cd /
$BOOTMODE || recovery_cleanup
rm -rf $TMPDIR
ui_print "- Done"
exit 0

View File

@ -1,155 +0,0 @@
// Config file of V2Ray. This file follows standard JSON format, with comments support.
// Uncomment entries below to satisfy your needs. Also read our manual for more detail at
// https://www.v2ray.com/
{
"log": {
// By default, V2Ray writes access log to stdout.
// "access": "/path/to/access/log/file",
"access": "none",
// By default, V2Ray write error log to stdout.
// "error": "/path/to/error/log/file",
"error": "/data/v2ray/run/error.log",
// Log level, one of "debug", "info", "warning", "error", "none"
"loglevel": "warning"
},
// List of inbound proxy configurations.
"inbounds": [{
// Port to listen on. You may need root access if the value is less than 1024.
"port": 65535,
// IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
"listen": "0.0.0.0",
// Tag of the inbound proxy. May be used for routing.
"tag": "proxy-inbound",
// Protocol name of inbound proxy.
"protocol": "dokodemo-door",
// Settings of the protocol. Varies based on protocol.
"settings": {
// Disable timeout setting for keeping persistent connection. Such as FCM.
// "timeout": 10,
"network": "tcp,udp",
"followRedirect": true
},
// If you wanna bypass BT streams, you should enable it.
"sniffing": {
"enabled": false
// ,
// "destOverride": ["http", "tls"]
}
}],
// List of outbound proxy configurations.
"outbounds": [{
// Replace your proxy protocol in this section, like: vmess or shadowsocks
"protocol": "freedom",
// Settings of the protocol. Varies based on protocol.
"settings": {},
// Tag of the outbound. May be used for routing.
"tag": "proxy"
},{
// Protocol name of the outbound proxy.
"protocol": "freedom",
// Settings of the protocol. Varies based on protocol.
"settings": {},
// Tag of the outbound. May be used for routing.
"tag": "direct"
},{
"protocol": "blackhole",
"settings": {},
"tag": "blocked"
}],
// Transport is for global transport settings. If you have multiple transports with same settings
// (say mKCP), you may put it here, instead of in each individual inbound/outbounds.
//"transport": {},
// Routing controls how traffic from inbounds are sent to outbounds.
"routing": {
"domainStrategy": "AsIs",
"rules":[
{
// Bypass private IPs.
"type": "field",
"ip": ["geoip:private"],
"outboundTag": "direct"
},
{
// Bypass all china IPs.
"type": "field",
"ip": ["geoip:cn"],
"outboundTag": "direct"
}
//,
//{
// Bypass all china sites.
// "type": "field",
// "domain": ["geosite:cn"],
// "outboundTag": "direct"
//},
//{
// To bypass all BT streams, you should enable sniffing.
// "type": "field",
// "protocol":["bittorrent"],
// "outboundTag": "direct"
//},
//{
// If your network condition not very well, you could bypass dnscrypt-proxy's upstream DNS.
// "type": "field",
// "domain": [
// "cloudflare-dns.com",
// "doh.opendns.com",
// "dns.google"
// ],
// "outboundTag": "direct"
//},
//{
// Blocks major ads.
// "type": "field",
// "domain": ["geosite:category-ads"],
// "outboundTag": "blocked"
//}
]
},
// Policy controls some internal behavior of how V2Ray handles connections.
// It may be on connection level by user levels in 'levels', or global settings in 'system.'
"policy": {
// Connection policys by user levels
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0
}
},
"system": {
"statsInboundUplink": false,
"statsInboundDownlink": false
}
},
// Stats enables internal stats counter.
// This setting can be used together with Policy and Api.
//"stats":{},
// Api enables gRPC APIs for external programs to communicate with V2Ray instance.
//"api": {
//"tag": "api",
//"services": [
// "HandlerService",
// "LoggerService",
// "StatsService"
//]
//},
// You may add other entries to the configuration, but they will not be recognized by V2Ray.
"other": {}
}

View File

@ -45,7 +45,7 @@
}], }],
// List of outbound proxy configurations. // List of outbound proxy configurations.
"outbounds": [{ "outbounds": [{
// Replace your proxy protocol in this section, like: vmess or shadowsocks // Replace your proxy protocol in this section, like: VMESS, VLESS or Shadowsocks
"protocol": "freedom", "protocol": "freedom",
// Settings of the protocol. Varies based on protocol. // Settings of the protocol. Varies based on protocol.

View File

@ -3,7 +3,7 @@
################################## ##################################
listen_addresses = ['127.0.0.1:65534'] listen_addresses = ['127.0.0.1:65534']
max_clients = 250 max_clients = 250
# user_name = 'nobody' # user_name = 'net_raw'
ipv4_servers = true ipv4_servers = true
ipv6_servers = false ipv6_servers = false
dnscrypt_servers = false dnscrypt_servers = false

View File

@ -117,6 +117,14 @@ timeout = 5000
keepalive = 30 keepalive = 30
## Add EDNS-client-subnet information to outgoing queries
##
## Multiple networks can be listed; they will be randomly chosen.
## These networks don't have to match your actual networks.
# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"]
## Response for blocked queries. Options are `refused`, `hinfo` (default) or ## Response for blocked queries. Options are `refused`, `hinfo` (default) or
## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`. ## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`.
## Using the `hinfo` option means that some responses will be lies. ## Using the `hinfo` option means that some responses will be lies.
@ -253,7 +261,7 @@ netprobe_address = '9.9.9.9:53'
## encrypted-dns-server can be configured to use this for access control ## encrypted-dns-server can be configured to use this for access control
## in the [access_control] section ## in the [access_control] section
# query_meta = ["key1:value1", "key2:value2", "token:MySecretToken"] # query_meta = ['key1:value1', 'key2:value2', 'token:MySecretToken']
## Automatic log files rotation ## Automatic log files rotation
@ -386,14 +394,14 @@ cache_neg_max_ttl = 600
## For each `listen_address` the complete URL to access the server will be: ## For each `listen_address` the complete URL to access the server will be:
## `https://<listen_address><path>` (ex: `https://127.0.0.1/dns-query`) ## `https://<listen_address><path>` (ex: `https://127.0.0.1/dns-query`)
# path = "/dns-query" # path = '/dns-query'
## Certificate file and key - Note that the certificate has to be trusted. ## Certificate file and key - Note that the certificate has to be trusted.
## See the documentation (wiki) for more information. ## See the documentation (wiki) for more information.
# cert_file = "localhost.pem" # cert_file = 'localhost.pem'
# cert_key_file = "localhost.pem" # cert_key_file = 'localhost.pem'
@ -641,7 +649,7 @@ cache_neg_max_ttl = 600
# The list below enables workarounds to make non-relayed usage more reliable # The list below enables workarounds to make non-relayed usage more reliable
# until the servers are fixed. # until the servers are fixed.
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-pri', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security'] fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security']
@ -734,13 +742,13 @@ skip_incompatible = false
[dns64] [dns64]
## (Option 1) Static prefix(es) as Pref64::/n CIDRs. ## (Option 1) Static prefix(es) as Pref64::/n CIDRs.
# prefix = ["64:ff9b::/96"] # prefix = ['64:ff9b::/96']
## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs. ## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs.
## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only. ## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only.
## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96). ## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96).
## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only. ## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only.
# resolver = ["[2606:4700:4700::64]:53", "[2001:4860:4860::64]:53"] # resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53']

12
v2ray/etc/dnscrypt-proxy/update-rules.sh Normal file → Executable file
View File

@ -1,18 +1,20 @@
wget -N https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt example-dnscrypt-proxy.toml
wget https://github.com/felixonmars/dnsmasq-china-list/raw/master/accelerated-domains.china.conf
echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/accelerated-domains.china.conf' >dnscrypt-forwarding-rules.txt echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/accelerated-domains.china.conf' >dnscrypt-forwarding-rules.txt
echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-forwarding-rules.txt echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-forwarding-rules.txt
echo '# Thanks to all contributors.' >>dnscrypt-forwarding-rules.txt echo '# Thanks to all contributors.' >>dnscrypt-forwarding-rules.txt
echo '' >>dnscrypt-forwarding-rules.txt echo '' >>dnscrypt-forwarding-rules.txt
cat accelerated-domains.china.conf | grep -v '^#server' | sed -e 's|/| |g' -e 's|^server= ||' | sed 's/114.114.114.114/114.114.114.114,114.114.115.115/g' >>dnscrypt-forwarding-rules.txt cat accelerated-domains.china.conf | grep -v '^#server' | sed -e 's|/| |g' -e 's|^server= ||' | sed 's/114.114.114.114/114.114.114.114,114.114.115.115/g' >>dnscrypt-forwarding-rules.txt
wget -N https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf wget https://github.com/felixonmars/dnsmasq-china-list/raw/master/bogus-nxdomain.china.conf
echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/bogus-nxdomain.china.conf' >dnscrypt-blacklist-ips.txt echo '# Converted from https://github.com/felixonmars/dnsmasq-china-list/blob/master/bogus-nxdomain.china.conf' >dnscrypt-blacklist-ips.txt
echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-blacklist-ips.txt echo '# https://github.com/felixonmars/dnsmasq-china-list' >>dnscrypt-blacklist-ips.txt
echo '# Thanks to all contributors.' >>dnscrypt-blacklist-ips.txt echo '# Thanks to all contributors.' >>dnscrypt-blacklist-ips.txt
echo '' >>dnscrypt-blacklist-ips.txt echo '' >>dnscrypt-blacklist-ips.txt
cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's/bogus-nxdomain=//g' >>dnscrypt-blacklist-ips.txt cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's/bogus-nxdomain=//g' >>dnscrypt-blacklist-ips.txt
#wget -N https://github.com/missdeer/blocklist/raw/master/toblock-without-shorturl-optimized.lst #wget https://github.com/missdeer/blocklist/raw/master/toblock-without-shorturl-optimized.lst
#echo '# Converted from https://github.com/missdeer/blocklist/blob/master/toblock-without-shorturl-optimized.lst' >dnscrypt-blacklist-domains.txt #echo '# Converted from https://github.com/missdeer/blocklist/blob/master/toblock-without-shorturl-optimized.lst' >dnscrypt-blacklist-domains.txt
#echo '# https://github.com/missdeer/blocklist' >>dnscrypt-blacklist-domains.txt #echo '# https://github.com/missdeer/blocklist' >>dnscrypt-blacklist-domains.txt
#echo '# Thanks to all contributors.' >>dnscrypt-blacklist-domains.txt #echo '# Thanks to all contributors.' >>dnscrypt-blacklist-domains.txt
@ -23,7 +25,7 @@ cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's
#echo 'ads[0-9]*' >>dnscrypt-blacklist-domains.txt #echo 'ads[0-9]*' >>dnscrypt-blacklist-domains.txt
#cat toblock-without-shorturl-optimized.lst | grep -v '^#' | tr -s '\n' | tr A-Z a-z | grep -v '^ad\.' | grep -v -e '^ad[0-9]' | grep -v '^ads\.' | grep -v -e '^ads[0-9]' | rev | sort -n | uniq | rev >>dnscrypt-blacklist-domains.txt #cat toblock-without-shorturl-optimized.lst | grep -v '^#' | tr -s '\n' | tr A-Z a-z | grep -v '^ad\.' | grep -v -e '^ad[0-9]' | grep -v '^ads\.' | grep -v -e '^ads[0-9]' | rev | sort -n | uniq | rev >>dnscrypt-blacklist-domains.txt
#wget -N https://github.com/googlehosts/hosts/raw/master/hosts-files/dnscrypt-proxy-cloaking.txt #wget https://github.com/googlehosts/hosts/raw/master/hosts-files/dnscrypt-proxy-cloaking.txt
#echo '# Converted from https://github.com/googlehosts/hosts/blob/master/hosts-files/dnscrypt-proxy-cloaking.txt' >dnscrypt-cloaking-rules.txt #echo '# Converted from https://github.com/googlehosts/hosts/blob/master/hosts-files/dnscrypt-proxy-cloaking.txt' >dnscrypt-cloaking-rules.txt
#echo '# https://github.com/googlehosts/hosts' >>dnscrypt-cloaking-rules.txt #echo '# https://github.com/googlehosts/hosts' >>dnscrypt-cloaking-rules.txt
#echo '# Thanks to all contributors.' >>dnscrypt-cloaking-rules.txt #echo '# Thanks to all contributors.' >>dnscrypt-cloaking-rules.txt
@ -32,4 +34,4 @@ cat bogus-nxdomain.china.conf | grep -v '^#bogus' | grep bogus-nxdomain | sed 's
rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt rm accelerated-domains.china.conf bogus-nxdomain.china.conf toblock-without-shorturl-optimized.lst dnscrypt-proxy-cloaking.txt
wget -N https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy/example-dnscrypt-proxy.toml wget https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-proxy/example-dnscrypt-proxy.toml

View File

@ -1,5 +1,6 @@
#!/system/bin/sh #!/system/bin/sh
dnsmasq_uid="1052"
bin_name="dnscrypt-proxy" bin_name="dnscrypt-proxy"
bin_file="/system/bin/${bin_name}" bin_file="/system/bin/${bin_name}"
run_path="/data/v2ray/run" run_path="/data/v2ray/run"
@ -7,14 +8,11 @@ pid_file="${run_path}/dnscrypt-proxy.pid"
conf_path="/data/v2ray/dnscrypt-proxy" conf_path="/data/v2ray/dnscrypt-proxy"
conf_file="${conf_path}/dnscrypt-proxy.toml" conf_file="${conf_path}/dnscrypt-proxy.toml"
bin_opts="-config ${conf_file}" bin_opts="-config ${conf_file}"
appid_file="/data/v2ray/appid.list"
appid_list=()
softap_file="/data/v2ray/softap.list"
softap_list=()
iptables_wait="iptables" iptables_wait="iptables"
v2ray_share=false v2ray_share=false
proxy_for_app=false softap_file="/data/v2ray/softap.list"
inet_uid="3003" appid_list=()
proxy_for_guest=false
host_ip="127.0.0.1" host_ip="127.0.0.1"
dns_port="65534" dns_port="65534"
proxy_port="65535" proxy_port="65535"
@ -39,15 +37,6 @@ find_netstat_path() {
return 1 return 1
} }
iptables_chain_exist() {
local chain_list="$1"
local target_chain="$2"
if `echo "${chain_list}" | grep -q ":${target_chain} "` ; then
return 0
fi
return 1
}
probe_dnscrypt-proxy_alive() { probe_dnscrypt-proxy_alive() {
[ -f ${pid_file} ] && cmd_file="/proc/`cat ${pid_file}`/cmdline" || return 1 [ -f ${pid_file} ] && cmd_file="/proc/`cat ${pid_file}`/cmdline" || return 1
[ -f ${cmd_file} ] && grep -q "dnscrypt-proxy" ${cmd_file} && return 0 || return 1 [ -f ${cmd_file} ] && grep -q "dnscrypt-proxy" ${cmd_file} && return 0 || return 1
@ -64,101 +53,25 @@ probe_v2ray_listen() {
fi fi
} }
probe_v2ray_target() { check_proxy_guest() {
## add eof to appid and softap file ## add eof to appid and softap file
echo "" >> "${appid_file}" echo "" >> "${softap_file}"
## trim empty line in appid and softap file ## trim empty line in softap file
sed -i '/^$/d' "${appid_file}" sed -i '/^$/d' "${softap_file}"
## probe proxy app
if [ -f ${appid_file} ] ; then
## check appid_file is white-list or black-list
if head -1 "${appid_file}" | grep -q 'bypass' ; then
app_proxy_mode="skip"
else
app_proxy_mode="pick"
fi
## filter appid number
while read appid_line ; do
appid_text=(`echo ${appid_line}`)
for appid_word in ${appid_text[*]} ; do
if echo "${appid_word}" | grep -q '#' ; then
break
elif [ "${appid_word}" -ge 0 ] 2>/dev/null ; then
appid_list=(${appid_list[*]} ${appid_word})
fi
done
done < ${appid_file}
fi
## probe proxy wifi interface ## probe proxy wifi interface
${v2ray_share} && [ -f ${softap_file} ] && softap_list=(`cat ${softap_file}`) || unset softap_list ${v2ray_share} && [ -f ${softap_file} ] && softap_list=(`cat ${softap_file}`) || unset softap_list
## check proxy app or not ## check proxy wifi guest or not
if ( [ "${app_proxy_mode}" = "skip" ] || ( [ "${app_proxy_mode}" = "pick" ] && [ ${#appid_list[@]} -gt 0 ] ) ) ; then [ ${#softap_list[@]} -gt 0 ] && proxy_for_guest=true
proxy_for_app=true
fi
## check enable proxy iptables or not
if ! ( ${proxy_for_app} ) ; then
echo "[Error]: DNS is not proxy for APP."
exit 1
fi
}
probe_uid_app_name() {
app_handle="$2"
if [ "$1" == "0" ] ; then
app_name="root"
else
app_name=`grep " $1 " /data/system/packages.list | cut -d ' ' -f 1`
app_name=`echo ${app_name} | sed 's/ / \& /g'`
fi
if [ "${app_name}" != "" ] ; then
echo "[Info]: ${app_handle} ${app_name} APP's DNS request."
else
echo "[Warning]: APP with uid=$1 is not found."
return 1
fi
}
proxy_app_dns_iptables() {
## create iptables proxy chains for app tcp
${iptables_wait} -t nat -N APP_DNS_PROXY
## bypass v2ray program
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${inet_uid} -j RETURN
## white-list mode
if [ "${app_proxy_mode}" = "pick" ] ; then
## proxy all apps network
if [ "${appid_list[*]}" = "0" ] ; then
echo "[Info]: Proxy all APP's DNS request."
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY_APP_DNS
## proxy assign app
else
for appid in ${appid_list[@]}; do
probe_uid_app_name ${appid} "Proxy" && \
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${appid} -j V2RAY_APP_DNS
done
fi
## black-list mode
elif [ "${app_proxy_mode}" = "skip" ] ; then
for appid in ${appid_list[@]}; do
probe_uid_app_name ${appid} "Ignore" && \
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner ${appid} -j RETURN
done
echo "[Info]: Proxy all remaining APP's DNS request."
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY_APP_DNS
fi
## apply proxy rules to iptables
${iptables_wait} -t nat -A APP_DNS_PROXY -m owner --uid-owner 0 -j V2RAY_APP_DNS
${iptables_wait} -t nat -A OUTPUT -p udp --dport 53 -j APP_DNS_PROXY
} }
create_proxy_iptables() { create_proxy_iptables() {
echo "[Info]: Create DNS proxy chains." echo "[Info]: Proxy local system's DNS request."
## create iptables proxy chains for dns ${iptables_wait} -t nat -A OUTPUT -p udp -m owner --uid-owner 0 --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port}
${iptables_wait} -t nat -N V2RAY_APP_DNS ## proxy wifi guest DNS
## build basic iptables proxy chains check_proxy_guest && \
${iptables_wait} -t nat -A V2RAY_APP_DNS -p udp -j DNAT --to-destination ${host_ip}:${dns_port} if ${proxy_for_guest} ; then
if ! iptables_chain_exist "${iptables_chains}" "APP_DNS_PROXY" && ${proxy_for_app} ; then echo "[Info]: Proxy dnsmasq's DNS request."
## proxy app network ${iptables_wait} -t nat -A OUTPUT -p udp -m owner --uid-owner ${dnsmasq_uid} --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port}
proxy_app_dns_iptables
fi fi
} }
@ -172,23 +85,10 @@ display_dnscrypt-proxy_pid() {
fi fi
} }
flush_endpoint_iptables() { flush_dns_iptables() {
${iptables_wait} -t nat -F V2RAY_APP_DNS 2>/dev/null echo "[Info]: Clean DNS proxy iptables rules."
} ${iptables_wait} -t nat -D OUTPUT -p udp -m owner --uid-owner 0 --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} 2>/dev/null
${iptables_wait} -t nat -D OUTPUT -p udp -m owner --uid-owner ${dnsmasq_uid} --dport 53 -j DNAT --to-destination ${host_ip}:${dns_port} 2>/dev/null
flush_nat_iptables() {
echo "[Info]: Clean nat proxy iptables rules."
local iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " " | grep -o ":[0-9A-Z_]* "`
${iptables_wait} -t nat -D OUTPUT -p udp --dport 53 -j APP_DNS_PROXY 2>/dev/null
if iptables_chain_exist "${iptables_chains}" "APP_DNS_PROXY" ; then
${iptables_wait} -t nat -F APP_DNS_PROXY
${iptables_wait} -t nat -X APP_DNS_PROXY
fi
if iptables_chain_exist "${iptables_chains}" "V2RAY_APP_DNS" ; then
${iptables_wait} -t nat -F V2RAY_APP_DNS
${iptables_wait} -t nat -X V2RAY_APP_DNS
fi
unset iptables_chains
} }
start_dnscrypt-proxy() { start_dnscrypt-proxy() {
@ -198,6 +98,10 @@ start_dnscrypt-proxy() {
elif probe_v2ray_listen ; then elif probe_v2ray_listen ; then
echo "[Info]: Starting ${bin_name} service." echo "[Info]: Starting ${bin_name} service."
mkdir -p ${run_path} mkdir -p ${run_path}
echo -n "" > ${conf_path}/dnscrypt-nxdomain.log
echo -n "" > ${conf_path}/dnscrypt-query.log
chown -R net_raw:net_raw ${conf_path}
chown net_raw:net_raw ${bin_file}
chmod 6755 ${bin_file} chmod 6755 ${bin_file}
nohup ${bin_file} ${bin_opts} & nohup ${bin_file} ${bin_opts} &
sleep 1 sleep 1
@ -231,15 +135,10 @@ suit_iptables_version
case "$1" in case "$1" in
enable) enable)
if start_dnscrypt-proxy ; then start_dnscrypt-proxy && create_proxy_iptables
flush_endpoint_iptables
probe_v2ray_target
sleep 2
create_proxy_iptables
fi
;; ;;
disable) disable)
flush_nat_iptables flush_dns_iptables
stop_dnscrypt-proxy stop_dnscrypt-proxy
;; ;;
status) status)

View File

@ -17,6 +17,13 @@ start_v2ray() {
if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then
${tproxy} enable ${tproxy} enable
[ -f "${dnscrypt_conf}" ] && ${dns_proxy_service} enable [ -f "${dnscrypt_conf}" ] && ${dns_proxy_service} enable
settings put global airplane_mode_on 1
sleep 1
am broadcast -a android.intent.action.AIRPLANE_MODE
sleep 1
settings put global airplane_mode_on 0
sleep 1
am broadcast -a android.intent.action.AIRPLANE_MODE
fi fi
} }

View File

@ -2,6 +2,7 @@
route_id="1130" route_id="1130"
inet_uid="3003" inet_uid="3003"
net_raw_uid="3004"
route_name="v2ray" route_name="v2ray"
proxy_port="65535" proxy_port="65535"
proxy_mark="0x20151130" proxy_mark="0x20151130"
@ -15,7 +16,7 @@ softap_list=()
v2ray_share=false v2ray_share=false
proxy_for_app=false proxy_for_app=false
proxy_for_guest=false proxy_for_guest=false
intranet=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4) intranet=(0.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 224.0.0.0/4 240.0.0.0/4)
suit_iptables_version() { suit_iptables_version() {
iptables_version=`iptables -V | grep -o "v1\.[0-9]"` iptables_version=`iptables -V | grep -o "v1\.[0-9]"`
@ -163,6 +164,7 @@ proxy_app_tcp_iptables() {
probe_uid_app_name ${appid} "Proxy" && \ probe_uid_app_name ${appid} "Proxy" && \
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${appid} -j V2RAY ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${appid} -j V2RAY
done done
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${net_raw_uid} -j V2RAY
fi fi
## black-list mode ## black-list mode
elif [ "${app_proxy_mode}" = "skip" ] ; then elif [ "${app_proxy_mode}" = "skip" ] ; then
@ -174,7 +176,6 @@ proxy_app_tcp_iptables() {
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY
fi fi
## apply proxy rules to iptables ## apply proxy rules to iptables
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner 0 -j V2RAY
${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY ${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY
} }
@ -183,8 +184,8 @@ proxy_guest_tcp_iptables() {
${iptables_wait} -t nat -N GUEST_TCP_PROXY ${iptables_wait} -t nat -N GUEST_TCP_PROXY
## proxy assign softap ## proxy assign softap
for softap in ${softap_list[@]}; do for softap in ${softap_list[@]}; do
echo "[Info]: Proxy ${softap} WiFi guest's TCP network." echo "[Info]: Proxy ${softap} guest's TCP network."
${iptables_wait} -t nat -A GUEST_TCP_PROXY -i ${softap} -j V2RAY ${iptables_wait} -t nat -A GUEST_TCP_PROXY -s ${softap} -j V2RAY
done done
${iptables_wait} -t nat -A PREROUTING -p tcp -j GUEST_TCP_PROXY ${iptables_wait} -t nat -A PREROUTING -p tcp -j GUEST_TCP_PROXY
} }
@ -218,7 +219,7 @@ filter_proxy_iptables() {
${iptables_wait} -t filter -A PROTECT_V2RAY -i lo -j RETURN ${iptables_wait} -t filter -A PROTECT_V2RAY -i lo -j RETURN
## permit assign softap ## permit assign softap
for softap in ${softap_list[@]}; do for softap in ${softap_list[@]}; do
${iptables_wait} -t filter -A PROTECT_V2RAY -i ${softap} -j RETURN ${iptables_wait} -t filter -A PROTECT_V2RAY -s ${softap} -j RETURN
done done
## deny all other visit ## deny all other visit
${iptables_wait} -t filter -A PROTECT_V2RAY -p tcp --dport ${proxy_port} -j DROP ${iptables_wait} -t filter -A PROTECT_V2RAY -p tcp --dport ${proxy_port} -j DROP