combine sh

agh_service.sh

@@ -1,13 +1,15 @@
 #!/system/bin/sh
 
 (
-  until [ "$(getprop init.svc.bootanim)" = "stopped" ]; do
+  while [ "$(getprop init.svc.bootanim)" != "stopped" ]; do
+    echo "Waiting for system to finish booting..." >/data/adb/agh/agh.log
     sleep 5
   done
+  AGH_DIR="/data/adb/agh"
+  SCRIPT_DIR="$AGH_DIR/scripts"
 
-  if [ -f "/data/adb/agh/scripts/start.sh" ]; then
-    /data/adb/agh/scripts/start.sh
-  else
-    echo "File '/data/adb/agh/scripts/start.sh' not found"
-  fi
+  $SCRIPT_DIR/service.sh stop >$AGH_DIR/agh.log 2>&1 &&
+    $SCRIPT_DIR/iptables.sh disable >$AGH_DIR/agh.log 2>&1
+
+  inotifyd $SCRIPT_DIR/inotify.sh /data/adb/modules/AdGuardHome:d,n > /dev/null 2>&1 &
 ) &

changelog.md

@@ -1,4 +1,5 @@
-# Change Log
-## 20240923
+# BREAKING CHANGES
+- 完全重构了模块，请自行备份旧版配置文件（建议直接重新配置）
+- completely refactored the module, please backup the old configuration file by yourself (it is recommended to reconfigure directly)
 - 更新了DNS服务器，以及广告过滤规则
 - update DNS server and ad filter rules

scripts/config.sh

@@ -33,5 +33,6 @@ packages_list=()
 
 # 以下内容无需修改
 system_packages_file="/data/system/packages.list"
-iptables_w="iptables -w 64"
-
+agh_pid_file="/data/adb/agh/bin/agh_pid"
+iptables_w="ip6tables -w 64"
+ip6tables_w="ip6tables -w 64"

scripts/inotify.sh

@@ -0,0 +1,16 @@
+events="$1"
+monitor_dir="$2"
+monitor_file="$3"
+
+AGH_DIR="/data/adb/agh"
+SCRIPT_DIR="$AGH_DIR/scripts"
+
+if [ "${monitor_file}" = "disable" ]; then
+  if [ "${events}" = "d" ]; then
+    $SCRIPT_DIR/service.sh start >$AGH_DIR/agh.log 2>&1 &&
+      $SCRIPT_DIR/iptables.sh enable >$AGH_DIR/agh.log 2>&1
+  elif [ "${events}" = "n" ]; then
+    $SCRIPT_DIR/iptables.sh disable >$AGH_DIR/agh.log 2>&1 &&
+      $SCRIPT_DIR/service.sh stop >$AGH_DIR/agh.log 2>&1
+  fi
+fi

scripts/iptables.sh

@@ -0,0 +1,95 @@
+#!/system/bin/sh
+
+AGH_DIR="/data/adb/agh"
+source "$AGH_DIR/scripts/config.sh"
+
+find_packages_uid() {
+  uid_list=()
+  for package in "${packages_list[@]}"; do
+    uid_list+=$(
+      busybox awk -v p="${package}" '$1~p{print $2}' "${system_packages_file}"
+    )
+  done
+}
+
+enable_iptables() {
+  $iptables_w -t nat -N ADGUARD
+  # return requests from AdGuardHome
+  $iptables_w -t nat -A ADGUARD -m owner --uid-owner $adg_user --gid-owner $adg_group -j RETURN
+  # return requests from bypassed apps
+  if [ "$use_blacklist" = true ]; then
+    if [ ${#uid_list[@]} -ne 0 ]; then
+      for uid in "${uid_list[@]}"; do
+        $iptables_w -t nat -A ADGUARD -m owner --uid-owner $uid -j RETURN
+      done
+    fi
+    # redirect DNS requests to AdGuardHome
+    $iptables_w -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports $redir_port
+    $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports $redir_port
+  else
+    if [ ${#uid_list[@]} -ne 0 ]; then
+      for uid in "${uid_list[@]}"; do
+        $iptables_w -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port
+        $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port
+      done
+    fi
+    $iptables_w -t nat -A ADGUARD -j RETURN
+  fi
+  # apply iptables rules
+  $iptables_w -t nat -I OUTPUT -j ADGUARD
+}
+
+disable_iptables() {
+  $iptables_w -t nat -D OUTPUT -j ADGUARD
+  $iptables_w -t nat -F ADGUARD
+  $iptables_w -t nat -X ADGUARD
+}
+
+enable_ipv6() {
+  # DROP ipv6 DNS requests
+  $ip6tables_w -t filter -A OUTPUT -p udp --dport 53 -j DROP
+  $ip6tables_w -t filter -A OUTPUT -p tcp --dport 53 -j DROP
+  # disable ipv6
+  # sysctl -w net.ipv4.ip_forward=1
+  # sysctl -w net.ipv6.conf.all.forwarding=0
+  # sysctl -w net.ipv6.conf.all.accept_ra=0
+  # sysctl -w net.ipv6.conf.wlan0.accept_ra=0
+  sysctl -w net.ipv6.conf.all.disable_ipv6=1
+  sysctl -w net.ipv6.conf.default.disable_ipv6=1
+  # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1
+}
+
+disable_ipv6() {
+  $ip6tables_w -t filter -D OUTPUT -p udp --dport 53 -j DROP
+  $ip6tables_w -t filter -D OUTPUT -p tcp --dport 53 -j DROP
+  # sysctl -w net.ipv4.ip_forward=1
+  # sysctl -w net.ipv6.conf.all.forwarding=0
+  # sysctl -w net.ipv6.conf.all.accept_ra=0
+  # sysctl -w net.ipv6.conf.wlan0.accept_ra=0
+  sysctl -w net.ipv6.conf.all.disable_ipv6=0
+  sysctl -w net.ipv6.conf.default.disable_ipv6=0
+  # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1
+}
+
+case "$1" in
+enable)
+  enable_iptables
+  if [ "$ipv6" = true ]; then
+    enable_ipv6
+  else
+    disable_ipv6
+  fi
+  ;;
+disable)
+  disable_iptables
+  if [ "$ipv6" = true ]; then
+    disable_ipv6
+  else
+    enable_ipv6
+  fi
+  ;;
+*)
+  echo "Usage: $0 {enable|disable}"
+  exit 1
+  ;;
+esac

scripts/service.sh

@@ -0,0 +1,35 @@
+#!/system/bin/sh
+
+AGH_DIR="/data/adb/agh"
+BIN_DIR="$AGH_DIR/bin"
+SCRIPT_DIR="$AGH_DIR/scripts"
+source "$AGH_DIR/scripts/config.sh"
+
+start_bin() {
+  # to fix https://github.com/AdguardTeam/AdGuardHome/issues/7002
+  export SSL_CERT_DIR="/system/etc/security/cacerts/"
+  busybox setuidgid "$adg_user:$adg_group" "$BIN_DIR/AdGuardHome" --logfile "$BIN_DIR/AdGuardHome.log" --no-check-update &
+  echo $! >"$agh_pid_file"
+}
+
+stop_bin() {
+  kill -9 $(cat "$agh_pid_file")
+  rm "$agh_pid_file"
+}
+
+case "$1" in
+start)
+  start_bin
+  ;;
+stop)
+  stop_bin
+  ;;
+restart)
+  stop_bin
+  start_bin
+  ;;
+*)
+  echo "Usage: $0 {start|stop|restart}"
+  exit 1
+  ;;
+esac