From 17446484d1d1e8de8e0e997285f013b824d0924a Mon Sep 17 00:00:00 2001 From: twoone3 Date: Wed, 25 Sep 2024 21:07:48 +0800 Subject: [PATCH] combine sh --- agh_service.sh | 14 +++--- changelog.md | 5 ++- scripts/apply_iptables.sh | 53 ---------------------- scripts/config.sh | 5 ++- scripts/flush_iptables.sh | 20 --------- scripts/inotify.sh | 16 +++++++ scripts/iptables.sh | 95 +++++++++++++++++++++++++++++++++++++++ scripts/service.sh | 35 +++++++++++++++ scripts/start.sh | 16 ------- 9 files changed, 160 insertions(+), 99 deletions(-) delete mode 100644 scripts/apply_iptables.sh delete mode 100644 scripts/flush_iptables.sh create mode 100644 scripts/inotify.sh create mode 100644 scripts/iptables.sh create mode 100644 scripts/service.sh delete mode 100644 scripts/start.sh diff --git a/agh_service.sh b/agh_service.sh index 91c9823..dd70a19 100644 --- a/agh_service.sh +++ b/agh_service.sh @@ -1,13 +1,15 @@ #!/system/bin/sh ( - until [ "$(getprop init.svc.bootanim)" = "stopped" ]; do + while [ "$(getprop init.svc.bootanim)" != "stopped" ]; do + echo "Waiting for system to finish booting..." >/data/adb/agh/agh.log sleep 5 done + AGH_DIR="/data/adb/agh" + SCRIPT_DIR="$AGH_DIR/scripts" - if [ -f "/data/adb/agh/scripts/start.sh" ]; then - /data/adb/agh/scripts/start.sh - else - echo "File '/data/adb/agh/scripts/start.sh' not found" - fi + $SCRIPT_DIR/service.sh stop >$AGH_DIR/agh.log 2>&1 && + $SCRIPT_DIR/iptables.sh disable >$AGH_DIR/agh.log 2>&1 + + inotifyd $SCRIPT_DIR/inotify.sh /data/adb/modules/AdGuardHome:d,n > /dev/null 2>&1 & ) & diff --git a/changelog.md b/changelog.md index d488582..093f2b8 100644 --- a/changelog.md +++ b/changelog.md @@ -1,4 +1,5 @@ -# Change Log -## 20240923 +# BREAKING CHANGES +- 完全重构了模块,请自行备份旧版配置文件(建议直接重新配置) +- completely refactored the module, please backup the old configuration file by yourself (it is recommended to reconfigure directly) - 更新了DNS服务器,以及广告过滤规则 - update DNS server and ad filter rules \ No newline at end of file diff --git a/scripts/apply_iptables.sh b/scripts/apply_iptables.sh deleted file mode 100644 index bec50e8..0000000 --- a/scripts/apply_iptables.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/system/bin/sh - -AGH_DIR="/data/adb/agh" -exec >"$AGH_DIR/apply.log" 2>&1 -source "$AGH_DIR/scripts/config.sh" - -# find packages uid -uid_list=() -for package in "${packages_list[@]}"; do - uid_list+=$( - busybox awk -v p="${package}" '$1~p{print $2}' "${system_packages_file}" - ) -done - -$iptables_w -t nat -N ADGUARD -# return requests from AdGuardHome -$iptables_w -t nat -A ADGUARD -m owner --uid-owner $adg_user --gid-owner $adg_group -j RETURN -# return requests from bypassed apps -if [ "$use_blacklist" = true ]; then - if [ ${#uid_list[@]} -ne 0 ]; then - for uid in "${uid_list[@]}"; do - $iptables_w -t nat -A ADGUARD -m owner --uid-owner $uid -j RETURN - done - fi - # redirect DNS requests to AdGuardHome - $iptables_w -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports $redir_port - $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports $redir_port -else - if [ ${#uid_list[@]} -ne 0 ]; then - for uid in "${uid_list[@]}"; do - $iptables_w -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port - $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port - done - fi - $iptables_w -t nat -A ADGUARD -j RETURN -fi - -# apply iptables rules -$iptables_w -t nat -I OUTPUT -j ADGUARD - -if [ "$ipv6" = false ]; then - # DROP ipv6 DNS requests - ip6tables -t filter -A OUTPUT -p udp --dport 53 -j DROP - ip6tables -t filter -A OUTPUT -p tcp --dport 53 -j DROP - # disable ipv6 - # sysctl -w net.ipv4.ip_forward=1 - # sysctl -w net.ipv6.conf.all.forwarding=0 - # sysctl -w net.ipv6.conf.all.accept_ra=0 - # sysctl -w net.ipv6.conf.wlan0.accept_ra=0 - sysctl -w net.ipv6.conf.all.disable_ipv6=1 - sysctl -w net.ipv6.conf.default.disable_ipv6=1 - # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 -fi diff --git a/scripts/config.sh b/scripts/config.sh index 95832f1..5a7cb6a 100644 --- a/scripts/config.sh +++ b/scripts/config.sh @@ -33,5 +33,6 @@ packages_list=() # 以下内容无需修改 system_packages_file="/data/system/packages.list" -iptables_w="iptables -w 64" - +agh_pid_file="/data/adb/agh/bin/agh_pid" +iptables_w="ip6tables -w 64" +ip6tables_w="ip6tables -w 64" diff --git a/scripts/flush_iptables.sh b/scripts/flush_iptables.sh deleted file mode 100644 index 19162e5..0000000 --- a/scripts/flush_iptables.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/system/bin/sh - -AGH_DIR="/data/adb/agh" -exec >"$AGH_DIR/flush.log" 2>&1 -source "$AGH_DIR/scripts/config.sh" - -# erase all iptables rules -$iptables_w -t nat -D OUTPUT -j ADGUARD -$iptables_w -t nat -F ADGUARD -$iptables_w -t nat -X ADGUARD - -ip6tables -w 64 -t filter -D OUTPUT -p udp --dport 53 -j DROP -ip6tables -w 64 -t filter -D OUTPUT -p tcp --dport 53 -j DROP -# sysctl -w net.ipv4.ip_forward=1 -# sysctl -w net.ipv6.conf.all.forwarding=0 -# sysctl -w net.ipv6.conf.all.accept_ra=0 -# sysctl -w net.ipv6.conf.wlan0.accept_ra=0 -sysctl -w net.ipv6.conf.all.disable_ipv6=0 -sysctl -w net.ipv6.conf.default.disable_ipv6=0 -# sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 diff --git a/scripts/inotify.sh b/scripts/inotify.sh new file mode 100644 index 0000000..04793bd --- /dev/null +++ b/scripts/inotify.sh @@ -0,0 +1,16 @@ +events="$1" +monitor_dir="$2" +monitor_file="$3" + +AGH_DIR="/data/adb/agh" +SCRIPT_DIR="$AGH_DIR/scripts" + +if [ "${monitor_file}" = "disable" ]; then + if [ "${events}" = "d" ]; then + $SCRIPT_DIR/service.sh start >$AGH_DIR/agh.log 2>&1 && + $SCRIPT_DIR/iptables.sh enable >$AGH_DIR/agh.log 2>&1 + elif [ "${events}" = "n" ]; then + $SCRIPT_DIR/iptables.sh disable >$AGH_DIR/agh.log 2>&1 && + $SCRIPT_DIR/service.sh stop >$AGH_DIR/agh.log 2>&1 + fi +fi diff --git a/scripts/iptables.sh b/scripts/iptables.sh new file mode 100644 index 0000000..add782a --- /dev/null +++ b/scripts/iptables.sh @@ -0,0 +1,95 @@ +#!/system/bin/sh + +AGH_DIR="/data/adb/agh" +source "$AGH_DIR/scripts/config.sh" + +find_packages_uid() { + uid_list=() + for package in "${packages_list[@]}"; do + uid_list+=$( + busybox awk -v p="${package}" '$1~p{print $2}' "${system_packages_file}" + ) + done +} + +enable_iptables() { + $iptables_w -t nat -N ADGUARD + # return requests from AdGuardHome + $iptables_w -t nat -A ADGUARD -m owner --uid-owner $adg_user --gid-owner $adg_group -j RETURN + # return requests from bypassed apps + if [ "$use_blacklist" = true ]; then + if [ ${#uid_list[@]} -ne 0 ]; then + for uid in "${uid_list[@]}"; do + $iptables_w -t nat -A ADGUARD -m owner --uid-owner $uid -j RETURN + done + fi + # redirect DNS requests to AdGuardHome + $iptables_w -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports $redir_port + $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports $redir_port + else + if [ ${#uid_list[@]} -ne 0 ]; then + for uid in "${uid_list[@]}"; do + $iptables_w -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port + $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port + done + fi + $iptables_w -t nat -A ADGUARD -j RETURN + fi + # apply iptables rules + $iptables_w -t nat -I OUTPUT -j ADGUARD +} + +disable_iptables() { + $iptables_w -t nat -D OUTPUT -j ADGUARD + $iptables_w -t nat -F ADGUARD + $iptables_w -t nat -X ADGUARD +} + +enable_ipv6() { + # DROP ipv6 DNS requests + $ip6tables_w -t filter -A OUTPUT -p udp --dport 53 -j DROP + $ip6tables_w -t filter -A OUTPUT -p tcp --dport 53 -j DROP + # disable ipv6 + # sysctl -w net.ipv4.ip_forward=1 + # sysctl -w net.ipv6.conf.all.forwarding=0 + # sysctl -w net.ipv6.conf.all.accept_ra=0 + # sysctl -w net.ipv6.conf.wlan0.accept_ra=0 + sysctl -w net.ipv6.conf.all.disable_ipv6=1 + sysctl -w net.ipv6.conf.default.disable_ipv6=1 + # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 +} + +disable_ipv6() { + $ip6tables_w -t filter -D OUTPUT -p udp --dport 53 -j DROP + $ip6tables_w -t filter -D OUTPUT -p tcp --dport 53 -j DROP + # sysctl -w net.ipv4.ip_forward=1 + # sysctl -w net.ipv6.conf.all.forwarding=0 + # sysctl -w net.ipv6.conf.all.accept_ra=0 + # sysctl -w net.ipv6.conf.wlan0.accept_ra=0 + sysctl -w net.ipv6.conf.all.disable_ipv6=0 + sysctl -w net.ipv6.conf.default.disable_ipv6=0 + # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 +} + +case "$1" in +enable) + enable_iptables + if [ "$ipv6" = true ]; then + enable_ipv6 + else + disable_ipv6 + fi + ;; +disable) + disable_iptables + if [ "$ipv6" = true ]; then + disable_ipv6 + else + enable_ipv6 + fi + ;; +*) + echo "Usage: $0 {enable|disable}" + exit 1 + ;; +esac diff --git a/scripts/service.sh b/scripts/service.sh new file mode 100644 index 0000000..8d0d07d --- /dev/null +++ b/scripts/service.sh @@ -0,0 +1,35 @@ +#!/system/bin/sh + +AGH_DIR="/data/adb/agh" +BIN_DIR="$AGH_DIR/bin" +SCRIPT_DIR="$AGH_DIR/scripts" +source "$AGH_DIR/scripts/config.sh" + +start_bin() { + # to fix https://github.com/AdguardTeam/AdGuardHome/issues/7002 + export SSL_CERT_DIR="/system/etc/security/cacerts/" + busybox setuidgid "$adg_user:$adg_group" "$BIN_DIR/AdGuardHome" --logfile "$BIN_DIR/AdGuardHome.log" --no-check-update & + echo $! >"$agh_pid_file" +} + +stop_bin() { + kill -9 $(cat "$agh_pid_file") + rm "$agh_pid_file" +} + +case "$1" in +start) + start_bin + ;; +stop) + stop_bin + ;; +restart) + stop_bin + start_bin + ;; +*) + echo "Usage: $0 {start|stop|restart}" + exit 1 + ;; +esac diff --git a/scripts/start.sh b/scripts/start.sh deleted file mode 100644 index f0be9fa..0000000 --- a/scripts/start.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/system/bin/sh - -AGH_DIR="/data/adb/agh" -BIN_DIR="$AGH_DIR/bin" -SCRIPT_DIR="$AGH_DIR/scripts" -exec > "$AGH_DIR/start.log" 2>&1 -source "$AGH_DIR/scripts/config.sh" - -# to fix https://github.com/AdguardTeam/AdGuardHome/issues/7002 -export SSL_CERT_DIR="/system/etc/security/cacerts/" -busybox setuidgid "$adg_user:$adg_group" "$BIN_DIR/AdGuardHome" --logfile "$BIN_DIR/AdGuardHome.log" --no-check-update & - -sleep 3 -if [ "$manual" = false ]; then - "$SCRIPT_DIR/apply_iptables.sh" -fi