From 58d832616294726bd7e30ef451b7e6c4960ad48f Mon Sep 17 00:00:00 2001 From: twoone3 Date: Thu, 26 Sep 2024 12:46:51 +0800 Subject: [PATCH] new version --- README.md | 12 +++--- README_en.md | 21 +++++------ agh_service.sh | 6 +-- bin/data/filters/1721483069.txt | 19 +++++++++- changelog.md | 12 +++++- customize.sh | 8 ++-- module.prop | 2 +- scripts/config.sh | 2 +- scripts/inotify.sh | 8 ++-- scripts/iptables.sh | 67 +++++++++++++++++---------------- version.json | 2 +- 11 files changed, 93 insertions(+), 66 deletions(-) diff --git a/README.md b/README.md index 956559e..2e59745 100644 --- a/README.md +++ b/README.md @@ -17,11 +17,14 @@ # 特性 - 主 DNS 为腾讯和阿里,备用 DNS 为 Cloudflare 和 Google,你可以在 AdGuardHome 的 DNS 设置里更改来满足你的需求 - 仅内置[秋风广告规则](https://github.com/TG-Twilight/AWAvenue-Ads-Rule),精准,轻量,少误杀 +- 在 Magisk/KernelSU 中可以通过模块开关实时启动/关闭模块 +- 可修改位于 `/data/adb/agh/scripts/config.sh` 的配置文件来调整配置 +- 覆盖安装时会自动给原模块创建备份 # FAQ > Q: 为什么模块无法屏蔽某些广告? -> A: 模块通过转发 53 端口的 DNS 请求来实现广告屏蔽,因此无法屏蔽通过 HTTPS 传输的广告,如 Youtube、Twitter 等 +> A: 模块通过转发 53 端口的 DNS 请求来实现广告屏蔽,因此无法屏蔽通过 HTTPS 传输的广告,以及与正常内容同域名的广告,如 知乎,Youtube 等 > Q: 为什么装上模块后访问页面变慢? @@ -31,13 +34,10 @@ > A: 由于公共 DNS 请求较慢,模块默认配置文件里开启了乐观缓存,可能导致一些过时的 IP 在过期后仍然被使用,可在后台清理DNS缓存来缓解,或者关闭乐观缓存 -> Q: 模块可以与代理软件一起使用吗? +> Q: 模块可以与其它代理模块/软件一起使用吗? -> A: 可以,但是可能会导致一些问题,如某些节点无法访问,如这种情况很严重,请参见上一条 FAQ,关闭乐观缓存 +> A: 可以,一般的代理app可以直接兼容,且 AdGuardHome 的 DNS 查询会经过 VPN,其它代理模块看情况使用,可关闭自动 iptables 规则当作普通 DNS 使用 -> Q: 模块与其它代理模块冲突吗? - -> A: 不冲突,将代理模块的 DNS 服务器填写为 127.0.0.1:5591 即可 # 鸣谢 - [AdguardHome_magisk](https://github.com/410154425/AdGuardHome_magisk) diff --git a/README_en.md b/README_en.md index 9673bd5..a30613d 100644 --- a/README_en.md +++ b/README_en.md @@ -17,27 +17,26 @@ Follow our channel for the latest news, or join our group for discussion! # Features - The primary DNS is Tencent DNSPod public DNS and AliCloud DNS, the backup DNS is Cloudflare DNS and Google DNS, you can change the DNS settings in AdGuardHome to meet your needs. - Only built-in [Autumn Breeze Ad Rule](https://github.com/TG-Twilight/AWAvenue-Ads-Rule), accurate, lightweight, and low false positives. +- In Magisk/KernelSU, you can start/stop the module in real-time through the module switch. +- You can modify the configuration file located in `/data/adb/agh/scripts/config.sh` to adjust the configuration. +- When overwriting installation, the original module will be automatically backed up. # FAQ > Q: Why can't the module block some ads? -> A: The module blocks ads by forwarding DNS requests on port 53, so it can't block ads delivered over HTTPS, such as Youtube, Twitter, etc. +> A: The module blocks ads by forwarding DNS requests on port 53, so it cannot block ads transmitted over HTTPS or ads on the same domain as normal content, such as Zhihu, Youtube, etc. -> Q: Why the page access slows down after installing the module? +> Q: Why does the page slow down after installing the module? -> A: Because the module forwards all DNS requests to AdGuardHome, which in turn forwards them to the upstream public DNS, there is an extra layer of forwarding, but the module has optimistic caching turned on by default, which greatly reduces the latency on the second visit. +> A: Because the module forwards all DNS requests to AdGuardHome, which then forwards them to the upstream public DNS, adding an extra layer of forwarding, but the module has optimistic caching enabled by default, which greatly reduces latency on the second visit. -> Q: Why the page that was accessible is not accessible after a while? +> Q: Why can't I access a page that I could access before after a while? -> A: Due to the slower public DNS requests, the module has optimistic caching enabled in the default configuration file, which may lead to some outdated IPs still being used after the expiration date, you can clean up DNS cache in the background to alleviate the problem, or turn off optimistic caching. +> A: Because public DNS requests are slow, the module's default configuration file has optimistic caching enabled, which may cause some outdated IPs to continue to be used after they expire, you can clear the DNS cache in the background to alleviate this, or disable optimistic caching. -> Q: Can the module be used with proxy software? +> Q: Can the module be used with other proxy modules/software? -> A: Yes, but it may cause some problems, such as some nodes being unreachable. If this is a serious issue, please see the previous FAQ to turn off optimistic caching. - -> Q: Does the module conflict with other proxy modules? - -> A: No, you can use 127.0.0.1:5591 as the DNS server of the proxy module. +> A: Yes, general proxy apps are directly compatible, and AdGuardHome's DNS queries will pass through the VPN, other proxy modules can be used as needed, you can disable automatic iptables rules to use it as a regular DNS. # Acknowledgments - [AdguardHome_magisk](https://github.com/410154425/AdGuardHome_magisk) diff --git a/agh_service.sh b/agh_service.sh index dd70a19..f06f2c0 100644 --- a/agh_service.sh +++ b/agh_service.sh @@ -8,8 +8,8 @@ AGH_DIR="/data/adb/agh" SCRIPT_DIR="$AGH_DIR/scripts" - $SCRIPT_DIR/service.sh stop >$AGH_DIR/agh.log 2>&1 && - $SCRIPT_DIR/iptables.sh disable >$AGH_DIR/agh.log 2>&1 + $SCRIPT_DIR/service.sh start >>$AGH_DIR/agh.log 2>&1 && + $SCRIPT_DIR/iptables.sh enable >>$AGH_DIR/agh.log 2>&1 - inotifyd $SCRIPT_DIR/inotify.sh /data/adb/modules/AdGuardHome:d,n > /dev/null 2>&1 & + inotifyd $SCRIPT_DIR/inotify.sh /data/adb/modules/AdGuardHome:d,n >/dev/null 2>&1 & ) & diff --git a/bin/data/filters/1721483069.txt b/bin/data/filters/1721483069.txt index 14094be..490e559 100644 --- a/bin/data/filters/1721483069.txt +++ b/bin/data/filters/1721483069.txt @@ -35,6 +35,7 @@ ||adcolony.com^ ||adexpo.tencentmusic.com^ ||adfilter.imtt.qq.com^ +||adfstat.yandex.ru^ ||adguanggao.eee114.com^ ||adjust.cn^ ||adjust.com^ @@ -56,12 +57,15 @@ ||ads.huan.tv^ ||ads.huantest.com^ ||ads.icloseli.cn^ +||ads.linkedin.com^ ||ads.music.126.net^ ||ads.oppomobile.com^ ||ads.pinterest.com^ ||ads.servebom.com^ ||ads.service.kugou.com^ +||ads.tiktok.com^ ||ads.v3mh.com^ +||ads.youtube.com^ ||ads3-normal-hl.zijieapi.com^ ||ads3-normal-lf.zijieapi.com^ ||ads3-normal-lq.zijieapi.com^ @@ -71,6 +75,7 @@ ||ads5-normal-lq.zijieapi.com^ ||ads5-normal.zijieapi.com^ ||adsense.google.cn^ +||adserver.unityads.unity3d.com^ ||adservice.google.cn^ ||adservice.google.com^ ||adserviceretry.kugou.com^ @@ -124,10 +129,13 @@ ||analytics.95516.com^ ||analytics.google.com^ ||analytics.pinterest.com^ +||analytics.pointdrive.linkedin.com^ ||analytics.query.yahoo.com^ ||analytics.rayjump.com^ +||analytics.s3.amazonaws.com^ ||analytics.tiktok.com^ ||analytics.woozooo.com^ +||analyticsengine.s3.amazonaws.com^ ||analyze.lemurbrowser.com^ ||andrqd.play.aiseet.atianqi.com^ ||ap.dongqiudi.com^ @@ -158,6 +166,7 @@ ||applog.uc.cn^ ||applog.zijieapi.com^ ||ata-sdk-uuid-report.dreport.meituan.net^ +||auction.unityads.unity3d.com^ ||audid-api.taobao.com^ ||audid.umeng.com^ ||azr.footprintdns.com^ @@ -196,11 +205,14 @@ ||chat1.jd.com^ ||chiq-cloud.com^ ||cj.qidian.com^ +||click.googleanalytics.com^ +||click.oneplus.cn^ ||clog.miguvideo.com^ ||cnzz.com^ ||collect.kugou.com^ ||commdata.v.qq.com^ ||config.chsmarttv.com^ +||config.unityads.unity3d.com^ ||conn-service-cn-03.allawntech.com^ ||conn-service-cn-04.allawntech.com^ ||conn-service-cn-05.allawntech.com^ @@ -238,6 +250,8 @@ ||errnewlog.umeng.com^ ||event.tradplusad.com^ ||events-drcn.op.dbankcloud.cn^ +||events.reddit.com^ +||events.redditmedia.com^ ||firebaselogging-pa.googleapis.com^ ||flurry.com^ ||g-staic.ganjingworld.com^ @@ -297,6 +311,8 @@ ||img.adnyg.com^ ||img.adnyg.com.w.kunlungr.com^ ||imtmp.net^ +||iot-eu-logser.realme.com^ +||iot-logser.realme.com^ ||ipv4.kkmh.com^ ||irc.qubiankeji.com^ ||itv2-up.openspeech.cn^ @@ -485,6 +501,7 @@ ||static.ads-twitter.com^ ||statics.woozooo.com^ ||stats.qiumibao.com^ +||stats.wp.com^ ||statsigapi.net^ ||success.ctobsnssdk.com^ ||syh-imp.cdnjtzy.com^ @@ -593,6 +610,7 @@ ||weather-analytics-events.apple.com^ ||weather-community-drcn.weather.dbankcloud.cn^ ||webstat.qiumibao.com^ +||webview.unityads.unity3d.com^ ||widgets.outbrain.com^ ||widgets.pinterest.com^ ||win.gdt.qq.com^ @@ -623,7 +641,6 @@ /.*\.a\.market\.xiaomi\.com/ /.*\.data\.hicloud\.com/ /.*\.log\.aliyuncs\.com/ -/.*\.shouji\.sogou\.com/ /[a-zA-Z0-9.-]*-ad-[a-zA-Z0-9.-]*\.byteimg\.com/ /[a-zA-Z0-9.-]*-ad\.sm\.cn/ /[a-zA-Z0-9.-]*-ad\.video\.yximgs\.com/ diff --git a/changelog.md b/changelog.md index 093f2b8..f9efe79 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,13 @@ # BREAKING CHANGES - 完全重构了模块,请自行备份旧版配置文件(建议直接重新配置) - completely refactored the module, please backup the old configuration file by yourself (it is recommended to reconfigure directly) -- 更新了DNS服务器,以及广告过滤规则 -- update DNS server and ad filter rules \ No newline at end of file +- 更新了DNS服务器,以及广告过滤规则,以及README.md +- update DNS server and ad filter rules and README.md +- 新增了配置文件,可以在`/data/adb/agh/scripts/config.sh`中修改配置 +- added configuration file, you can modify the configuration in `/data/adb/agh/scripts/config.sh` +- 新增在 Magisk/KernelSU 中实时启动/停止模块的功能 +- added the ability to start/stop the module in real-time in Magisk/KernelSU +- 修改备份逻辑,现在会自动备份原模块 +- modified the backup logic, now it will automatically backup the original module +- 新增黑白名单功能,理论上是可以分应用,不过目前貌似没有效果,请自行测试 +- added black and white list function, theoretically can be separated by application, but currently seems to have no effect, please test by yourself \ No newline at end of file diff --git a/customize.sh b/customize.sh index f766b7d..224eea9 100644 --- a/customize.sh +++ b/customize.sh @@ -26,11 +26,11 @@ unzip -o "$ZIPFILE" "bin/*" -d $AGH_DIR ui_print "- Setting permissions..." chmod +x "$BIN_DIR/AdGuardHome" -chmod +x "$SCRIPT_DIR/apply_iptables.sh" -chmod +x "$SCRIPT_DIR/flush_iptables.sh" -chmod +x "$SCRIPT_DIR/start.sh" +chmod +x "$SCRIPT_DIR/inotify.sh" +chmod +x "$SCRIPT_DIR/iptables.sh" +chmod +x "$SCRIPT_DIR/service.sh" chmod +x "$SERVICE_DIR/agh_service.sh" chmod +x "$MODPATH/uninstall.sh" chown root:net_raw "$BIN_DIR/AdGuardHome" -ui_print "- Installation is complete, please restart your device." +ui_print "- Installation completed, please reboot." diff --git a/module.prop b/module.prop index 35649d0..23268ea 100644 --- a/module.prop +++ b/module.prop @@ -1,6 +1,6 @@ id=AdGuardHome name=AdGuardHome for Magisk -version=20240924 +version=20240926 versionCode=19 author=twoone3 description=Filter ads at the DNS level diff --git a/scripts/config.sh b/scripts/config.sh index 5a7cb6a..4456c38 100644 --- a/scripts/config.sh +++ b/scripts/config.sh @@ -34,5 +34,5 @@ packages_list=() # 以下内容无需修改 system_packages_file="/data/system/packages.list" agh_pid_file="/data/adb/agh/bin/agh_pid" -iptables_w="ip6tables -w 64" +iptables_w="iptables -w 64" ip6tables_w="ip6tables -w 64" diff --git a/scripts/inotify.sh b/scripts/inotify.sh index 04793bd..b257ce4 100644 --- a/scripts/inotify.sh +++ b/scripts/inotify.sh @@ -7,10 +7,10 @@ SCRIPT_DIR="$AGH_DIR/scripts" if [ "${monitor_file}" = "disable" ]; then if [ "${events}" = "d" ]; then - $SCRIPT_DIR/service.sh start >$AGH_DIR/agh.log 2>&1 && - $SCRIPT_DIR/iptables.sh enable >$AGH_DIR/agh.log 2>&1 + $SCRIPT_DIR/service.sh start >>$AGH_DIR/agh.log 2>&1 && + $SCRIPT_DIR/iptables.sh enable >>$AGH_DIR/agh.log 2>&1 elif [ "${events}" = "n" ]; then - $SCRIPT_DIR/iptables.sh disable >$AGH_DIR/agh.log 2>&1 && - $SCRIPT_DIR/service.sh stop >$AGH_DIR/agh.log 2>&1 + $SCRIPT_DIR/iptables.sh disable >>$AGH_DIR/agh.log 2>&1 && + $SCRIPT_DIR/service.sh stop >>$AGH_DIR/agh.log 2>&1 fi fi diff --git a/scripts/iptables.sh b/scripts/iptables.sh index add782a..3c2d0aa 100644 --- a/scripts/iptables.sh +++ b/scripts/iptables.sh @@ -13,62 +13,65 @@ find_packages_uid() { } enable_iptables() { - $iptables_w -t nat -N ADGUARD + ${iptables_w} -t nat -N ADGUARD # return requests from AdGuardHome - $iptables_w -t nat -A ADGUARD -m owner --uid-owner $adg_user --gid-owner $adg_group -j RETURN + ${iptables_w} -t nat -A ADGUARD -m owner --uid-owner $adg_user --gid-owner $adg_group -j RETURN # return requests from bypassed apps if [ "$use_blacklist" = true ]; then + find_packages_uid if [ ${#uid_list[@]} -ne 0 ]; then for uid in "${uid_list[@]}"; do - $iptables_w -t nat -A ADGUARD -m owner --uid-owner $uid -j RETURN + ${iptables_w} -t nat -A ADGUARD -m owner --uid-owner $uid -j RETURN done fi # redirect DNS requests to AdGuardHome - $iptables_w -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports $redir_port - $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports $redir_port + ${iptables_w} -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports $redir_port + ${iptables_w} -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports $redir_port else if [ ${#uid_list[@]} -ne 0 ]; then for uid in "${uid_list[@]}"; do - $iptables_w -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port - $iptables_w -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port + ${iptables_w} -t nat -A ADGUARD -p udp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port + ${iptables_w} -t nat -A ADGUARD -p tcp --dport 53 -m owner --uid-owner $uid -j REDIRECT --to-ports $redir_port done fi - $iptables_w -t nat -A ADGUARD -j RETURN + ${iptables_w} -t nat -A ADGUARD -j RETURN fi # apply iptables rules - $iptables_w -t nat -I OUTPUT -j ADGUARD + ${iptables_w} -t nat -I OUTPUT -j ADGUARD } disable_iptables() { - $iptables_w -t nat -D OUTPUT -j ADGUARD - $iptables_w -t nat -F ADGUARD - $iptables_w -t nat -X ADGUARD + ${iptables_w} -t nat -D OUTPUT -j ADGUARD + ${iptables_w} -t nat -F ADGUARD + ${iptables_w} -t nat -X ADGUARD } enable_ipv6() { - # DROP ipv6 DNS requests - $ip6tables_w -t filter -A OUTPUT -p udp --dport 53 -j DROP - $ip6tables_w -t filter -A OUTPUT -p tcp --dport 53 -j DROP - # disable ipv6 - # sysctl -w net.ipv4.ip_forward=1 - # sysctl -w net.ipv6.conf.all.forwarding=0 - # sysctl -w net.ipv6.conf.all.accept_ra=0 - # sysctl -w net.ipv6.conf.wlan0.accept_ra=0 - sysctl -w net.ipv6.conf.all.disable_ipv6=1 - sysctl -w net.ipv6.conf.default.disable_ipv6=1 - # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 -} + # $ip6tables_w -t filter -D OUTPUT -p udp --dport 53 -j DROP + # $ip6tables_w -t filter -D OUTPUT -p tcp --dport 53 -j DROP -disable_ipv6() { - $ip6tables_w -t filter -D OUTPUT -p udp --dport 53 -j DROP - $ip6tables_w -t filter -D OUTPUT -p tcp --dport 53 -j DROP - # sysctl -w net.ipv4.ip_forward=1 - # sysctl -w net.ipv6.conf.all.forwarding=0 - # sysctl -w net.ipv6.conf.all.accept_ra=0 - # sysctl -w net.ipv6.conf.wlan0.accept_ra=0 + sysctl -w net.ipv4.ip_forward=1 + sysctl -w net.ipv6.conf.all.forwarding=1 + + sysctl -w net.ipv6.conf.all.accept_ra=2 + sysctl -w net.ipv6.conf.wlan0.accept_ra=2 sysctl -w net.ipv6.conf.all.disable_ipv6=0 sysctl -w net.ipv6.conf.default.disable_ipv6=0 - # sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 + sysctl -w net.ipv6.conf.wlan0.disable_ipv6=0 +} + +disable_ipv6() { + # $ip6tables_w -t filter -A OUTPUT -p udp --dport 53 -j DROP + # $ip6tables_w -t filter -A OUTPUT -p tcp --dport 53 -j DROP + + sysctl -w net.ipv4.ip_forward=1 + sysctl -w net.ipv6.conf.all.forwarding=0 + + sysctl -w net.ipv6.conf.all.accept_ra=0 + sysctl -w net.ipv6.conf.wlan0.accept_ra=0 + sysctl -w net.ipv6.conf.all.disable_ipv6=1 + sysctl -w net.ipv6.conf.default.disable_ipv6=1 + sysctl -w net.ipv6.conf.wlan0.disable_ipv6=1 } case "$1" in diff --git a/version.json b/version.json index 694e5a1..b1ec922 100644 --- a/version.json +++ b/version.json @@ -1,6 +1,6 @@ { "versionCode": 19, - "version": "20240924", + "version": "20240926", "zipUrl": "https://github.com/twoone-3/AdGuardHomeForMagisk/releases/latest/download/AdGuardHomeForMagisk-arm64.zip", "changelog": "https://raw.githubusercontent.com/twoone-3/AdGuardHomeForMagisk/main/changelog.md" } \ No newline at end of file