更改DNS上游，增加备用DNS，修改grp为net_raw

twoone-3 · Dec 19, 2023 · 7fc89ae · 7fc89ae
1 parent b2fffc8
commit 7fc89ae
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -4,18 +4,15 @@
 ![Static Badge](https://img.shields.io/badge/arm--64-support-blue)
 ![GitHub all releases](https://img.shields.io/github/downloads/twoone-3/AdguardHome/total)
 
-加入我们的 [Telegram](https://t.me/adguardhome_for_magisk_release) 频道获取最新信息
+加入我们的 [Telegram](https://t.me/adguardhome_for_magisk_release) 频道获取最新信息以及FAQ
+
+# 用法
+- 在 Magisk/KernelSU 刷入后重启即可使用
 
 # 特性
 - DNS上游为DoH，稳定，减少污染
 - 仅内置[秋风广告规则](https://github.com/TG-Twilight/AWAvenue-Ads-Rule)，省电，不误杀
 
-# 特殊使用环境说明
-1. 代理软件：Clash Meta for Android 代理的应用无法过滤（可设置分应用来达到过滤效果），其它软件自行测试。
-2. 免流类Magisk模块：免流类模块在全局规则模式都可以使用。
-3. 翻墙类Magisk模块：AdGuard Home后台里的DNS上游需全部删除，加一条：127.0.0.1:X (X是翻墙模块的监听端口)，才可以使用。
-4. 模块默认监听端口为5591，若你有特殊需求，可在AdGuardHome.yaml文件修改 port: 5591 需要重启生效。
-
 # 鸣谢
 - [AdguardHome_magisk](https://github.com/410154425/AdGuardHome_magisk)
 - [akashaProxy](https://github.com/ModuleList/akashaProxy)
diff --git a/bin/AdGuardHome.yaml b/bin/AdGuardHome.yaml
@@ -23,18 +23,17 @@ dns:
   ratelimit_whitelist: []
   refuse_any: true
   upstream_dns:
-    - 114.114.114.114
-    - 223.5.5.5
-    - 180.76.76.76
-    - 119.29.29.29
+    - https://223.5.5.5/dns-query
+    - https://1.12.12.12/dns-query
   upstream_dns_file: ""
   bootstrap_dns:
-    - 9.9.9.10
-    - 149.112.112.10
-    - 2620:fe::10
-    - 2620:fe::fe:10
-  fallback_dns: []
-  all_servers: false
+    - 127.0.0.1
+  fallback_dns:
+    - https://223.6.6.6/dns-query
+    - https://120.53.53.53/dns-query
+    - https://8.8.8.8/dns-query
+    - https://1.1.1.1/dns-query
+  all_servers: true
   fastest_addr: false
   fastest_timeout: 1s
   allowed_clients: []
@@ -46,10 +45,10 @@ dns:
   trusted_proxies:
     - 127.0.0.0/8
     - ::1/128
-  cache_size: 4194304
+  cache_size: 33554432
   cache_ttl_min: 300
   cache_ttl_max: 3600
-  cache_optimistic: false
+  cache_optimistic: true
   bogus_nxdomain: []
   aaaa_disabled: false
   enable_dnssec: false
@@ -88,7 +87,7 @@ tls:
   strict_sni_check: false
 querylog:
   ignored: []
-  interval: 6h
+  interval: 1h
   size_memory: 1000
   enabled: true
   file_enabled: true
@@ -102,7 +101,9 @@ filters:
     name: 秋风广告规则
     id: 1700480708
 whitelist_filters: []
-user_rules: []
+user_rules:
+  - '@@||pglstatp-toutiao.com^$important'
+  - ""
 dhcp:
   enabled: false
   interface_name: ""
@@ -144,8 +145,8 @@ filtering:
   safesearch_cache_size: 1048576
   parental_cache_size: 1048576
   cache_time: 30
-  filters_update_interval: 24
-  blocked_response_ttl: 10
+  filters_update_interval: 72
+  blocked_response_ttl: 30
   filtering_enabled: true
   parental_enabled: false
   safebrowsing_enabled: false

diff --git a/customize.sh b/customize.sh
@@ -1,10 +1,12 @@
-ui_print " -------------------------- "
-ui_print " ------ 安装中，请稍等 ------ "
-
 if [ "$ARCH" != "arm64" ]; then
-  ui_print " 仅支持arm64架构，安装失败 "
+  ui_print "仅支持arm64架构，安装失败"
   exit 1
 fi
 
-ui_print " ----- 安装已完成，请重启 ---- "
-ui_print " -------------------------- "
+ADG_DIR="$MODPATH/bin"
+chmod 777 "$ADG_DIR/AdGuardHome"
+# TODO: 研究用户组对程序运行有什么影响
+chgrp net_raw "$ADG_DIR/AdGuardHome"
+chgrp net_raw "$ADG_DIR/AdGuardHome.yaml"
+
+ui_print "安装成功"
diff --git a/module.prop b/module.prop
@@ -1,6 +1,6 @@
 id=AdGuardHome
 name=AdGuardHome for Magisk
-version=20231218
-versionCode=6
+version=20231219
+versionCode=7
 author=twoone3
 description=通过DNS层面过滤广告、防DNS劫持，后台地址http://127.0.0.1:3000，用户名/密码root
diff --git a/service.sh b/service.sh
@@ -3,10 +3,7 @@ until [ $(getprop sys.boot_completed) ]; do
 done
 MODDIR="${0%/*}"
 ADG_DIR="$MODDIR/bin"
-chmod +x "$ADG_DIR/AdGuardHome"
-chown "root:adguard" "$ADG_DIR/AdGuardHome"
-chown "root:adguard" "$ADG_DIR/AdGuardHome.yaml"
-setuidgid "root:adguard" "$ADG_DIR/AdGuardHome" >"$ADG_DIR/AdGuardHome.log" 2>&1 &
+setuidgid root:net_raw "$ADG_DIR/AdGuardHome" >"$ADG_DIR/AdGuardHome.log" 2>&1 &
 
 # 读取配置文件的端口
 adhome_port="$(cat "$ADG_DIR/AdGuardHome.yaml" | egrep '^  port: ' | sed -n 's/  port: //g;s/ //g;$p')"
@@ -15,7 +12,7 @@ apply_rules() {
 	# 新建规则链
 	iptables -t nat -N ADGUARD
 	# 返回所有 AdGuardHome 的请求
-	iptables -t nat -A ADGUARD -m owner --uid-owner "root" --gid-owner "adguard" -j RETURN
+	iptables -t nat -A ADGUARD -m owner --uid-owner root --gid-owner net_raw -j RETURN
 	# 将 53 端口所有 udp tcp 流量转发到 adguard home
 	iptables -t nat -A ADGUARD -p udp --dport 53 -j REDIRECT --to-ports ${adhome_port}
 	iptables -t nat -A ADGUARD -p tcp --dport 53 -j REDIRECT --to-ports ${adhome_port}