refine pdnsd settings

shadowsocks · Dec 14, 2014 · 0f5651f · 0f5651f
1 parent f258de3
commit 0f5651f
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 33 deletions.
diff --git a/src/main/res/values/configs.xml b/src/main/res/values/configs.xml
@@ -2,4 +2,5 @@
 <resources>
   <string name="exclude">".cn",".07073.com",".10010.com",".100ye.com",".114la.com",".115.com",".120ask.com",".126.com",".126.net",".1616.net",".163.com",".17173.com",".1778.com",".178.com",".17u.com",".19lou.com",".1o26.com",".1ting.com",".21cn.com",".2345.com",".265.com",".265g.com",".28.com",".28tui.com",".2hua.com",".2mdn.net",".315che.com",".3366.com",".360buy.com",".360buyimg.com",".360doc.com",".36kr.com",".39.net",".3dmgame.com",".4399.com",".4738.com",".500wan.com",".51.com",".51.la",".5173.com",".51auto.com",".51buy.com",".51cto.com",".51fanli.com",".51job.com",".52kmh.com",".52pk.net",".52tlbb.com",".53kf.com",".55bbs.com",".55tuan.com",".56.com",".58.com",".591hx.com",".5d6d.net",".61.com",".70e.com",".777wyx.com",".778669.com",".7c.com",".7k7k.com",".88db.com",".91.com",".99bill.com",".akamaitechnologies.com",".akamaitech.net",".akamai.net",".a135.net",".abang.com",".abchina.com",".ad1111.com",".admin5.com",".adnxs.com",".adobe.com",".adroll.com",".ads8.com",".adsame.com",".adsonar.com",".adtechus.com",".aibang.com",".aifang.com",".aili.com",".aipai.com",".aizhan.com",".ali213.net",".alibaba.com",".alicdn.com",".aliexpress.com",".alimama.com",".alipay.com",".alipayobjects.com",".alisoft.com",".alivv.com",".aliyun.com",".allyes.com",".amazon.com",".anjuke.com",".anzhi.com",".aol.com",".apple.com",".arpg2.com",".atdmt.com",".b2b168.com",".babytree.com",".baidu.com",".baidupcs.com",".baihe.com",".baixing.com",".bankcomm.com",".baomihua.com",".bdimg.com",".bdstatic.com",".bendibao.com",".betrad.com",".bilibili.tv",".bing.com",".bitauto.com",.blogchina.com",".blueidea.com",".bluekai.com",".booksky.org",".cachefly.net",".caixin.com",".ccb.com",".ccidnet.com",".cctv.com",".china.com",".chinabyte.com",".chinahr.com",".chinanews.com",".chinaunix.net",".chinaw3.com",".chinaz.com",".chuangelm.com",".ci123.com",".cmbchina.com",".cnbeta.com",".cnblogs.com",".cncn.com",".cnhubei.com",".cnki.net",".cnmo.com",".cnxad.com",".cnzz.com",".cocoren.com",".compete.com",".comsenz.com",".coo8.com",".cqnews.net",".crsky.com",".csdn.net",".ct10000.com",".ctrip.com",".dangdang.com",".daqi.com",".dayoo.com",".dbank.com",".ddmap.com",".dedecms.com",".dh818.com",".diandian.com",".dianping.com",".discuz.net",".doc88.com",".docin.com",".donews.com",".dospy.com",".douban.com",".douban.fm",".doubleclick.com",".doubleclick.net",".duba.net",".duote.com",".duowan.com",".dzwww.com",".eastday.com",".eastmoney.com",".ebay.com",".elong.com",".ename.net",".etao.com",".exam8.com",".eye.rs",".fantong.com",".fastcdn.com",".fblife.com",".fengniao.com",".fenzhi.com",".flickr.com",".fobshanghai.com",".ftuan.com",".funshion.com",".fx120.net",".game3737.com",".gamersky.com",".gamestlbb.com",".gamesville.com",".ganji.com",".gfan.com",".gongchang.com",".google-analytics.com",".gougou.com",".gtimg.com",".hao123.com",".haodf.com",".harrenmedianetwork.com",".hc360.com",".hefei.cc",".hf365.com",".hiapk.com",".hichina.com",".homeinns.com",".hotsales.net",".house365.com",".huaban.com",".huanqiu.com",".hudong.com",".hupu.com",".iask.com",".iciba.com",".icson.com",".ifeng.com",".iloveyouxi.com",".im286.com",".imanhua.com",".cctvpic.com",".imrworldwide.com",".invitemedia.com",".ip138.com",".ipinyou.com",".iqilu.com",".iqiyi.com",".irs01.com",".irs01.net",".it168.com",".iteye.com",".iyaya.com",".jb51.net",".jiathis.com",".jiayuan.com",".jing.fm",".jinti.com",".jqw.com",".jumei.com",".jxedt.com",".jysq.net",".kaixin001.com",".kandian.com",".kdnet.net",".kimiss.com",".ku6.com",".ku6cdn.com",".ku6img.com",".kuaidi100.com",".kugou.com",".l99.com",".lady8844.com",".lafaso.com",".lashou.com",".legolas-media.com",".lehecai.com",".leho.com",".letv.com",".liebiao.com",".lietou.com",".linezing.com",".linkedin.com",".live.com",".longhoo.net",".lusongsong.com",".lxdns.com",".lycos.com",".lygo.com",".m18.com",".m1905.com",".made-in-china.com",".makepolo.com",".mangocity.com",".manzuo.com",".mapbar.com",".mathtag.com",".mediaplex.com",".mediav.com",".meilele.com",".meilishuo.com",".meishichina.com",".meituan.com",".meizu.com",".miaozhen.com",".microsoft.com",".miercn.com",".mlt01.com",".mmstat.com",".mnwan.com",".mogujie.com",".mookie1.com",".moonbasa.com",".mop.com",".mosso.com",".mplife.com",".msn.com",".mtime.com",".mumayi.com",".mydrivers.com",".net114.com",".netease.com",".newsmth.net",".nipic.com",".nowec.com",".nuomi.com",".oadz.com",".oeeee.com",".onetad.com",".onlinedown.net",".onlylady.com",".oschina.net",".otwan.com",".paipai.com",".paypal.com",".pchome.net",".pcpop.com",".pengyou.com",".php100.com",".phpwind.net",".pingan.com",".pixlr.com",".pp.cc",".ppstream.com",".pptv.com",".pubmatic.com",".q150.com",".qianlong.com",".qidian.com",".qingdaonews.com",".qire123.com",".qiushibaike.com",".qiyou.com",".qjy168.com",".qq.com",".qq937.com",".qstatic.com",".quantserve.com",".qunar.com",".readnovel.com",".renren.com",".rtbidder.net",".scanscout.com",".scorecardresearch.com",".sdo.com",".seowhy.com",".serving-sys.com",".sf-express.com",".shangdu.com",".sina.com",".sinahk.net",".sinajs.com",".smzdm.com",".snyu.com",".sodu.org",".sogou.com",".sohu.com",".soku.com",".sootoo.com",".soso.com",".soufun.com",".sourceforge.net",".staticsdo.com",".stockstar.com",".sttlbb.com",".suning.com",".szhome.com",".sznews.com",".tangdou.com",".tanx.com",".tao123.com",".taobao.com",".taobaocdn.com",".tbcache.com",".tdimg.com",".tenpay.com",".tgbus.com",".theplanet.com",".thethirdmedia.com",".tiancity.com",".tianji.com",".tiao8.info",".tiexue.net",".titan24.com",".tmall.com",".tom.com",".toocle.com",".tremormedia.com",".tuan800.com",".tudou.com",".tudouui.com",".tui18.com",".tuniu.com",".twcczhu.com",".u17.com",".ucjoy.com",".ulink.cc",".uniontoufang.com",".up2c.com",".uuu9.com",".uuzu.com",".vancl.com",".verycd.com",".vipshop.com",".vizu.com",".vjia.com",".weibo.com",".weiphone.com",".west263.com",".whlongda.com",".wrating.com",".wumii.com",".xiami.com",".xiaomi.com",".xiazaiba.com",".xici.net",".xinhuanet.com",".xinnet.com",".xitek.com",".xiu.com",".xunlei.com",".xyxy.net",".yaolan.com",".yesky.com",".yieldmanager.com",".yihaodian.com",".yingjiesheng.com",".yinyuetai.com",".yiqifa.com",".ykimg.com",".ynet.com",".yoka.com",".yolk7.com",".youboy.com",".youdao.com",".yougou.com",".youku.com",".youshang.com",".yupoo.com",".yxlady.com",".yyets.com",".zhaodao123.com",".zhaopin.com",".zhenai.com",".zhibo8.cc",".zhihu.com",".zhubajie.com",".zongheng.com",".zoosnet.net",".zqgame.com",".ztgame.com",".zx915.com",".miui.com",".mi-idc.com",".qhimg.com",".wandoujia.com"
   </string>
+  <string name="reject">1.1.1.1,118.5.49.6,128.121.126.139,159.106.121.75,169.132.13.103,188.5.4.96,189.163.17.5,192.67.198.6,197.4.4.12,20.20.20.20,202.106.1.2,202.181.7.85,203.161.230.171,203.98.7.65,207.12.88.98,208.56.31.43,209.145.54.50,209.220.30.174,209.36.73.33,209.85.229.138,211.94.66.147,213.169.251.35,216.221.188.182,216.234.179.13,216.239.32.20,23.89.5.60,243.185.187.3,243.185.187.39,249.129.46.48,253.157.14.165,255.255.255.255,37.208.111.120,37.61.54.158,4.36.66.178,46.82.174.68,49.2.123.56,54.76.135.1,59.24.3.173,64.33.88.161,64.33.99.47,64.66.163.251,65.104.202.252,65.160.219.113,65.49.2.178,66.45.252.237,72.14.205.104,72.14.205.99,74.125.127.102,74.125.155.102,74.125.39.102,74.125.39.113,77.4.7.92,78.16.49.15,8.7.198.45,93.46.8.89</string>
 </resources>
diff --git a/src/main/scala/com/github/shadowsocks/ShadowsocksNatService.scala b/src/main/scala/com/github/shadowsocks/ShadowsocksNatService.scala
@@ -67,7 +67,6 @@ class ShadowsocksNatService extends Service with BaseService {
   val CMD_IPTABLES_RETURN = " -t nat -A OUTPUT -p tcp -d 0.0.0.0 -j RETURN"
   val CMD_IPTABLES_DNAT_ADD_SOCKS = " -t nat -A OUTPUT -p tcp " +
     "-j DNAT --to-destination 127.0.0.1:8123"
-  val DNS_PORT = 8153
 
   private val mStartForegroundSignature = Array[Class[_]](classOf[Int], classOf[Notification])
   private val mStopForegroundSignature = Array[Class[_]](classOf[Boolean])
@@ -222,11 +221,12 @@ class ShadowsocksNatService extends Service with BaseService {
         p.println(conf)
       })
       val cmd = new ArrayBuffer[String]
-      cmd += (Path.BASE + "ss-tunnel" , "-u"
-            , "-b" , "127.0.0.1"
-            , "-L" , "8.8.8.8:53"
-            , "-c" , Path.BASE + "ss-tunnel-nat.conf"
-            , "-f" , Path.BASE + "ss-tunnel-nat.pid")
+      cmd += (Path.BASE + "ss-tunnel"
+        , "-u"
+        , "-b" , "127.0.0.1"
+        , "-L" , "8.8.8.8:53"
+        , "-c" , Path.BASE + "ss-tunnel-nat.conf"
+        , "-f" , Path.BASE + "ss-tunnel-nat.pid")
 
       cmd += ("-l" , "8153")
 
@@ -243,6 +243,7 @@ class ShadowsocksNatService extends Service with BaseService {
       })
       val cmdBuf = new ArrayBuffer[String]
       cmdBuf += (Path.BASE + "ss-tunnel"
+        , "-u"
         , "-b" , "127.0.0.1"
         , "-l" , "8163"
         , "-L" , "8.8.8.8:53"
@@ -255,8 +256,16 @@ class ShadowsocksNatService extends Service with BaseService {
   }
 
   def startDnsDaemon() {
-    val conf = ConfigUtils
-        .PDNSD_BYPASS.formatLocal(Locale.ENGLISH, "127.0.0.1", 8153, Path.BASE + "pdnsd-nat.pid", getString(R.string.exclude), 8163)
+
+    val conf = if (config.route == Route.BYPASS_CHN) {
+      val reject = ConfigUtils.getRejectList(getContext, application)
+      ConfigUtils.PDNSD_DIRECT.formatLocal(Locale.ENGLISH, "127.0.0.1", 8153,
+      Path.BASE + "pdnsd-nat.pid", reject, reject, 8163)
+    } else {
+      ConfigUtils.PDNSD_LOCAL.formatLocal(Locale.ENGLISH, "127.0.0.1", 8153,
+        Path.BASE + "pdnsd-nat.pid", 8163)
+    }
+
     ConfigUtils.printToFile(new File(Path.BASE + "pdnsd-nat.conf"))(p => {
        p.println(conf)
     })
@@ -407,14 +416,14 @@ class ShadowsocksNatService extends Service with BaseService {
 
     val cmd_bypass = Utils.getIptables + CMD_IPTABLES_RETURN
     if (!InetAddressUtils.isIPv6Address(config.proxy.toUpperCase)) {
-      init_sb.append(cmd_bypass.replace("-d 0.0.0.0", "-d " + config.proxy))
+      init_sb.append(cmd_bypass.replace("-p tcp -d 0.0.0.0", "-d " + config.proxy))
     }
-    init_sb.append(cmd_bypass.replace("0.0.0.0", "127.0.0.1"))
-    init_sb.append(cmd_bypass.replace("-d 0.0.0.0", "-m owner --uid-owner " + myUid))
+    init_sb.append(cmd_bypass.replace("-p tcp -d 0.0.0.0", "-d 127.0.0.1"))
+    init_sb.append(cmd_bypass.replace("-p tcp -d 0.0.0.0", "-m owner --uid-owner " + myUid))
     init_sb.append(cmd_bypass.replace("-d 0.0.0.0", "--dport 53"))
 
     init_sb.append(Utils.getIptables
-      + " -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:" + DNS_PORT)
+      + " -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:" + 8153)
 
     if (config.isGlobalProxy || config.isBypassApps) {
       http_sb.append(Utils.getIptables + CMD_IPTABLES_DNAT_ADD_SOCKS)

diff --git a/src/main/scala/com/github/shadowsocks/ShadowsocksVpnService.scala b/src/main/scala/com/github/shadowsocks/ShadowsocksVpnService.scala
@@ -138,6 +138,7 @@ class ShadowsocksVpnService extends VpnService with BaseService {
     })
     val cmd = new ArrayBuffer[String]
     cmd +=(Path.BASE + "ss-tunnel"
+      , "-u"
       , "-b", "127.0.0.1"
       , "-l", "8163"
       , "-L", "8.8.8.8:53"
@@ -150,10 +151,13 @@ class ShadowsocksVpnService extends VpnService with BaseService {
 
   def startDnsDaemon() {
     val conf = {
-      if (Utils.isLollipopOrAbove) {
-        ConfigUtils.PDNSD_BYPASS.formatLocal(Locale.ENGLISH, "0.0.0.0", 8153, Path.BASE + "pdnsd-vpn.pid", getString(R.string.exclude), 8163)
+      if (Utils.isLollipopOrAbove && config.route == Route.BYPASS_CHN) {
+        val reject = ConfigUtils.getRejectList(getContext, application)
+        ConfigUtils.PDNSD_DIRECT.formatLocal(Locale.ENGLISH, "0.0.0.0", 8153,
+          Path.BASE + "pdnsd-vpn.pid", reject, reject, 8163)
       } else {
-        ConfigUtils.PDNSD_LOCAL.formatLocal(Locale.ENGLISH, "0.0.0.0", 8163)
+        ConfigUtils.PDNSD_LOCAL.formatLocal(Locale.ENGLISH, "0.0.0.0", 8153,
+          Path.BASE + "pdnsd-vpn.pid", 8163)
       }
     }
     ConfigUtils.printToFile(new File(Path.BASE + "pdnsd-vpn.conf"))(p => {

diff --git a/src/main/scala/com/github/shadowsocks/utils/ConfigUtils.scala b/src/main/scala/com/github/shadowsocks/utils/ConfigUtils.scala
@@ -40,7 +40,7 @@
 package com.github.shadowsocks.utils
 
 import android.content.{SharedPreferences, Context}
-import com.github.shadowsocks.ShadowsocksApplication
+import com.github.shadowsocks.{R, ShadowsocksApplication}
 import com.google.android.gms.tagmanager.Container
 import com.github.kevinsawicki.http.HttpRequest
 import com.github.shadowsocks.aidl.Config
@@ -61,25 +61,27 @@ object ConfigUtils {
     " port = %d;" +
     " type = socks5;" +
     "}"
-  val PDNSD =
+
+  val PDNSD_LOCAL =
     """
       |global {
       | perm_cache = 2048;
       | cache_dir = "/data/data/com.github.shadowsocks";
       | server_ip = %s;
-      | server_port = 8153;
+      | server_port = %d;
       | query_method = tcp_only;
       | run_ipv4 = on;
       | min_ttl = 15m;
       | max_ttl = 1w;
       | timeout = 10;
       | daemon = on;
-      | pid_file = "/data/data/com.github.shadowsocks/pdnsd.pid";
+      | pid_file = %s;
       |}
       |
       |server {
-      | label = "google-servers";
-      | ip = 8.8.8.8, 8.8.4.4;
+      | label = "local";
+      | ip = 127.0.0.1;
+      | port = %d;
       | timeout = 5;
       |}
       |
@@ -92,24 +94,34 @@ object ConfigUtils {
       |}
     """.stripMargin
 
-  val PDNSD_LOCAL =
+  val PDNSD_BYPASS =
     """
       |global {
       | perm_cache = 2048;
       | cache_dir = "/data/data/com.github.shadowsocks";
       | server_ip = %s;
-      | server_port = 8153;
+      | server_port = %d;
       | query_method = tcp_only;
       | run_ipv4 = on;
       | min_ttl = 15m;
       | max_ttl = 1w;
       | timeout = 10;
       | daemon = on;
-      | pid_file = "/data/data/com.github.shadowsocks/pdnsd.pid";
+      | pid_file = "%s";
       |}
       |
       |server {
-      | label = "local";
+      | label = "china-servers";
+      | ip = 114.114.114.114, 223.5.5.5;
+      | uptest = none;
+      | preset = on;
+      | include = %s;
+      | policy = excluded;
+      | timeout = 2;
+      |}
+      |
+      |server {
+      | label = "local-server";
       | ip = 127.0.0.1;
       | port = %d;
       | timeout = 5;
@@ -124,14 +136,14 @@ object ConfigUtils {
       |}
     """.stripMargin
 
-  val PDNSD_BYPASS =
+  val PDNSD_DIRECT =
     """
       |global {
       | perm_cache = 2048;
       | cache_dir = "/data/data/com.github.shadowsocks";
       | server_ip = %s;
       | server_port = %d;
-      | query_method = tcp_only;
+      | query_method = udp_tcp;
       | run_ipv4 = on;
       | min_ttl = 15m;
       | max_ttl = 1w;
@@ -142,19 +154,34 @@ object ConfigUtils {
       |
       |server {
       | label = "china-servers";
-      | ip = 114.114.114.114, 223.5.5.5;
-      | uptest = none;
-      | preset = on;
-      | include = %s;
-      | policy = excluded;
+      | ip = 223.5.5.5, 114.114.114.114;
       | timeout = 2;
+      | reject = %s;
+      | reject_policy = fail;
+      | reject_recursively = on;
+      | uptest = query;
+      | query_test_name = ".";
+      |	interval = ontimeout;
+      |}
+      |
+      |server {
+      | label= "secure";
+      | port = 443;
+      | ip = 208.67.220.220,113.20.8.17,77.66.84.233,176.56.237.171;
+      | timeout = 3;
+      | reject = %s;
+      | reject_policy = fail;
+      | reject_recursively = on;
+      |	uptest = query;
+      |	query_test_name = ".";
+      |	interval = ontimeout;
       |}
       |
       |server {
       | label = "local-server";
       | ip = 127.0.0.1;
       | port = %d;
-      | timeout = 5;
+      | timeout = 3;
       |}
       |
       |rr {
@@ -180,6 +207,17 @@ object ConfigUtils {
     if (holder != null) holder.refresh()
   }
 
+  def getRejectList(context: Context, app: ShadowsocksApplication): String = {
+    val default = context.getString(R.string.reject)
+    try {
+      val container = app.containerHolder.getContainer
+      val update = container.getString("reject")
+      if (update == null || update.isEmpty) default else update
+    } catch {
+      case ex: Exception => default
+    }
+  }
+
   def getPublicConfig(context: Context, container: Container, config: Config): Config = {
     val url = container.getString("proxy_url")
     val sig = Utils.getSignature(context)