updateing

# Generated by xtables-save v1.8.2 on Sun Apr  4 19:09:44 2021
*nat
:PREROUTING ACCEPT [2191:359909]
:INPUT ACCEPT [1063:168760]
:POSTROUTING ACCEPT [906:80396]
:OUTPUT ACCEPT [897:79912]
:clash - [0:0]
-A PREROUTING -p tcp -j clash
-A OUTPUT -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A clash -d 0.0.0.0/8 -j RETURN

updateing

Also see this thread for tests on a greater range of devices.

Test Command

for i in chacha20-poly1305 aes-128-gcm aes-192-gcm aes-256-gcm; do openssl speed -evp "$i"; done
for i in chacha20-poly1305 aes-128-gcm aes-192-gcm aes-256-gcm; do openssl speed -multi $(nproc) -evp "$i"; done

Test Results

updateing

dns:
  enable: true
  listen: 0.0.0.0:53
  default-nameserver:
    - 192.168.1.1
  enhanced-mode: fake-ip
  fake-ip-filter:
    - 'xncsi.xboxlive.com'
    - 'xncsi.xboxlive.cn'
    - '*.msftconnecttest.com'

updateing

diff --git a/init/reboot_utils.cpp b/init/reboot_utils.cpp
index de085cc9b..80edeb237 100644
--- a/init/reboot_utils.cpp
+++ b/init/reboot_utils.cpp
@@ -33,6 +33,75 @@
 namespace android {
 namespace init {
 
+extern "C" {
+    #include <errno.h>

updateing

#!/usr/bin/python
# coding=UTF-8
#
# Copyright 2016 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0

updateing

Policy Routing & polipo configuration

1. NEVER forget the DNS server - it's not reachable via default route on alternative exit! You need to setup a special entry for DNS server to leave from internal network.

2. DO NOT try to mess with connmark for this purpose. Even if you think you have a sufficient set of rules, things just don't work:

   iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
   iptables -t mangle -A PREROUTING -i veth-host -j CONNMARK --set-mark 1
   iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
   

updateing

#!/system/bin/sh
# Share LTE over WiFi STA, use when AP is not possible.
# You have to make sure the phone can connect to LTE and WiFi at the same time,
# e.g. keep portal detection failing.
RMNET_DEV=$(ip route|grep rmnet|cut -d " " -f 3)
WLAN_SUBNET=$(ip route|grep wlan|cut -d " " -f 1)
WLAN_DEV=$(ip route|grep wlan|cut -d " " -f 3)

iptables -F natctrl_FORWARD
echo 1 > /proc/sys/net/ipv4/ip_forward

updateing

From 8b4fe866ab376de4e946a212f3d86ef4fcb3a572 Mon Sep 17 00:00:00 2001
From: Hamster Tian <haotia@gmail.com>
Date: Sat, 31 Mar 2018 16:14:41 +0800
Subject: [PATCH] extract_utils: support copying packages to different
 destination

c982836ca6292ac0dd1d2e326be22dc1131b2484 stripped source information
from lines starting with -, and the files will be copied from
target path, leading to "file not found" errors.

updateing

This file describes how to set up connection sharing (specifically, LTE->WLAN and VPN(@LTE)->WLAN) on Android 8.1. The two cases differ a bit, though.

All commands need to be run on Android as root, and make sure your phone can connect to LTE and WLAN simultaneously. Making the WLAN failing captive portal check is a cheap way to do so.

Common Setup

This has to be done before any further steps:

iptables -F natctrl_FORWARD

updateing

#!/bin/sh

# Basic vars
TEMP_FILE="/tmp/wan_speed_temp"
WAN_STAT=`ifstatus wan`
WAN6_STAT=`ifstatus wan6`

# Internet connectivity
IPV4_ADDR=`echo $WAN_STAT | jsonfilter -e "@['ipv4-address']"`
IPV6_ADDR=`echo $WAN6_STAT | jsonfilter -e "@['ipv6-address']"`