| blob | 3c789450063979345f4052d33301b0d88506339a |
1 commit b451c0aeb1d1b33508b6d28a77fd09bd2a608e8b
2 Author: lancethepants <lancethepants@gmail.com>
3 Date: Wed May 21 07:49:34 2014 -0600
5 dnscrypt: add user selectable/manual proxy input.
7 diff --git a/release/src/router/httpd/tomato.c b/release/src/router/httpd/tomato.c
8 index 2cb82c6..f4cb2d6 100644
9 --- a/release/src/router/httpd/tomato.c
10 +++ b/release/src/router/httpd/tomato.c
11 @@ -576,10 +576,15 @@ static const nvset_t nvset_list[] = {
12 #endif
14 #ifdef TCONFIG_DNSCRYPT
15 - { "dnscrypt_proxy", V_01 },
16 - { "dnscrypt_priority", V_RANGE(0, 2) }, // 0=none, 1=preferred, 2=exclusive
17 - { "dnscrypt_port", V_PORT },
18 - { "dnscrypt_cmd", V_LENGTH(0, 256) },
19 + { "dnscrypt_proxy", V_01 },
20 + { "dnscrypt_priority", V_RANGE(0, 2) }, // 0=none, 1=strict-order, 2=no-resolv
21 + { "dnscrypt_port", V_PORT },
22 + { "dnscrypt_resolver", V_LENGTH(0, 40) },
23 + { "dnscrypt_log", V_RANGE(0, 99) },
24 + { "dnscrypt_manual", V_01 },
25 + { "dnscrypt_provider_name", V_LENGTH(0, 60) },
26 + { "dnscrypt_provider_key", V_LENGTH(0, 80) },
27 + { "dnscrypt_resolver_address", V_LENGTH(0, 50) },
28 #endif
30 // LAN
31 diff --git a/release/src/router/nvram/defaults.c b/release/src/router/nvram/defaults.c
32 index 7542501..2026340 100644
33 --- a/release/src/router/nvram/defaults.c
34 +++ b/release/src/router/nvram/defaults.c
35 @@ -93,10 +93,15 @@ const defaults_t defaults[] = {
36 { "dnssec_enable", "0" },
37 #endif
38 #ifdef TCONFIG_DNSCRYPT
39 - { "dnscrypt_proxy", "" },
40 - { "dnscrypt_priority", "1" }, // 0=none, 1=preferred, 2=exclusive
41 + { "dnscrypt_proxy", "0" },
42 + { "dnscrypt_priority", "1" }, // 0=none, 1=strict-order, 2=no-resolv
43 { "dnscrypt_port", "40" }, // local port
44 - { "dnscrypt_cmd", "-m 99" }, // optional arguments
45 + { "dnscrypt_resolver", "opendns" }, // default resolver
46 + { "dnscrypt_log", "99" }, // log level
47 + { "dnscrypt_manual", "0" }, // Set manual resolver
48 + { "dnscrypt_provider_name", "" }, // Set manual provider name
49 + { "dnscrypt_provider_key", "" }, // Set manual provider key
50 + { "dnscrypt_resolver_address", "" }, // Set manual resolver address
51 #endif
52 { "wan_wins", "" }, // x.x.x.x x.x.x.x ...
53 { "wan_lease", "86400" }, // WAN lease time in seconds
54 diff --git a/release/src/router/rc/services.c b/release/src/router/rc/services.c
55 index d601ae1..b3a83e6 100644
56 --- a/release/src/router/rc/services.c
57 +++ b/release/src/router/rc/services.c
58 @@ -477,14 +477,45 @@ void start_dnsmasq()
59 sprintf(dnscrypt_local, "127.0.0.1:%s", nvram_safe_get("dnscrypt_port") );
61 eval("ntp2ip");
62 - eval("dnscrypt-proxy", "-d", "-a", dnscrypt_local, nvram_safe_get("dnscrypt_cmd") );
63 +
64 + if (nvram_match("dnscrypt_manual", "1")) {
65 + eval("dnscrypt-proxy", "-d",
66 + "-a", dnscrypt_local,
67 + "-m", nvram_safe_get("dnscrypt_log"),
68 + "-N", nvram_safe_get("dnscrypt_provider_name"),
69 + "-k", nvram_safe_get("dnscrypt_provider_key"),
70 + "-r", nvram_safe_get("dnscrypt_resolver_address") );
71 + }
72 + else {
73 + eval("dnscrypt-proxy", "-d",
74 + "-a", dnscrypt_local,
75 + "-m", nvram_safe_get("dnscrypt_log"),
76 + "-R", nvram_safe_get("dnscrypt_resolver"),
77 + "-L", "/etc/dnscrypt-resolvers.csv" );
78 + }
80 #ifdef TCONFIG_IPV6
81 char dnscrypt_local_ipv6[30];
82 sprintf(dnscrypt_local_ipv6, "::1:%s", nvram_safe_get("dnscrypt_port") );
84 - if (get_ipv6_service() != *("NULL")) // when ipv6 enabled
85 - eval("dnscrypt-proxy", "-d", "-a", dnscrypt_local_ipv6, nvram_safe_get("dnscrypt_cmd") );
86 + if (get_ipv6_service() != *("NULL")){ // when ipv6 enabled
87 +
88 + if (nvram_match("dnscrypt_manual", "1")) {
89 + eval("dnscrypt-proxy", "-d",
90 + "-a", dnscrypt_local,
91 + "-m", nvram_safe_get("dnscrypt_log"),
92 + "-N", nvram_safe_get("dnscrypt_provider_name"),
93 + "-k", nvram_safe_get("dnscrypt_provider_key"),
94 + "-r", nvram_safe_get("dnscrypt_resolver_address") );
95 + }
96 + else {
97 + eval("dnscrypt-proxy", "-d",
98 + "-a", dnscrypt_local,
99 + "-m", nvram_safe_get("dnscrypt_log"),
100 + "-R", nvram_safe_get("dnscrypt_resolver"),
101 + "-L", "/etc/dnscrypt-resolvers.csv" );
102 + }
103 + }
104 #endif
105 }
106 #endif
107 diff --git a/release/src/router/rom/Makefile b/release/src/router/rom/Makefile
108 index 311a5f5..a5f55a0 100644
109 --- a/release/src/router/rom/Makefile
110 +++ b/release/src/router/rom/Makefile
111 @@ -25,3 +25,9 @@ endif
112 ifneq ($(TCONFIG_DNSSEC),y)
113 rm -f $(INSTALLDIR)/rom/etc/trust-anchors.conf
114 endif
115 +
116 +ifneq ($(TCONFIG_DNSCRYPT),y)
117 + rm -f $(INSTALLDIR)/rom/etc/dnscrypt-resolvers.csv
118 +else
119 + -wget https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv -O $(INSTALLDIR)/rom/etc/dnscrypt-resolvers.csv
120 +endif
121 diff --git a/release/src/router/rom/rom/etc/dnscrypt-resolvers.csv b/release/src/router/rom/rom/etc/dnscrypt-resolvers.csv
122 new file mode 100644
123 index 0000000..0480730
124 --- /dev/null
125 +++ b/release/src/router/rom/rom/etc/dnscrypt-resolvers.csv
126 @@ -0,0 +1,38 @@
127 +Name,Full name,Description,Location,Coordinates,URL,Version,DNSSEC validation,No logs,Namecoin,Resolver address,Provider name,Provider public key,Provider public key TXT record\r
128 +cloudns-can,CloudNS Canberra,"CloudNS is an Australian based security focused DNS provider.","Canberra, AU",,https://cloudns.com.au,1.0,yes,yes,yes,113.20.6.2:443,2.dnscrypt-cert.cloudns.com.au,1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4,\r
129 +cloudns-syd,CloudNS Sydney,"CloudNS is an Australian based security focused DNS provider.","Sydney, AU",,https://cloudns.com.au,1.0,yes,yes,yes,113.20.8.17:443,2.dnscrypt-cert-2.cloudns.com.au,67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330,\r
130 +d0wn-fr-ns1,First d0wn server in France,"Server provided by Martin 'd0wn' Albus",France,,https://dns.d0wn.biz,1.0,no,yes,no,188.165.25.65:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
131 +d0wn-fr-ns2,Second d0wn server in France,"Server provided by Martin 'd0wn' Albus",France,,https://dns.d0wn.biz,1.0,no,yes,no,37.187.0.40:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
132 +d0wn-im-ns1,d0wn server in Isle of Man,"Server provided by Martin 'd0wn' Albus",Isle of Man,,https://dns.d0wn.biz,1.0,no,yes,no,37.235.55.197:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
133 +d0wn-li-ns1,d0wn server in Lichtenstein,"Server provided by Martin 'd0wn' Albus",Lichtenstein,,https://dns.d0wn.biz,1.0,no,yes,no,88.82.108.30:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
134 +d0wn-nl-ns1,First d0wn server in Netherlands,"Server provided by Martin 'd0wn' Albus",Netherlands,,https://dns.d0wn.biz,1.0,no,yes,no,95.85.9.86:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
135 +d0wn-nl-ns2,Second d0wn server in Netherlands,"Server provided by Martin 'd0wn' Albus",Netherlands,,https://dns.d0wn.biz,1.0,no,yes,no,31.220.27.46:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
136 +d0wn-ro-ns1,First d0wn server in Romania,"Server provided by Martin 'd0wn' Albus",Romania,,https://dns.d0wn.biz,1.0,no,yes,no,89.46.222.115:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
137 +d0wn-ro-ns2,Second d0wn server in Romania,"Server provided by Martin 'd0wn' Albus",Romania,,https://dns.d0wn.biz,1.0,no,yes,no,89.46.222.116:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
138 +d0wn-sg-ns1,d0wn server in Singapore,"Server provided by Martin 'd0wn' Albus",Singapore,,https://dns.d0wn.biz,1.0,no,yes,no,128.199.248.105:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
139 +d0wn-au-ns1,d0wn server in Australia,"Server provided by Martin 'd0wn' Albus",Singapore,,https://dns.d0wn.biz,1.0,no,yes,no,103.25.56.172:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
140 +d0wn-ch-ns1,d0wn server in Switzerland,"Server provided by Martin 'd0wn' Albus",Singapore,,https://dns.d0wn.biz,1.0,no,yes,no,176.10.127.43:54,2.dnscrypt-cert.d0wn.biz,F64D:AECA:A8AA:E31D:3896:8A93:1D96:EB54:9D70:CE57:A439:58B0:7685:6960:044B:EA62,\r
141 +dnscrypt.eu-dk,DNSCrypt.eu Denmark,"Free, non-logged, uncensored. Hosted by Netgroup.",Denmark,,https://dnscrypt.eu,1.0,yes,yes,no,77.66.84.233:443,2.dnscrypt-cert.resolver2.dnscrypt.eu,3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955,pubkey.resolver2.dnscrypt.eu\r
142 +dnscrypt.eu-dk-ipv6,DNSCrypt.eu Denmark over IPv6,"Free, non-logged, uncensored. Hosted by Netgroup.",Denmark,,https://dnscrypt.eu,1.0,yes,yes,no,[2001:1448:243::dc2]:443,2.dnscrypt-cert.resolver2.dnscrypt.eu,3748:5585:E3B9:D088:FD25:AD36:B037:01F5:520C:D648:9E9A:DD52:1457:4955:9F0A:9955,pubkey.resolver2.dnscrypt.eu\r
143 +dnscrypt.eu-nl,DNSCrypt.eu Holland,"Free, non-logged, uncensored. Hosted by RamNode.",Netherlands,,https://dnscrypt.eu,1.0,yes,yes,no,176.56.237.171:443,2.dnscrypt-cert.resolver1.dnscrypt.eu,67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66,pubkey.resolver1.dnscrypt.eu\r
144 +dnscrypt.eu-nl-ipv6,DNSCrypt.eu Holland over IPv6,"Free, non-logged, uncensored. Hosted by RamNode.",Netherlands,,https://dnscrypt.eu,1.0,yes,yes,no,[2a00:d880:3:1::a6c1:2e89]:443,2.dnscrypt-cert.resolver1.dnscrypt.eu,67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66,pubkey.resolver1.dnscrypt.eu\r
145 +okturtles,okTurtles,For a surveillance-free world. HTTPS is broken. DNSChain fixes it.,"Georgia, US","33.032501, -83.895699",http://okturtles.com/,1.0,no,yes,yes,23.226.227.93:443,2.dnscrypt-cert.okturtles.com,1D85:3953:E34F:AFD0:05F9:4C6F:D1CC:E635:D411:9904:0D48:D19A:5D35:0B6A:7C81:73CB,\r
146 +opendns,OpenDNS,The world’s largest internet security network,Anycast,,http://www.opendns.com,1.0,no,no,no,208.67.220.220:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,\r
147 +opendns-familyshield,OpenDNS with FamilyShield,Blocks web sites not suitable for children,Anycast,,http://www.opendns.com/home-internet-security/parental-controls/,1.0,no,no,no,208.67.220.123:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,\r
148 +opendns-ipv6,OpenDNS over IPv6,OpenDNS IPv6 sandbox,Anycast,,http://www.opendns.com/about/innovations/ipv6/,1.0,no,no,no,[2620:0:ccc::2]:443,2.dnscrypt-cert.opendns.com,B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79,\r
149 +opennic-ca-ns3,OpenNIC server ns3.ca,"OpenNIC server in Canada provided by NovaKing",Canada,,http://www.opennicproject.org,1.0,no,yes,no,142.4.204.111:443,2.dnscrypt-cert.ns3.ca.dns.opennic.glue,1C19:7933:1BE8:23CC:CF08:9A79:0693:7E5C:3410:2A56:AC7F:6270:E046:25B2:EDDB:04E3,\r
150 +opennic-ca-ns3-ipv6,OpenNIC server ns3.ca over IPv6,"OpenNIC server in Canada provided by NovaKing",Canada,,http://www.opennicproject.org,1.0,no,yes,no,[2607:5300:60:47aa:142:4:204:111]:443,2.dnscrypt-cert.ns3.ca.dns.opennic.glue,1C19:7933:1BE8:23CC:CF08:9A79:0693:7E5C:3410:2A56:AC7F:6270:E046:25B2:EDDB:04E3,\r
151 +opennic-ca-ns4,OpenNIC server ns4.ca,"OpenNIC server in Canada provided by NovaKing",Canada,,http://www.opennicproject.org,1.0,no,yes,no,142.4.205.47:443,2.dnscrypt-cert.ns4.ca.dns.opennic.glue,12FA:EC04:3489:B374:B973:CA7C:827F:D7FA:033F:D280:8641:F2F1:430A:E5DC:6068:42B8,\r
152 +opennic-ca-ns4-ipv6,OpenNIC server ns4.ca over IPv6,"OpenNIC server in Canada provided by NovaKing",Canada,,http://www.opennicproject.org,1.0,no,yes,no,[2607:5300:60:47aa:142:4:205:47]:443,2.dnscrypt-cert.ns4.ca.dns.opennic.glue,12FA:EC04:3489:B374:B973:CA7C:827F:D7FA:033F:D280:8641:F2F1:430A:E5DC:6068:42B8,\r
153 +opennic-jp-ns2,OpenNIC server ns2.jp,"OpenNIC server in Japan provided by Guillaume Parent",Japan,,http://www.opennicproject.org,1.0,no,yes,no,106.186.17.181:2053,2.dnscrypt-cert.ns2.jp.dns.opennic.glue,8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A,\r
154 +opennic-jp-ns3-ipv6,OpenNIC server ns3.jp over IPv6,"OpenNIC server in Japan provided by Guillaume Parent",Japan,,http://www.opennicproject.org,1.0,no,yes,no,[2400:8900::f03c:91ff:fe70:c452]:2053,2.dnscrypt-cert.ns2.jp.dns.opennic.glue,8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A,\r
155 +opennic-proxy.sh-dns1,Proxy.sh Public OpenNIC One,OpenNIC server in Netherlands provided by Proxy.sh,Netherlands,,https://proxy.sh,1.0,no,yes,no,146.185.134.104:54,2.nscrypt-cert.proxy.sh,937B:991C:E853:EDD6:FEC5:8F88:DF78:B27E:2FAA:452B:5BBB:C05F:D0B9:DC24:DC7C:D5F3,\r
156 +opennic-uk-ns10,OpenNIC server ns10.uk,"OpenNIC server in UK provided by NovaKing",UK,,http://www.opennicproject.org,1.0,no,yes,no,185.19.105.14:443,2.dnscrypt-cert.ns10.uk.dns.opennic.glue,B1AB:7025:1119:9AEE:E42E:1B12:F2EF:12D4:53D9:CD92:E07B:9AF4:4794:F6EB:E5A4:F725,\r
157 +opennic-uk-ns10-ipv6,OpenNIC server ns10.uk over IPv6,"OpenNIC server in UK provided by NovaKing",UK,,http://www.opennicproject.org,1.0,no,yes,no,[2a04:1400:1337:2000::14]:443,2.dnscrypt-cert.ns10.uk.dns.opennic.glue,B1AB:7025:1119:9AEE:E42E:1B12:F2EF:12D4:53D9:CD92:E07B:9AF4:4794:F6EB:E5A4:F725,\r
158 +opennic-uk-ns8,OpenNIC server ns8.uk,"OpenNIC server in UK provided by NovaKing",UK,,http://www.opennicproject.org,1.0,no,yes,no,185.19.104.45:443,2.dnscrypt-cert.ns8.uk.dns.opennic.glue,A17C:06FC:BA21:F2AC:F4CD:9374:016A:684F:4F56:564A:EB30:A422:3D9D:1580:A461:B6A6,\r
159 +opennic-uk-ns8-ipv6,OpenNIC server ns8.uk over IPv6,"OpenNIC server in UK provided by NovaKing",UK,,http://www.opennicproject.org,1.0,no,yes,no,[2a04:1400:1337:1534::45]:443,2.dnscrypt-cert.ns8.uk.dns.opennic.glue,A17C:06FC:BA21:F2AC:F4CD:9374:016A:684F:4F56:564A:EB30:A422:3D9D:1580:A461:B6A6,\r
160 +opennic-uk-ns9,OpenNIC server ns9.uk,"OpenNIC server in UK provided by NovaKing",UK,,http://www.opennicproject.org,1.0,no,yes,no,185.19.105.6:443,2.dnscrypt-cert.ns9.uk.dns.opennic.glue,E864:80D9:DFBD:9DB4:58EA:8063:292F:EC41:9126:8394:BC44:FAB8:4B6E:B104:8C3B:E0B4,\r
161 +opennic-uk-ns9-ipv6,OpenNIC server ns9.uk over IPv6,"OpenNIC server in UK provided by NovaKing",UK,,http://www.opennicproject.org,1.0,no,yes,no,[2a04:1400:1337:2000::6]:443,2.dnscrypt-cert.ns9.uk.dns.opennic.glue,E864:80D9:DFBD:9DB4:58EA:8063:292F:EC41:9126:8394:BC44:FAB8:4B6E:B104:8C3B:E0B4,\r
162 +opennic-us-ca-ns17,OpenNIC server ns17.ca.us,"OpenNIC server in California provided by Philip Southam","Fremont, CA, US",,http://www.opennicproject.org,1.0,no,yes,no,173.230.156.28:443,2.dnscrypt-cert.ns17.ca.us.dns.opennic.glue,2342:215C:409A:85A5:FB63:2A3B:42CD:5089:6BA8:551A:8BDC:2654:CF57:804F:B1B2:5019,\r
163 +opennic-us-ca-ns17-ipv6,OpenNIC server ns17.ca.us over IPv6,"OpenNIC server in California provided by Philip Southam","Fremont, CA, US",,http://www.opennicproject.org,1.0,no,yes,no,[2600:3c01::f03c:91ff:fe6e:1f6b]:443,2.dnscrypt-cert.ns17.ca.us.dns.opennic.glue,2342:215C:409A:85A5:FB63:2A3B:42CD:5089:6BA8:551A:8BDC:2654:CF57:804F:B1B2:5019,\r
164 +soltysiak,Soltysiak,Public DNSCrypt server in Poland,Poland,"52.4014619, 16.9278078",http://dc1.soltysiak.com/,1.0,yes,yes,yes,178.216.201.222:2053,2.dnscrypt-cert.soltysiak.com,25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21,pubkey.dc1.soltysiak.com\r
165 diff --git a/release/src/router/www/Makefile b/release/src/router/www/Makefile
166 index 90772c8..b8752fe 100644
167 --- a/release/src/router/www/Makefile
168 +++ b/release/src/router/www/Makefile
169 @@ -264,7 +264,9 @@ ifneq ($(TCONFIG_DNSSEC),y)
170 endif
172 # Only include the dnscrypt option if is compiled in
173 -ifneq ($(TCONFIG_DNSCRYPT),y)
174 +ifeq ($(TCONFIG_DNSCRYPT),y)
175 + $(TOP)/www/dnscrypt-helper.sh $(INSTALLDIR)/../rom/rom/etc/dnscrypt-resolvers.csv $(INSTALLDIR)/www/basic-network.asp
176 +else
177 sed -i $(INSTALLDIR)/www/basic-network.asp -e "/DNSCRYPT-BEGIN/,/DNSCRYPT-END/d"
178 sed -i $(INSTALLDIR)/www/about.asp -e "/DNSCRYPT-BEGIN/,/DNSCRYPT-END/d"
179 endif
180 @@ -300,6 +302,7 @@ endif
181 -e "/ VLAN-BEGIN/d" -e "/ VLAN-END/d" \
182 -e "/ NOVLAN-BEGIN/d" -e "/ NOVLAN-END/d" \
183 -e "/DNSCRYPT-BEGIN/d" -e "/DNSCRYPT-END/d"\
184 + -e "/DNSSEC-BEGIN/d" -e "/DNSSEC-END/d"\
185 || true; \
186 done
188 diff --git a/release/src/router/www/about.asp b/release/src/router/www/about.asp
189 index e5a0963..7d790d1 100644
190 --- a/release/src/router/www/about.asp
191 +++ b/release/src/router/www/about.asp
192 @@ -168,6 +168,9 @@ Copyright (C) 2013 Kevin Darbyshire-Bryant<br>
193 <!-- DNSSEC-BEGIN -->
194 - DNSSEC integration and GUI<br>
195 <!-- DNSSEC-END -->
196 +<!-- DNSCRYPT-BEGIN -->
197 +- DNSCrypt-Proxy selectable/manual resolver<br>
198 +<!-- DNSCRYPT-END -->
199 - Comcast DSCP Fix GUI<br>
200 Copyright (C) 2014 Lance Fredrickson<br>
201 <a href='mailto:lancethepants@gmail.com'>lancethepants@gmail.com</a><br>
202 diff --git a/release/src/router/www/basic-network.asp b/release/src/router/www/basic-network.asp
203 index 33a114f..83c6cf1 100644
204 --- a/release/src/router/www/basic-network.asp
205 +++ b/release/src/router/www/basic-network.asp
206 @@ -45,7 +45,7 @@
207 <script type='text/javascript' src='wireless.jsx?_http_id=<% nv(http_id); %>'></script>
208 <script type='text/javascript' src='interfaces.js'></script>
209 <script type='text/javascript'>
210 -// <% nvram("dhcp_lease,dhcp_num,dhcp_start,dhcpd_startip,dhcpd_endip,l2tp_server_ip,lan_gateway,lan_ipaddr,lan_netmask,lan_proto,lan_state,mtu_enable,ppp_demand,ppp_idletime,pppoe_lei,pppoe_lef,ppp_passwd,ppp_redialperiod,ppp_service,ppp_username,ppp_custom,pptp_server_ip,pptp_dhcp,wl_security_mode,wan_dns,dnssec_enable,dnscrypt_proxy,dnscrypt_priority,dnscrypt_port,dnscrypt_cmd,wan_gateway,wan_ipaddr,wan_mtu,wan_netmask,wan_proto,wan_wins,wl_wds_enable,wl_channel,wl_closed,wl_crypto,wl_key,wl_key1,wl_key2,wl_key3,wl_key4,wl_lazywds,wl_mode,wl_net_mode,wl_passphrase,wl_radio,wl_radius_ipaddr,wl_radius_port,wl_ssid,wl_wds,wl_wep_bit,wl_wpa_gtk_rekey,wl_wpa_psk,wl_radius_key,wl_auth,wl_hwaddr,wan_islan,t_features,wl_nbw_cap,wl_nctrlsb,wl_nband,wl_phytype,lan_ifname,lan_stp,lan1_ifname,lan1_ipaddr,lan1_netmask,lan1_proto,lan1_stp,dhcp1_start,dhcp1_num,dhcp1_lease,dhcpd1_startip,dhcpd1_endip,lan2_ifname,lan2_ipaddr,lan2_netmask,lan2_proto,lan2_stp,dhcp2_start,dhcp2_num,dhcp2_lease,dhcpd2_startip,dhcpd2_endip,lan3_ifname,lan3_ipaddr,lan3_netmask,lan3_proto,lan3_stp,dhcp3_start,dhcp3_num,dhcp3_lease,dhcpd3_startip,dhcpd3_endip,ppp_mlppp,modem_ipaddr,modem_pin,modem_dev,modem_init,modem_apn,cstats_enable"); %>
211 +// <% nvram("dhcp_lease,dhcp_num,dhcp_start,dhcpd_startip,dhcpd_endip,l2tp_server_ip,lan_gateway,lan_ipaddr,lan_netmask,lan_proto,lan_state,mtu_enable,ppp_demand,ppp_idletime,pppoe_lei,pppoe_lef,ppp_passwd,ppp_redialperiod,ppp_service,ppp_username,ppp_custom,pptp_server_ip,pptp_dhcp,wl_security_mode,wan_dns,dnssec_enable,dnscrypt_proxy,dnscrypt_priority,dnscrypt_port,dnscrypt_resolver,dnscrypt_log,dnscrypt_manual,dnscrypt_provider_name,dnscrypt_provider_key,dnscrypt_resolver_address,wan_gateway,wan_ipaddr,wan_mtu,wan_netmask,wan_proto,wan_wins,wl_wds_enable,wl_channel,wl_closed,wl_crypto,wl_key,wl_key1,wl_key2,wl_key3,wl_key4,wl_lazywds,wl_mode,wl_net_mode,wl_passphrase,wl_radio,wl_radius_ipaddr,wl_radius_port,wl_ssid,wl_wds,wl_wep_bit,wl_wpa_gtk_rekey,wl_wpa_psk,wl_radius_key,wl_auth,wl_hwaddr,wan_islan,t_features,wl_nbw_cap,wl_nctrlsb,wl_nband,wl_phytype,lan_ifname,lan_stp,lan1_ifname,lan1_ipaddr,lan1_netmask,lan1_proto,lan1_stp,dhcp1_start,dhcp1_num,dhcp1_lease,dhcpd1_startip,dhcpd1_endip,lan2_ifname,lan2_ipaddr,lan2_netmask,lan2_proto,lan2_stp,dhcp2_start,dhcp2_num,dhcp2_lease,dhcpd2_startip,dhcpd2_endip,lan3_ifname,lan3_ipaddr,lan3_netmask,lan3_proto,lan3_stp,dhcp3_start,dhcp3_num,dhcp3_lease,dhcpd3_startip,dhcpd3_endip,ppp_mlppp,modem_ipaddr,modem_pin,modem_dev,modem_init,modem_apn,cstats_enable"); %>
213 /* VLAN-BEGIN */
214 var lg = new TomatoGrid();
215 @@ -731,13 +731,6 @@ function verifyFields(focused, quiet)
216 E('_f_lan_desc').disabled = !n;
217 E('_f_lan_invert').disabled = !n;
219 -/* DNSCRYPT-BEGIN */
220 - var p = E('_f_dnscrypt_proxy').checked;
221 - E('_dnscrypt_priority').disabled = !p;
222 - E('_dnscrypt_port').disabled = !p;
223 - E('_dnscrypt_cmd').disabled = !p;
224 -/* DNSCRYPT-END */
225 -
226 for (uidx = 0; uidx < wl_ifaces.length; ++uidx) {
227 // if(wl_ifaces[uidx][0].indexOf('.') < 0) {
228 if (wl_sunit(uidx)<0) {
229 @@ -1014,6 +1007,20 @@ function verifyFields(focused, quiet)
230 if (!E('_f_dhcpd_enable').checked) vis._dhcp_lease = 0;
231 /* NOVLAN-END */
233 +/* DNSCRYPT-BEGIN */
234 + var p = E('_f_dnscrypt_proxy').checked;
235 + vis._dnscrypt_priority = p;
236 + vis._dnscrypt_port = p;
237 + vis._dnscrypt_log = p;
238 + vis._f_dnscrypt_manual = p;
239 + var q = E('_f_dnscrypt_proxy').checked && E('_f_dnscrypt_manual').checked;
240 + vis._dnscrypt_provider_name = q;
241 + vis._dnscrypt_provider_key = q;
242 + vis._dnscrypt_resolver_address = q;
243 + var r = E('_f_dnscrypt_proxy').checked && !E('_f_dnscrypt_manual').checked;
244 + vis._dnscrypt_resolver = r;
245 +/* DNSCRYPT-END */
246 +
247 for (uidx = 0; uidx < wl_ifaces.length; ++uidx) {
248 // if(wl_ifaces[uidx][0].indexOf('.') < 0) {
249 if (wl_sunit(uidx)<0) {
250 @@ -1552,6 +1559,7 @@ function save()
252 /* DNSCRYPT-BEGIN */
253 fom.dnscrypt_proxy.value = fom.f_dnscrypt_proxy.checked ? 1 : 0;
254 + fom.dnscrypt_manual.value = fom.f_dnscrypt_manual.checked ? 1 : 0;
255 /* DNSCRYPT-END */
257 fom.lan_state.value = 0;
258 @@ -1693,6 +1701,7 @@ function init()
259 <!-- DNSSEC-END -->
260 /* DNSCRYPT-BEGIN */
261 <input type='hidden' name='dnscrypt_proxy'>
262 +<input type='hidden' name='dnscrypt_manual'>
263 /* DNSCRYPT-END */
264 <input type='hidden' name='lan_state'>
266 @@ -1795,12 +1804,16 @@ createFieldTable('', [
267 /* DNSSEC-END */
268 /* DNSCRYPT-BEGIN */
269 { title: 'DNSCrypt Service', name: 'f_dnscrypt_proxy', type: 'checkbox', value: (nvram.dnscrypt_proxy == 1) },
270 + { title: 'Manual Entry', indent: 2, name: 'f_dnscrypt_manual', type: 'checkbox', value: (nvram.dnscrypt_manual == 1) },
271 + { title: 'Resolver', indent: 2, name: 'dnscrypt_resolver', type: 'select', options: _dnscrypt_resolvers_, value: nvram.dnscrypt_resolver, suffix: ' <a href=\'https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv\' target=\'_new\'>Resolver Details</a>' },
272 + { title: 'Resolver Address', indent: 2, name: 'dnscrypt_resolver_address', type: 'text', maxlen: 50, size: 25, value: nvram.dnscrypt_resolver_address, suffix: ' <a href=\'https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv\' target=\'_new\'>Resolver Details</a>' },
273 + { title: 'Provider Name', indent: 2, name: 'dnscrypt_provider_name', type: 'text', maxlen: 60, size: 25, value: nvram.dnscrypt_provider_name },
274 + { title: 'Provider Public Key', indent: 2, name: 'dnscrypt_provider_key', type: 'text', maxlen: 80, size: 25, value: nvram.dnscrypt_provider_key },
275 { title: 'Priority', indent: 2, name: 'dnscrypt_priority', type: 'select', options: [['1','Strict-Order'],['2','No-Resolv'],['0','None']], value: nvram.dnscrypt_priority },
276 { title: 'Local Port', indent: 2, name: 'dnscrypt_port', type: 'text', maxlen: 5, size: 7, value: nvram.dnscrypt_port },
277 - { title: 'Boot Parameters', indent: 2, name: 'dnscrypt_cmd', type: 'text', maxlen: 256, size: 64, value: nvram.dnscrypt_cmd, suffix: ' <i>(optional)</i>' },
278 + { title: 'Log Level', indent: 2, name: 'dnscrypt_log', type: 'text', maxlen: 2, size: 5, value: nvram.dnscrypt_log },
279 /* DNSCRYPT-END */
280 { title: 'WINS <i>(for DHCP)</i>', name: 'wan_wins', type: 'text', maxlen: 15, size: 17, value: nvram.wan_wins }
281 -/* VLAN-END */
282 ]);
283 </script>
284 </div>
285 diff --git a/release/src/router/www/dnscrypt-helper.sh b/release/src/router/www/dnscrypt-helper.sh
286 new file mode 100755
287 index 0000000..b811b17
288 --- /dev/null
289 +++ b/release/src/router/www/dnscrypt-helper.sh
290 @@ -0,0 +1,19 @@
291 +#!/bin/bash
292 +
293 +resolvers=(`awk -F"," '{if (NR!=1) {print $1}}' $1`)
294 +list="["
295 +
296 +x=0
297 +while [ $x -lt ${#resolvers[*]} ]
298 +do
299 + list+="['${resolvers[$x]}','${resolvers[$x]}']"
300 + if [ $x -lt $(( ${#resolvers[*]} - 1 )) ];
301 + then
302 + list+=","
303 + fi
304 + x=$(( $x + 1 ))
305 +done
306 +
307 +list+="]"
308 +
309 +sed -i 's/_dnscrypt_resolvers_/'"$list"'/' $2