diff --git a/.gitignore b/.gitignore
index 0098ce34..e47272eb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,47 @@
+# auto-generated files from Android builds
+build.xml
+ant.properties
+default.properties
+proguard.cfg
+proguard-project.txt
+#
+releases
+docs
+doc
+.directory
+
+#built application files
+*.apk
+*.ap_
+
+# files for the dex VM
+*.dex
+
+# Java class files
+*.class
+
+# subdirs for generated files
+bin/
+gen/
+
+# Local configuration file (sdk path, etc)
+local.properties
+
+# Windows thumbnail db
+Thumbs.db
+
+# OSX files
+.DS_Store
+
+# Android Studio
+*.iml
+.idea/
+.gradle/
+build/
+
+#tfx
+.transifexrc
+
/external/appcompat/bin/
/external/appcompat/gen/
/external/bin/
@@ -14,17 +58,11 @@ native
libs/jtorctl.jar
local.properties
builds
-/patches/*
+external/patches/*
obj
-releases
-.transifexrc
-# native build products
-*.so
-pdnsd
-*.mp3
-# ant build products
-build.xml
-proguard-project.txt
-ant.properties
\ No newline at end of file
+app/src/main/jniLibs/
+app/src/main/libs/
+orbotservice/src/main/libs/
+orbotservice/src/main/assets/armeabi/
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 9a80a30b..fd25aca4 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1,11 +1,11 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/com/google/zxing/integration/android/IntentIntegrator.java b/app/src/main/java/com/google/zxing/integration/android/IntentIntegrator.java
similarity index 100%
rename from src/com/google/zxing/integration/android/IntentIntegrator.java
rename to app/src/main/java/com/google/zxing/integration/android/IntentIntegrator.java
diff --git a/src/com/google/zxing/integration/android/IntentResult.java b/app/src/main/java/com/google/zxing/integration/android/IntentResult.java
similarity index 100%
rename from src/com/google/zxing/integration/android/IntentResult.java
rename to app/src/main/java/com/google/zxing/integration/android/IntentResult.java
diff --git a/src/org/torproject/android/service/OnBootReceiver.java b/app/src/main/java/org/torproject/android/OnBootReceiver.java
similarity index 69%
rename from src/org/torproject/android/service/OnBootReceiver.java
rename to app/src/main/java/org/torproject/android/OnBootReceiver.java
index 36891e86..722f4f1b 100644
--- a/src/org/torproject/android/service/OnBootReceiver.java
+++ b/app/src/main/java/org/torproject/android/OnBootReceiver.java
@@ -1,26 +1,30 @@
-package org.torproject.android.service;
+package org.torproject.android;
-import org.torproject.android.Prefs;
-import org.torproject.android.vpn.VPNEnableActivity;
-
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
+import org.torproject.android.service.util.Prefs;
+import org.torproject.android.service.TorService;
+import org.torproject.android.service.TorServiceConstants;
+import org.torproject.android.vpn.VPNEnableActivity;
+
public class OnBootReceiver extends BroadcastReceiver {
-
+
+ private static boolean sReceivedBoot = false;
+
@Override
public void onReceive(Context context, Intent intent) {
- Prefs.setContext(context);
- if (Prefs.startOnBoot())
- {
+ if (Prefs.startOnBoot() && (!sReceivedBoot))
+ {
if (Prefs.useVpn())
startVpnService(context); //VPN will start Tor once it is done
else
startService(TorServiceConstants.ACTION_START, context);
-
+
+ sReceivedBoot = true;
}
}
@@ -34,7 +38,7 @@ public class OnBootReceiver extends BroadcastReceiver {
private void startService (String action, Context context)
{
- Intent torService = new Intent(context, TorService.class);
+ Intent torService = new Intent(context, TorService.class);
torService.setAction(action);
context.startService(torService);
diff --git a/src/org/torproject/android/OrbotApp.java b/app/src/main/java/org/torproject/android/OrbotApp.java
similarity index 56%
rename from src/org/torproject/android/OrbotApp.java
rename to app/src/main/java/org/torproject/android/OrbotApp.java
index 7bbb6496..e6fd014d 100644
--- a/src/org/torproject/android/OrbotApp.java
+++ b/app/src/main/java/org/torproject/android/OrbotApp.java
@@ -6,15 +6,15 @@ import android.app.Activity;
import android.app.Application;
import android.content.Intent;
import android.content.res.Configuration;
+import android.net.VpnService;
import android.os.Build;
-import android.text.TextUtils;
import android.util.Log;
-import org.torproject.android.service.TorServiceConstants;
+import org.torproject.android.service.OrbotConstants;
+import org.torproject.android.service.util.Prefs;
-import info.guardianproject.util.Languages;
+import org.torproject.android.settings.Languages;
-import java.io.File;
import java.util.Locale;
public class OrbotApp extends Application implements OrbotConstants
@@ -22,18 +22,6 @@ public class OrbotApp extends Application implements OrbotConstants
private Locale locale;
- public static File appBinHome;
- public static File appCacheHome;
-
- public static File fileTor;
- public static File filePolipo;
- public static File fileObfsclient;
- // public static File fileMeekclient;
- public static File fileXtables;
- public static File fileTorRc;
- public static File filePdnsd;
-
-
@Override
public void onCreate() {
super.onCreate();
@@ -42,16 +30,6 @@ public class OrbotApp extends Application implements OrbotConstants
Languages.setup(OrbotMainActivity.class, R.string.menu_settings);
Languages.setLanguage(this, Prefs.getDefaultLocale(), true);
- appBinHome = getDir(TorServiceConstants.DIRECTORY_TOR_BINARY,Application.MODE_PRIVATE);
- appCacheHome = getDir(TorServiceConstants.DIRECTORY_TOR_DATA,Application.MODE_PRIVATE);
-
- fileTor= new File(appBinHome, TorServiceConstants.TOR_ASSET_KEY);
- filePolipo = new File(appBinHome, TorServiceConstants.POLIPO_ASSET_KEY);
- fileObfsclient = new File(appBinHome, TorServiceConstants.OBFSCLIENT_ASSET_KEY);
- fileXtables = new File(appBinHome, TorServiceConstants.IPTABLES_ASSET_KEY);
- fileTorRc = new File(appBinHome, TorServiceConstants.TORRC_ASSET_KEY);
- filePdnsd = new File(appBinHome, TorServiceConstants.PDNSD_ASSET_KEY);
-
}
@Override
diff --git a/src/org/torproject/android/OrbotMainActivity.java b/app/src/main/java/org/torproject/android/OrbotMainActivity.java
similarity index 96%
rename from src/org/torproject/android/OrbotMainActivity.java
rename to app/src/main/java/org/torproject/android/OrbotMainActivity.java
index 0a4c25ad..5e57c2c7 100644
--- a/src/org/torproject/android/OrbotMainActivity.java
+++ b/app/src/main/java/org/torproject/android/OrbotMainActivity.java
@@ -3,8 +3,6 @@
package org.torproject.android;
-import static org.torproject.android.OrbotConstants.TAG;
-
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
@@ -18,9 +16,11 @@ import java.util.Random;
import java.util.StringTokenizer;
import org.json.JSONArray;
+import org.torproject.android.service.OrbotConstants;
+import org.torproject.android.service.util.Prefs;
import org.torproject.android.service.TorService;
import org.torproject.android.service.TorServiceConstants;
-import org.torproject.android.service.TorServiceUtils;
+import org.torproject.android.service.util.TorServiceUtils;
import org.torproject.android.settings.SettingsPreferences;
import org.torproject.android.ui.ImageProgressView;
import org.torproject.android.ui.PromoAppsActivity;
@@ -52,6 +52,7 @@ import android.support.v4.content.LocalBroadcastManager;
import android.support.v4.widget.DrawerLayout;
import android.support.v7.app.ActionBarDrawerToggle;
import android.support.v7.app.AppCompatActivity;
+import android.support.v7.widget.SwitchCompat;
import android.support.v7.widget.Toolbar;
import android.util.AttributeSet;
import android.util.Log;
@@ -70,10 +71,10 @@ import android.widget.AdapterView;
import android.widget.AdapterView.OnItemSelectedListener;
import android.widget.ArrayAdapter;
import android.widget.Button;
+import android.widget.CompoundButton;
import android.widget.Spinner;
import android.widget.TextView;
import android.widget.Toast;
-import android.widget.ToggleButton;
import com.google.zxing.integration.android.IntentIntegrator;
import com.google.zxing.integration.android.IntentResult;
@@ -89,9 +90,9 @@ public class OrbotMainActivity extends AppCompatActivity
private TextView uploadText = null;
private TextView mTxtOrbotLog = null;
- private Button mBtnBrowser = null;
- private ToggleButton mBtnVPN = null;
- private ToggleButton mBtnBridges = null;
+ // private Button mBtnBrowser = null;
+ private SwitchCompat mBtnVPN = null;
+ private SwitchCompat mBtnBridges = null;
private Spinner spnCountries = null;
@@ -156,16 +157,20 @@ public class OrbotMainActivity extends AppCompatActivity
new IntentFilter(TorServiceConstants.LOCAL_ACTION_LOG));
}
- private void sendIntentToService(String action) {
- Intent torService = new Intent(this, TorService.class);
- torService.setAction(action);
- startService(torService);
+ private void sendIntentToService(final String action) {
+
+ Intent torService = new Intent(OrbotMainActivity.this, TorService.class);
+ torService.setAction(action);
+ startService(torService);
+
}
private void stopTor() {
- imgStatus.setImageResource(R.drawable.torstarting);
- Intent torService = new Intent(this, TorService.class);
+
+ imgStatus.setImageResource(R.drawable.torstarting);
+ Intent torService = new Intent(OrbotMainActivity.this, TorService.class);
stopService(torService);
+
}
/**
@@ -253,7 +258,7 @@ public class OrbotMainActivity extends AppCompatActivity
// Gesture detection
mGestureDetector = new GestureDetector(this, new MyGestureDetector());
-
+ /**
mBtnBrowser = (Button)findViewById(R.id.btnBrowser);
mBtnBrowser.setOnClickListener(new View.OnClickListener ()
{
@@ -267,8 +272,9 @@ public class OrbotMainActivity extends AppCompatActivity
});
mBtnBrowser.setEnabled(false);
-
- mBtnVPN = (ToggleButton)findViewById(R.id.btnVPN);
+ */
+
+ mBtnVPN = (SwitchCompat)findViewById(R.id.btnVPN);
boolean canDoVPN = Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH;
@@ -288,24 +294,26 @@ public class OrbotMainActivity extends AppCompatActivity
startActivity(new Intent(OrbotMainActivity.this,VPNEnableActivity.class));
}
- mBtnVPN.setOnClickListener(new View.OnClickListener ()
- {
-
- @Override
- public void onClick(View v) {
-
- if (mBtnVPN.isChecked())
- startActivity(new Intent(OrbotMainActivity.this,VPNEnableActivity.class));
- else
- stopVpnService();
-
- }
-
- });
+ mBtnVPN.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener()
+ {
+ @Override
+ public void onCheckedChanged(CompoundButton buttonView, boolean isChecked)
+ {
+
+ Prefs.putUseVpn(isChecked);
+
+ if (isChecked)
+ startActivity(new Intent(OrbotMainActivity.this,VPNEnableActivity.class));
+ else
+ stopVpnService();
+ }
+ });
+
+
}
- mBtnBridges = (ToggleButton)findViewById(R.id.btnBridges);
+ mBtnBridges = (SwitchCompat)findViewById(R.id.btnBridges);
mBtnBridges.setChecked(Prefs.bridgesEnabled());
mBtnBridges.setOnClickListener(new View.OnClickListener ()
{
@@ -319,7 +327,6 @@ public class OrbotMainActivity extends AppCompatActivity
}
else
{
- Toast.makeText(OrbotMainActivity.this, R.string.note_only_standard_tor_bridges_work_on_intel_x86_atom_devices, Toast.LENGTH_LONG).show();
showGetBridgePrompt(""); //if other chip ar, only stock bridges are supported
}
}
@@ -824,9 +831,15 @@ public class OrbotMainActivity extends AppCompatActivity
}
}
- else if (request == REQUEST_VPN && response == RESULT_OK)
+ else if (request == REQUEST_VPN)
{
- sendIntentToService(TorServiceConstants.CMD_VPN);
+ if (response == RESULT_OK)
+ sendIntentToService(TorServiceConstants.CMD_VPN);
+ else
+ {
+ Prefs.putUseVpn(false);
+
+ }
}
IntentResult scanResult = IntentIntegrator.parseActivityResult(request, response, data);
@@ -1059,11 +1072,7 @@ public class OrbotMainActivity extends AppCompatActivity
protected void onResume() {
super.onResume();
- if (mPrefs != null)
- {
- mBtnVPN.setChecked(Prefs.useVpn());
- mBtnBridges.setChecked(Prefs.bridgesEnabled());
- }
+ mBtnBridges.setChecked(Prefs.bridgesEnabled());
requestTorStatus();
@@ -1120,7 +1129,7 @@ public class OrbotMainActivity extends AppCompatActivity
imgStatus.setImageResource(R.drawable.toron);
- mBtnBrowser.setEnabled(true);
+ //mBtnBrowser.setEnabled(true);
if (torServiceMsg != null)
{
@@ -1166,7 +1175,7 @@ public class OrbotMainActivity extends AppCompatActivity
else
lblStatus.setText(getString(R.string.status_starting_up));
- mBtnBrowser.setEnabled(false);
+ // mBtnBrowser.setEnabled(false);
} else if (torStatus == TorServiceConstants.STATUS_STOPPING) {
@@ -1175,13 +1184,13 @@ public class OrbotMainActivity extends AppCompatActivity
imgStatus.setImageResource(R.drawable.torstarting);
lblStatus.setText(torServiceMsg);
- mBtnBrowser.setEnabled(false);
+ // mBtnBrowser.setEnabled(false);
} else if (torStatus == TorServiceConstants.STATUS_OFF) {
imgStatus.setImageResource(R.drawable.toroff);
lblStatus.setText(getString(R.string.press_to_start));
- mBtnBrowser.setEnabled(false);
+// mBtnBrowser.setEnabled(false);
}
if (torServiceMsg != null && torServiceMsg.length() > 0)
@@ -1197,6 +1206,7 @@ public class OrbotMainActivity extends AppCompatActivity
*/
private void startTor() {
sendIntentToService(TorServiceConstants.ACTION_START);
+ mTxtOrbotLog.setText("");
}
/**
diff --git a/src/info/guardianproject/util/Languages.java b/app/src/main/java/org/torproject/android/settings/Languages.java
similarity index 99%
rename from src/info/guardianproject/util/Languages.java
rename to app/src/main/java/org/torproject/android/settings/Languages.java
index 6219661f..dabddea2 100644
--- a/src/info/guardianproject/util/Languages.java
+++ b/app/src/main/java/org/torproject/android/settings/Languages.java
@@ -1,7 +1,6 @@
-package info.guardianproject.util;
+package org.torproject.android.settings;
import android.annotation.SuppressLint;
-import android.annotation.TargetApi;
import android.app.Activity;
import android.content.ContextWrapper;
import android.content.Intent;
diff --git a/src/org/torproject/android/settings/SettingsPreferences.java b/app/src/main/java/org/torproject/android/settings/SettingsPreferences.java
similarity index 88%
rename from src/org/torproject/android/settings/SettingsPreferences.java
rename to app/src/main/java/org/torproject/android/settings/SettingsPreferences.java
index 8d861f47..00fd251f 100644
--- a/src/org/torproject/android/settings/SettingsPreferences.java
+++ b/app/src/main/java/org/torproject/android/settings/SettingsPreferences.java
@@ -15,16 +15,11 @@ import android.preference.Preference;
import android.preference.Preference.OnPreferenceChangeListener;
import android.preference.Preference.OnPreferenceClickListener;
import android.preference.PreferenceActivity;
-import android.widget.Toast;
-import info.guardianproject.util.Languages;
-
-import org.sufficientlysecure.rootcommands.RootCommands;
-import org.sufficientlysecure.rootcommands.Shell;
import org.torproject.android.OrbotApp;
-import org.torproject.android.Prefs;
import org.torproject.android.R;
-import org.torproject.android.service.TorServiceUtils;
+import org.torproject.android.ui.AppManager;
+import org.torproject.android.service.util.TorServiceUtils;
import java.util.Locale;
@@ -136,26 +131,9 @@ public class SettingsPreferences
{
if (prefRequestRoot.isChecked())
{
-
- boolean canRoot = RootCommands.rootAccessGiven();
- prefRequestRoot.setChecked(canRoot);
- if (!canRoot)
- {
- try
- {
- Shell shell = Shell.startRootShell();
- shell.close();
-
- prefRequestRoot.setChecked(true);
- prefCBTransProxy.setEnabled(true);
-
- }
- catch (Exception e)
- {
- Toast.makeText(this, R.string.wizard_permissions_no_root_msg, Toast.LENGTH_LONG).show();
- }
- }
+ prefCBTransProxy.setEnabled(true);
+
}
}
else if (preference == prefTransProxyApps)
diff --git a/src/org/torproject/android/settings/AppManager.java b/app/src/main/java/org/torproject/android/ui/AppManager.java
similarity index 97%
rename from src/org/torproject/android/settings/AppManager.java
rename to app/src/main/java/org/torproject/android/ui/AppManager.java
index 6bb14375..82a20b3c 100644
--- a/src/org/torproject/android/settings/AppManager.java
+++ b/app/src/main/java/org/torproject/android/ui/AppManager.java
@@ -1,7 +1,7 @@
/* Copyright (c) 2009, Nathan Freitas, Orbot / The Guardian Project - http://openideals.com/guardian */
/* See LICENSE for licensing information */
-package org.torproject.android.settings;
+package org.torproject.android.ui;
import java.util.ArrayList;
import java.util.Arrays;
@@ -10,9 +10,10 @@ import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
+import org.torproject.android.service.OrbotConstants;
import org.torproject.android.R;
-import org.torproject.android.OrbotConstants;
-import org.torproject.android.service.TorServiceUtils;
+import org.torproject.android.service.util.TorServiceUtils;
+import org.torproject.android.service.transproxy.TorifiedApp;
import android.app.Activity;
import android.content.Context;
@@ -36,7 +37,6 @@ import android.widget.ImageView;
import android.widget.ListAdapter;
import android.widget.ListView;
import android.widget.TextView;
-//import android.R;
public class AppManager extends Activity implements OnCheckedChangeListener, OnClickListener, OrbotConstants {
@@ -94,7 +94,7 @@ public class AppManager extends Activity implements OnCheckedChangeListener, OnC
Context context = getApplicationContext();
SharedPreferences prefs = TorServiceUtils.getSharedPrefs(context);
ArrayList apps = getApps(context, prefs);
- parentView = (View) findViewById(R.layout.layout_apps);
+ parentView = (View) findViewById(R.id.applistview);
viewGroup = (ViewGroup) listView;
adapter = (ArrayAdapter) listApps.getAdapter();
@@ -160,7 +160,7 @@ public class AppManager extends Activity implements OnCheckedChangeListener, OnC
final LayoutInflater inflater = getLayoutInflater();
- ListAdapter adapter = new ArrayAdapter(this,R.layout.layout_apps_item,R.id.itemtext,mApps) {
+ ListAdapter adapter = new ArrayAdapter(this, R.layout.layout_apps_item, R.id.itemtext,mApps) {
public View getView(int position, View convertView, ViewGroup parent) {
ListEntry entry;
if (convertView == null) {
diff --git a/src/org/torproject/android/ui/BridgeSetupActivity.java b/app/src/main/java/org/torproject/android/ui/BridgeSetupActivity.java
similarity index 100%
rename from src/org/torproject/android/ui/BridgeSetupActivity.java
rename to app/src/main/java/org/torproject/android/ui/BridgeSetupActivity.java
diff --git a/src/org/torproject/android/ui/ImageProgressView.java b/app/src/main/java/org/torproject/android/ui/ImageProgressView.java
similarity index 100%
rename from src/org/torproject/android/ui/ImageProgressView.java
rename to app/src/main/java/org/torproject/android/ui/ImageProgressView.java
diff --git a/src/org/torproject/android/ui/OrbotDiagnosticsActivity.java b/app/src/main/java/org/torproject/android/ui/OrbotDiagnosticsActivity.java
similarity index 94%
rename from src/org/torproject/android/ui/OrbotDiagnosticsActivity.java
rename to app/src/main/java/org/torproject/android/ui/OrbotDiagnosticsActivity.java
index 5a01a942..63c54378 100644
--- a/src/org/torproject/android/ui/OrbotDiagnosticsActivity.java
+++ b/app/src/main/java/org/torproject/android/ui/OrbotDiagnosticsActivity.java
@@ -5,12 +5,9 @@ import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.util.ArrayList;
-import org.sufficientlysecure.rootcommands.Shell;
-import org.sufficientlysecure.rootcommands.command.SimpleCommand;
import org.torproject.android.R;
-import org.torproject.android.service.TorResourceInstaller;
+import org.torproject.android.service.util.TorResourceInstaller;
import org.torproject.android.service.TorServiceConstants;
import android.app.Activity;
@@ -193,14 +190,12 @@ public class OrbotDiagnosticsActivity extends Activity {
if (!fileBin.canExecute())
{
log("(re)Setting permission on binary: " + fileBin.getAbsolutePath());
- Shell shell = Shell.startShell(new ArrayList(), appBinHome.getAbsolutePath());
-
- shell.add(new SimpleCommand("chmod " + TorServiceConstants.CHMOD_EXE_VALUE + ' ' + fileBin.getAbsolutePath())).waitForFinish();
+
+ Runtime.getRuntime().exec("chmod " + TorServiceConstants.CHMOD_EXE_VALUE + ' ' + fileBin.getAbsolutePath()).waitFor();
File fileTest = new File(fileBin.getAbsolutePath());
log(fileTest.getName() + ": POST: Is binary exec? " + fileTest.canExecute());
-
- shell.close();
+
}
return fileBin.canExecute();
diff --git a/src/org/torproject/android/ui/PromoAppsActivity.java b/app/src/main/java/org/torproject/android/ui/PromoAppsActivity.java
similarity index 99%
rename from src/org/torproject/android/ui/PromoAppsActivity.java
rename to app/src/main/java/org/torproject/android/ui/PromoAppsActivity.java
index e51885c2..01c24831 100644
--- a/src/org/torproject/android/ui/PromoAppsActivity.java
+++ b/app/src/main/java/org/torproject/android/ui/PromoAppsActivity.java
@@ -14,7 +14,7 @@ import android.view.View;
import android.view.View.OnClickListener;
import android.widget.Button;
-import org.torproject.android.OrbotConstants;
+import org.torproject.android.service.OrbotConstants;
import org.torproject.android.R;
import org.torproject.android.service.TorServiceConstants;
diff --git a/src/org/torproject/android/ui/Rotate3dAnimation.java b/app/src/main/java/org/torproject/android/ui/Rotate3dAnimation.java
similarity index 100%
rename from src/org/torproject/android/ui/Rotate3dAnimation.java
rename to app/src/main/java/org/torproject/android/ui/Rotate3dAnimation.java
diff --git a/src/org/torproject/android/ui/VPNSetupActivity.java b/app/src/main/java/org/torproject/android/ui/VPNSetupActivity.java
similarity index 100%
rename from src/org/torproject/android/ui/VPNSetupActivity.java
rename to app/src/main/java/org/torproject/android/ui/VPNSetupActivity.java
diff --git a/src/org/torproject/android/vpn/VPNEnableActivity.java b/app/src/main/java/org/torproject/android/vpn/VPNEnableActivity.java
similarity index 95%
rename from src/org/torproject/android/vpn/VPNEnableActivity.java
rename to app/src/main/java/org/torproject/android/vpn/VPNEnableActivity.java
index 8b7dbc64..9ed87d64 100644
--- a/src/org/torproject/android/vpn/VPNEnableActivity.java
+++ b/app/src/main/java/org/torproject/android/vpn/VPNEnableActivity.java
@@ -1,7 +1,7 @@
package org.torproject.android.vpn;
-import org.torproject.android.Prefs;
import org.torproject.android.R;
+import org.torproject.android.service.util.Prefs;
import org.torproject.android.service.TorService;
import org.torproject.android.service.TorServiceConstants;
@@ -12,19 +12,16 @@ import android.app.Dialog;
import android.content.DialogInterface;
import android.content.Intent;
import android.net.VpnService;
-import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.util.Log;
-import android.view.LayoutInflater;
-import android.view.View;
import android.view.Window;
-import android.view.WindowManager;
-import android.widget.TextView;
/*
* To combat background service being stopped/swiped
*/
+
+@TargetApi(14)
public class VPNEnableActivity extends Activity {
private final static int REQUEST_VPN = 7777;
@@ -74,7 +71,6 @@ public class VPNEnableActivity extends Activity {
@Override
public void onClick(DialogInterface dialog, int which) {
Prefs.putUseVpn(true);
-
startVpnService();
}
@@ -159,6 +155,8 @@ public class VPNEnableActivity extends Activity {
Intent torService = new Intent(this, TorService.class);
torService.setAction(action);
startService(torService);
+
+
}
}
diff --git a/res/drawable-hdpi-v11/ic_stat_notifyerr.png b/app/src/main/res/drawable-hdpi-v11/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-hdpi-v11/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-hdpi-v11/ic_stat_notifyerr.png
diff --git a/res/drawable-hdpi-v11/ic_stat_tor.png b/app/src/main/res/drawable-hdpi-v11/ic_stat_tor.png
similarity index 100%
rename from res/drawable-hdpi-v11/ic_stat_tor.png
rename to app/src/main/res/drawable-hdpi-v11/ic_stat_tor.png
diff --git a/res/drawable-hdpi-v11/ic_stat_tor_off.png b/app/src/main/res/drawable-hdpi-v11/ic_stat_tor_off.png
similarity index 100%
rename from res/drawable-hdpi-v11/ic_stat_tor_off.png
rename to app/src/main/res/drawable-hdpi-v11/ic_stat_tor_off.png
diff --git a/res/drawable-hdpi-v11/ic_stat_tor_xfer.png b/app/src/main/res/drawable-hdpi-v11/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-hdpi-v11/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-hdpi-v11/ic_stat_tor_xfer.png
diff --git a/res/drawable-hdpi-v11/inverse.png b/app/src/main/res/drawable-hdpi-v11/inverse.png
similarity index 100%
rename from res/drawable-hdpi-v11/inverse.png
rename to app/src/main/res/drawable-hdpi-v11/inverse.png
diff --git a/res/drawable-hdpi-v9/ic_stat_notifyerr.png b/app/src/main/res/drawable-hdpi-v9/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-hdpi-v9/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-hdpi-v9/ic_stat_notifyerr.png
diff --git a/res/drawable-hdpi-v9/ic_stat_tor.png b/app/src/main/res/drawable-hdpi-v9/ic_stat_tor.png
similarity index 100%
rename from res/drawable-hdpi-v9/ic_stat_tor.png
rename to app/src/main/res/drawable-hdpi-v9/ic_stat_tor.png
diff --git a/res/drawable-hdpi-v9/inverse.png b/app/src/main/res/drawable-hdpi-v9/inverse.png
similarity index 100%
rename from res/drawable-hdpi-v9/inverse.png
rename to app/src/main/res/drawable-hdpi-v9/inverse.png
diff --git a/res/drawable-hdpi/ic_action_settings.png b/app/src/main/res/drawable-hdpi/ic_action_settings.png
similarity index 100%
rename from res/drawable-hdpi/ic_action_settings.png
rename to app/src/main/res/drawable-hdpi/ic_action_settings.png
diff --git a/res/drawable-hdpi/ic_launcher.png b/app/src/main/res/drawable-hdpi/ic_launcher.png
similarity index 100%
rename from res/drawable-hdpi/ic_launcher.png
rename to app/src/main/res/drawable-hdpi/ic_launcher.png
diff --git a/res/drawable-hdpi/ic_stat_notifyerr.png b/app/src/main/res/drawable-hdpi/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-hdpi/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-hdpi/ic_stat_notifyerr.png
diff --git a/res/drawable-hdpi/ic_stat_tor.png b/app/src/main/res/drawable-hdpi/ic_stat_tor.png
similarity index 100%
rename from res/drawable-hdpi/ic_stat_tor.png
rename to app/src/main/res/drawable-hdpi/ic_stat_tor.png
diff --git a/res/drawable-hdpi/ic_stat_tor_xfer.png b/app/src/main/res/drawable-hdpi/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-hdpi/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-hdpi/ic_stat_tor_xfer.png
diff --git a/res/drawable-hdpi/inverse.png b/app/src/main/res/drawable-hdpi/inverse.png
similarity index 100%
rename from res/drawable-hdpi/inverse.png
rename to app/src/main/res/drawable-hdpi/inverse.png
diff --git a/res/drawable-ldpi-v11/ic_stat_notifyerr.png b/app/src/main/res/drawable-ldpi-v11/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-ldpi-v11/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-ldpi-v11/ic_stat_notifyerr.png
diff --git a/res/drawable-ldpi-v11/ic_stat_tor.png b/app/src/main/res/drawable-ldpi-v11/ic_stat_tor.png
similarity index 100%
rename from res/drawable-ldpi-v11/ic_stat_tor.png
rename to app/src/main/res/drawable-ldpi-v11/ic_stat_tor.png
diff --git a/res/drawable-ldpi-v11/inverse.png b/app/src/main/res/drawable-ldpi-v11/inverse.png
similarity index 100%
rename from res/drawable-ldpi-v11/inverse.png
rename to app/src/main/res/drawable-ldpi-v11/inverse.png
diff --git a/res/drawable-ldpi-v9/ic_stat_notifyerr.png b/app/src/main/res/drawable-ldpi-v9/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-ldpi-v9/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-ldpi-v9/ic_stat_notifyerr.png
diff --git a/res/drawable-ldpi-v9/ic_stat_tor.png b/app/src/main/res/drawable-ldpi-v9/ic_stat_tor.png
similarity index 100%
rename from res/drawable-ldpi-v9/ic_stat_tor.png
rename to app/src/main/res/drawable-ldpi-v9/ic_stat_tor.png
diff --git a/res/drawable-ldpi-v9/inverse.png b/app/src/main/res/drawable-ldpi-v9/inverse.png
similarity index 100%
rename from res/drawable-ldpi-v9/inverse.png
rename to app/src/main/res/drawable-ldpi-v9/inverse.png
diff --git a/res/drawable-ldpi/ic_action_settings.png b/app/src/main/res/drawable-ldpi/ic_action_settings.png
similarity index 100%
rename from res/drawable-ldpi/ic_action_settings.png
rename to app/src/main/res/drawable-ldpi/ic_action_settings.png
diff --git a/res/drawable-ldpi/ic_launcher.png b/app/src/main/res/drawable-ldpi/ic_launcher.png
similarity index 100%
rename from res/drawable-ldpi/ic_launcher.png
rename to app/src/main/res/drawable-ldpi/ic_launcher.png
diff --git a/res/drawable-ldpi/ic_stat_notifyerr.png b/app/src/main/res/drawable-ldpi/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-ldpi/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-ldpi/ic_stat_notifyerr.png
diff --git a/res/drawable-ldpi/ic_stat_tor.png b/app/src/main/res/drawable-ldpi/ic_stat_tor.png
similarity index 100%
rename from res/drawable-ldpi/ic_stat_tor.png
rename to app/src/main/res/drawable-ldpi/ic_stat_tor.png
diff --git a/res/drawable-ldpi/inverse.png b/app/src/main/res/drawable-ldpi/inverse.png
similarity index 100%
rename from res/drawable-ldpi/inverse.png
rename to app/src/main/res/drawable-ldpi/inverse.png
diff --git a/res/drawable-mdpi-v11/ic_stat_notifyerr.png b/app/src/main/res/drawable-mdpi-v11/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-mdpi-v11/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-mdpi-v11/ic_stat_notifyerr.png
diff --git a/res/drawable-mdpi-v11/ic_stat_tor.png b/app/src/main/res/drawable-mdpi-v11/ic_stat_tor.png
similarity index 100%
rename from res/drawable-mdpi-v11/ic_stat_tor.png
rename to app/src/main/res/drawable-mdpi-v11/ic_stat_tor.png
diff --git a/res/drawable-mdpi-v11/ic_stat_tor_xfer.png b/app/src/main/res/drawable-mdpi-v11/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-mdpi-v11/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-mdpi-v11/ic_stat_tor_xfer.png
diff --git a/res/drawable-mdpi-v11/inverse.png b/app/src/main/res/drawable-mdpi-v11/inverse.png
similarity index 100%
rename from res/drawable-mdpi-v11/inverse.png
rename to app/src/main/res/drawable-mdpi-v11/inverse.png
diff --git a/res/drawable-mdpi-v9/ic_stat_notifyerr.png b/app/src/main/res/drawable-mdpi-v9/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-mdpi-v9/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-mdpi-v9/ic_stat_notifyerr.png
diff --git a/res/drawable-mdpi-v9/ic_stat_tor.png b/app/src/main/res/drawable-mdpi-v9/ic_stat_tor.png
similarity index 100%
rename from res/drawable-mdpi-v9/ic_stat_tor.png
rename to app/src/main/res/drawable-mdpi-v9/ic_stat_tor.png
diff --git a/res/drawable-mdpi-v9/inverse.png b/app/src/main/res/drawable-mdpi-v9/inverse.png
similarity index 100%
rename from res/drawable-mdpi-v9/inverse.png
rename to app/src/main/res/drawable-mdpi-v9/inverse.png
diff --git a/res/drawable-mdpi/ic_action_settings.png b/app/src/main/res/drawable-mdpi/ic_action_settings.png
similarity index 100%
rename from res/drawable-mdpi/ic_action_settings.png
rename to app/src/main/res/drawable-mdpi/ic_action_settings.png
diff --git a/res/drawable-mdpi/ic_launcher.png b/app/src/main/res/drawable-mdpi/ic_launcher.png
similarity index 100%
rename from res/drawable-mdpi/ic_launcher.png
rename to app/src/main/res/drawable-mdpi/ic_launcher.png
diff --git a/res/drawable-mdpi/ic_stat_notifyerr.png b/app/src/main/res/drawable-mdpi/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-mdpi/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-mdpi/ic_stat_notifyerr.png
diff --git a/res/drawable-mdpi/ic_stat_tor.png b/app/src/main/res/drawable-mdpi/ic_stat_tor.png
similarity index 100%
rename from res/drawable-mdpi/ic_stat_tor.png
rename to app/src/main/res/drawable-mdpi/ic_stat_tor.png
diff --git a/res/drawable-mdpi/ic_stat_tor_xfer.png b/app/src/main/res/drawable-mdpi/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-mdpi/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-mdpi/ic_stat_tor_xfer.png
diff --git a/res/drawable-mdpi/inverse.png b/app/src/main/res/drawable-mdpi/inverse.png
similarity index 100%
rename from res/drawable-mdpi/inverse.png
rename to app/src/main/res/drawable-mdpi/inverse.png
diff --git a/res/drawable-xhdpi-v11/ic_stat_notifyerr.png b/app/src/main/res/drawable-xhdpi-v11/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-xhdpi-v11/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-xhdpi-v11/ic_stat_notifyerr.png
diff --git a/res/drawable-xhdpi-v11/ic_stat_tor.png b/app/src/main/res/drawable-xhdpi-v11/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xhdpi-v11/ic_stat_tor.png
rename to app/src/main/res/drawable-xhdpi-v11/ic_stat_tor.png
diff --git a/res/drawable-xhdpi-v11/ic_stat_tor_xfer.png b/app/src/main/res/drawable-xhdpi-v11/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-xhdpi-v11/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-xhdpi-v11/ic_stat_tor_xfer.png
diff --git a/res/drawable-xhdpi-v11/inverse.png b/app/src/main/res/drawable-xhdpi-v11/inverse.png
similarity index 100%
rename from res/drawable-xhdpi-v11/inverse.png
rename to app/src/main/res/drawable-xhdpi-v11/inverse.png
diff --git a/res/drawable-xhdpi-v9/ic_stat_notifyerr.png b/app/src/main/res/drawable-xhdpi-v9/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-xhdpi-v9/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-xhdpi-v9/ic_stat_notifyerr.png
diff --git a/res/drawable-xhdpi-v9/ic_stat_tor.png b/app/src/main/res/drawable-xhdpi-v9/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xhdpi-v9/ic_stat_tor.png
rename to app/src/main/res/drawable-xhdpi-v9/ic_stat_tor.png
diff --git a/res/drawable-xhdpi-v9/inverse.png b/app/src/main/res/drawable-xhdpi-v9/inverse.png
similarity index 100%
rename from res/drawable-xhdpi-v9/inverse.png
rename to app/src/main/res/drawable-xhdpi-v9/inverse.png
diff --git a/res/drawable-xhdpi/ic_action_settings.png b/app/src/main/res/drawable-xhdpi/ic_action_settings.png
similarity index 100%
rename from res/drawable-xhdpi/ic_action_settings.png
rename to app/src/main/res/drawable-xhdpi/ic_action_settings.png
diff --git a/res/drawable-xhdpi/ic_launcher.png b/app/src/main/res/drawable-xhdpi/ic_launcher.png
similarity index 100%
rename from res/drawable-xhdpi/ic_launcher.png
rename to app/src/main/res/drawable-xhdpi/ic_launcher.png
diff --git a/res/drawable-xhdpi/ic_stat_notifyerr.png b/app/src/main/res/drawable-xhdpi/ic_stat_notifyerr.png
similarity index 100%
rename from res/drawable-xhdpi/ic_stat_notifyerr.png
rename to app/src/main/res/drawable-xhdpi/ic_stat_notifyerr.png
diff --git a/res/drawable-xhdpi/ic_stat_tor.png b/app/src/main/res/drawable-xhdpi/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xhdpi/ic_stat_tor.png
rename to app/src/main/res/drawable-xhdpi/ic_stat_tor.png
diff --git a/res/drawable-xhdpi/ic_stat_tor_xfer.png b/app/src/main/res/drawable-xhdpi/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-xhdpi/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-xhdpi/ic_stat_tor_xfer.png
diff --git a/res/drawable-xhdpi/inverse.png b/app/src/main/res/drawable-xhdpi/inverse.png
similarity index 100%
rename from res/drawable-xhdpi/inverse.png
rename to app/src/main/res/drawable-xhdpi/inverse.png
diff --git a/res/drawable-xxhdpi-v11/ic_stat_tor.png b/app/src/main/res/drawable-xxhdpi-v11/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xxhdpi-v11/ic_stat_tor.png
rename to app/src/main/res/drawable-xxhdpi-v11/ic_stat_tor.png
diff --git a/res/drawable-xxhdpi-v11/ic_stat_tor_xfer.png b/app/src/main/res/drawable-xxhdpi-v11/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-xxhdpi-v11/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-xxhdpi-v11/ic_stat_tor_xfer.png
diff --git a/res/drawable-xxhdpi/ic_launcher.png b/app/src/main/res/drawable-xxhdpi/ic_launcher.png
similarity index 100%
rename from res/drawable-xxhdpi/ic_launcher.png
rename to app/src/main/res/drawable-xxhdpi/ic_launcher.png
diff --git a/res/drawable-xxhdpi/ic_stat_tor.png b/app/src/main/res/drawable-xxhdpi/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xxhdpi/ic_stat_tor.png
rename to app/src/main/res/drawable-xxhdpi/ic_stat_tor.png
diff --git a/res/drawable-xxhdpi/ic_stat_tor_xfer.png b/app/src/main/res/drawable-xxhdpi/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-xxhdpi/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-xxhdpi/ic_stat_tor_xfer.png
diff --git a/res/drawable-xxhdpi/inverse.png b/app/src/main/res/drawable-xxhdpi/inverse.png
similarity index 100%
rename from res/drawable-xxhdpi/inverse.png
rename to app/src/main/res/drawable-xxhdpi/inverse.png
diff --git a/res/drawable-xxxhdpi-v11/ic_stat_tor.png b/app/src/main/res/drawable-xxxhdpi-v11/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xxxhdpi-v11/ic_stat_tor.png
rename to app/src/main/res/drawable-xxxhdpi-v11/ic_stat_tor.png
diff --git a/res/drawable-xxxhdpi-v11/ic_stat_tor_xfer.png b/app/src/main/res/drawable-xxxhdpi-v11/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-xxxhdpi-v11/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-xxxhdpi-v11/ic_stat_tor_xfer.png
diff --git a/res/drawable-xxxhdpi/ic_launcher.png b/app/src/main/res/drawable-xxxhdpi/ic_launcher.png
similarity index 100%
rename from res/drawable-xxxhdpi/ic_launcher.png
rename to app/src/main/res/drawable-xxxhdpi/ic_launcher.png
diff --git a/res/drawable-xxxhdpi/ic_stat_tor.png b/app/src/main/res/drawable-xxxhdpi/ic_stat_tor.png
similarity index 100%
rename from res/drawable-xxxhdpi/ic_stat_tor.png
rename to app/src/main/res/drawable-xxxhdpi/ic_stat_tor.png
diff --git a/res/drawable-xxxhdpi/ic_stat_tor_xfer.png b/app/src/main/res/drawable-xxxhdpi/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable-xxxhdpi/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable-xxxhdpi/ic_stat_tor_xfer.png
diff --git a/res/drawable-xxxhdpi/inverse.png b/app/src/main/res/drawable-xxxhdpi/inverse.png
similarity index 100%
rename from res/drawable-xxxhdpi/inverse.png
rename to app/src/main/res/drawable-xxxhdpi/inverse.png
diff --git a/res/drawable/button.xml b/app/src/main/res/drawable/button.xml
similarity index 94%
rename from res/drawable/button.xml
rename to app/src/main/res/drawable/button.xml
index 4bff5791..9f44d248 100644
--- a/res/drawable/button.xml
+++ b/app/src/main/res/drawable/button.xml
@@ -1,4 +1,4 @@
-
+
diff --git a/res/drawable/button_off.xml b/app/src/main/res/drawable/button_off.xml
similarity index 94%
rename from res/drawable/button_off.xml
rename to app/src/main/res/drawable/button_off.xml
index 18da2869..1304d1b6 100644
--- a/res/drawable/button_off.xml
+++ b/app/src/main/res/drawable/button_off.xml
@@ -1,4 +1,4 @@
-
+
diff --git a/res/drawable/button_on.xml b/app/src/main/res/drawable/button_on.xml
similarity index 94%
rename from res/drawable/button_on.xml
rename to app/src/main/res/drawable/button_on.xml
index 348a6df0..27dc0922 100644
--- a/res/drawable/button_on.xml
+++ b/app/src/main/res/drawable/button_on.xml
@@ -1,4 +1,4 @@
-
+
diff --git a/res/drawable/classyfabric.png b/app/src/main/res/drawable/classyfabric.png
similarity index 100%
rename from res/drawable/classyfabric.png
rename to app/src/main/res/drawable/classyfabric.png
diff --git a/res/drawable/error.png b/app/src/main/res/drawable/error.png
similarity index 100%
rename from res/drawable/error.png
rename to app/src/main/res/drawable/error.png
diff --git a/res/drawable/ic_chatsecure.png b/app/src/main/res/drawable/ic_chatsecure.png
similarity index 100%
rename from res/drawable/ic_chatsecure.png
rename to app/src/main/res/drawable/ic_chatsecure.png
diff --git a/res/drawable/ic_duckduckgo.png b/app/src/main/res/drawable/ic_duckduckgo.png
similarity index 100%
rename from res/drawable/ic_duckduckgo.png
rename to app/src/main/res/drawable/ic_duckduckgo.png
diff --git a/res/drawable/ic_launcher.png b/app/src/main/res/drawable/ic_launcher.png
similarity index 100%
rename from res/drawable/ic_launcher.png
rename to app/src/main/res/drawable/ic_launcher.png
diff --git a/res/drawable/ic_menu_about.png b/app/src/main/res/drawable/ic_menu_about.png
similarity index 100%
rename from res/drawable/ic_menu_about.png
rename to app/src/main/res/drawable/ic_menu_about.png
diff --git a/res/drawable/ic_menu_exit.png b/app/src/main/res/drawable/ic_menu_exit.png
similarity index 100%
rename from res/drawable/ic_menu_exit.png
rename to app/src/main/res/drawable/ic_menu_exit.png
diff --git a/res/drawable/ic_menu_goto.png b/app/src/main/res/drawable/ic_menu_goto.png
similarity index 100%
rename from res/drawable/ic_menu_goto.png
rename to app/src/main/res/drawable/ic_menu_goto.png
diff --git a/res/drawable/ic_play.png b/app/src/main/res/drawable/ic_play.png
similarity index 100%
rename from res/drawable/ic_play.png
rename to app/src/main/res/drawable/ic_play.png
diff --git a/res/drawable/ic_stat_tor_off.png b/app/src/main/res/drawable/ic_stat_tor_off.png
similarity index 100%
rename from res/drawable/ic_stat_tor_off.png
rename to app/src/main/res/drawable/ic_stat_tor_off.png
diff --git a/res/drawable/ic_stat_tor_xfer.png b/app/src/main/res/drawable/ic_stat_tor_xfer.png
similarity index 100%
rename from res/drawable/ic_stat_tor_xfer.png
rename to app/src/main/res/drawable/ic_stat_tor_xfer.png
diff --git a/res/drawable/ic_twitter.png b/app/src/main/res/drawable/ic_twitter.png
similarity index 100%
rename from res/drawable/ic_twitter.png
rename to app/src/main/res/drawable/ic_twitter.png
diff --git a/res/drawable/icon_martus.png b/app/src/main/res/drawable/icon_martus.png
similarity index 100%
rename from res/drawable/icon_martus.png
rename to app/src/main/res/drawable/icon_martus.png
diff --git a/res/drawable/icon_orfox.png b/app/src/main/res/drawable/icon_orfox.png
similarity index 100%
rename from res/drawable/icon_orfox.png
rename to app/src/main/res/drawable/icon_orfox.png
diff --git a/res/drawable/icon_story_maker.png b/app/src/main/res/drawable/icon_story_maker.png
similarity index 100%
rename from res/drawable/icon_story_maker.png
rename to app/src/main/res/drawable/icon_story_maker.png
diff --git a/res/drawable/inverse.png b/app/src/main/res/drawable/inverse.png
similarity index 100%
rename from res/drawable/inverse.png
rename to app/src/main/res/drawable/inverse.png
diff --git a/res/drawable/n8fr8.jpg b/app/src/main/res/drawable/n8fr8.jpg
similarity index 100%
rename from res/drawable/n8fr8.jpg
rename to app/src/main/res/drawable/n8fr8.jpg
diff --git a/res/drawable/oldtoroff.png b/app/src/main/res/drawable/oldtoroff.png
similarity index 100%
rename from res/drawable/oldtoroff.png
rename to app/src/main/res/drawable/oldtoroff.png
diff --git a/res/drawable/oldtoron.png b/app/src/main/res/drawable/oldtoron.png
similarity index 100%
rename from res/drawable/oldtoron.png
rename to app/src/main/res/drawable/oldtoron.png
diff --git a/res/drawable/oldtorstarting.png b/app/src/main/res/drawable/oldtorstarting.png
similarity index 100%
rename from res/drawable/oldtorstarting.png
rename to app/src/main/res/drawable/oldtorstarting.png
diff --git a/res/drawable/onion32.png b/app/src/main/res/drawable/onion32.png
similarity index 100%
rename from res/drawable/onion32.png
rename to app/src/main/res/drawable/onion32.png
diff --git a/res/drawable/tilebg.xml b/app/src/main/res/drawable/tilebg.xml
similarity index 100%
rename from res/drawable/tilebg.xml
rename to app/src/main/res/drawable/tilebg.xml
diff --git a/res/drawable/toggle.xml b/app/src/main/res/drawable/toggle.xml
similarity index 100%
rename from res/drawable/toggle.xml
rename to app/src/main/res/drawable/toggle.xml
diff --git a/res/drawable/tor.png b/app/src/main/res/drawable/tor.png
similarity index 100%
rename from res/drawable/tor.png
rename to app/src/main/res/drawable/tor.png
diff --git a/res/drawable/tor25.png b/app/src/main/res/drawable/tor25.png
similarity index 100%
rename from res/drawable/tor25.png
rename to app/src/main/res/drawable/tor25.png
diff --git a/res/drawable/toroff.png b/app/src/main/res/drawable/toroff.png
similarity index 100%
rename from res/drawable/toroff.png
rename to app/src/main/res/drawable/toroff.png
diff --git a/res/drawable/toron.png b/app/src/main/res/drawable/toron.png
similarity index 100%
rename from res/drawable/toron.png
rename to app/src/main/res/drawable/toron.png
diff --git a/res/drawable/torstarting.png b/app/src/main/res/drawable/torstarting.png
similarity index 100%
rename from res/drawable/torstarting.png
rename to app/src/main/res/drawable/torstarting.png
diff --git a/res/layout-v21/layout_notification_expanded.xml b/app/src/main/res/layout-v21/layout_notification_expanded.xml
similarity index 100%
rename from res/layout-v21/layout_notification_expanded.xml
rename to app/src/main/res/layout-v21/layout_notification_expanded.xml
diff --git a/res/layout/layout_about.xml b/app/src/main/res/layout/layout_about.xml
similarity index 100%
rename from res/layout/layout_about.xml
rename to app/src/main/res/layout/layout_about.xml
diff --git a/res/layout/layout_apps.xml b/app/src/main/res/layout/layout_apps.xml
similarity index 100%
rename from res/layout/layout_apps.xml
rename to app/src/main/res/layout/layout_apps.xml
diff --git a/res/layout/layout_apps_item.xml b/app/src/main/res/layout/layout_apps_item.xml
similarity index 100%
rename from res/layout/layout_apps_item.xml
rename to app/src/main/res/layout/layout_apps_item.xml
diff --git a/res/layout/layout_diag.xml b/app/src/main/res/layout/layout_diag.xml
similarity index 100%
rename from res/layout/layout_diag.xml
rename to app/src/main/res/layout/layout_diag.xml
diff --git a/res/layout/layout_help.xml b/app/src/main/res/layout/layout_help.xml
similarity index 100%
rename from res/layout/layout_help.xml
rename to app/src/main/res/layout/layout_help.xml
diff --git a/res/layout/layout_log.xml b/app/src/main/res/layout/layout_log.xml
similarity index 100%
rename from res/layout/layout_log.xml
rename to app/src/main/res/layout/layout_log.xml
diff --git a/res/layout/layout_main.xml b/app/src/main/res/layout/layout_main.xml
similarity index 51%
rename from res/layout/layout_main.xml
rename to app/src/main/res/layout/layout_main.xml
index 4a041c3b..b8341359 100644
--- a/res/layout/layout_main.xml
+++ b/app/src/main/res/layout/layout_main.xml
@@ -30,92 +30,7 @@
android:layout_height="wrap_content"
>
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
@@ -154,20 +68,20 @@ android:layout_gravity="center_horizontal|center_vertical"/>
android:fontFamily="sans-serif-light"
android:text=""
android:lines="2"
- android:maxLines="2"
+ android:maxLines="2"
android:layout_gravity="center_horizontal"
android:layout_margin="0dp"
- android:layout_marginLeft="5dp"
+ android:layout_marginLeft="5dp"
android:layout_marginRight="5dp"
/>
-
+
+
-
-
-
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-ar/strings.xml b/app/src/main/res/values-ar/strings.xml
similarity index 78%
rename from res/values-ar/strings.xml
rename to app/src/main/res/values-ar/strings.xml
index 0830fb8b..0b2a1f63 100644
--- a/res/values-ar/strings.xml
+++ b/app/src/main/res/values-ar/strings.xml
@@ -1,4 +1,4 @@
-
+
اوربوتاوربوت هو تطبيق الوكيل-البروكسي الحر الذي يمكّن تطبيقات أخرى لاستخدام الإنترنت بأمان أكثر . يُستخدم اوربوت تور لتشفير تحركات مرورك على الإنترنت ، ثم يخفيك ويجعلك وهمي من خلال سلسلة من أجهزة الكمبيوتر في جميع أنحاء العالم . تور هو تطبيق حر وشبكة مفتوحة والتي تساعدك على حماية نفسك من مراقبة الشبكات التي تهدد الحرية الشخصية والخصوصية ، والأنشطة التجارية السرية والعلاقات ، وأمن الدولة والحكومات القمعيّة والتي تستخدم مايعرف باسم تحليل حركة مرور البيانات .
@@ -99,15 +99,21 @@ HTTP: / /tinyurl.com/proxyandroid\nفعل اوربوت و اتصل بتور تلقائياً عندما يبدء جهاز الأندرويد الخاص بك بالعمل
+ اوربت يجعل تور ممكناً على نظام الأندرويد. يساعدك تور في الدفاع ضد عملية ترشيح المحتويات, تحليل مسارات المرور, ومراقبة الشبكة والتي تهدد خصوصيتك, المعلومات السرية والعلاقات الشخصية. هذه الأداة ستساعدك من تهيئة اوربت مع تور على جهازكتحذير
+ لن يقوم اوربت بأخفاء هوية مسارك بشكل اوتوماتيكي او آلي بمجرد تنصيبه. بل يجب عليك ان تقوم بتهيئته مع جهازك بالأضافة الى تهيئة تطبيقات اخرى لتستطيع استخدام تور بنجاح.الصلاحياتيمكنك اعطاء اوربوت صلاحيات حساب رووت لتشغيل المميزات المتقدمة مثل البروكسي الضمني.إذا كنت لا تريد أن تفعل هذا, الرجاء إستخدام برامج معدة للعمل مع اوربوت برامج معدة للعمل مع اوربوت
+ جات سكيور: هو تطبيق للدردشة بشكل آمن مع تشفير عالي جداً
+ اورفوكس: متصفح ذو خصوصية متقدمة يعمل ظمن او من خلال توريمكنك الحصول علي جميع تطبيقات مشروع الجاردين على جوجل بلاي
+ اكتشف كل تطبيقات مشروع الجارديان على اف-درويد
+ اكتشف كل تطبيقات مشروع الجارديان على https://f-droid.org بروكسي ضمنيهذه ستسمح للبرامج بالاتصال بشبكة تور تلقائياً دون اعداد مسبق.
@@ -123,6 +129,11 @@ HTTP: / /tinyurl.com/proxyandroid\n
نقاط الدخولبصمات، اسماء مستعارة، البلدان و العناوين لأول نقطة اتصالأدخل نقاط الدخول
+ إسمح للخلفية بألبدأ
+ إسمح لأي تطبيق بأن يُخبِر اوربت بأن يفعل تور مع الخدمات المرتبطة به
+ اُخوِّل الكل
+ بدون تخويل
+ اعكس المُحددبروكسي الشبكة الصادرة (اختياري)نوع البروكسي الصادرالبروتوكول المستخدم لخادم البروكسي: HTTP, HTTPS, Socks4, Socks5
@@ -147,6 +158,7 @@ HTTP: / /tinyurl.com/proxyandroid\n
تحذير: حصل خطأ بتشغيل البروكسي الضمني!تم مسح قواعد البروكسي الضمنيلقد تعذر بدء تشغيل تور:
+ بوليبو يعمل على المحمول يتم إعداد البروكسي الضمني حسب المنفذ...خطأ بالجسرحتي تستطيع إستخدم ميزة الجسور، يجب عليك ادخال عنوان انترنت لجسر واحد علي الأقل.
@@ -190,25 +202,61 @@ HTTP: / /tinyurl.com/proxyandroid\n
اسم العنوان لخدمتك المخفية (يتم انشائه تلقائياً)شغل سجل الـdebug ( للمراجعة يجب استخدام adb أو LogCat)الموقع الرسمي للمشروع (المشاريع):
+ https://www.torproject.org/docs/android\nhttps://guardianproject.info/apps/orbot/رخصة استخدام تورhttps://torproject.orgبرامج من الطرف الثالث:
+ تور: https://www.torproject.org
+ لب إيفينت النسخة http://www.monkey.org/~provos/libevent/ :v2.0.21
+ بوليبو النسخة 1.1.9 : https://github.com/jech/polipo
+ آي بي تايبلز النسخة 1.4.21: http://www.netfilter.org
+ اوبن اس اس ال النسخة: http://www.openssl.org 1.0.1qهناك برنامج يحاول فتح منفذ لخادم مخفي %S إلي شبكة تور. هذا السلوك آمن إذا كنت تثق بهذا البرنامج.عُثر علي عملية تور سابقة تعمل...حصل خطأ ما. افحص السجلالخدمات المخفية التي تعمل حالياً:غير قادر على قراءة اسم الخدمة المخفيةغير قادر على بدء تور:
+ أعِد تشغيل جهازك, غير قادر على اعادة تشغيل توراستخدم الـiptables التلقائيةاستخدم مكونات الـiptables الموجودة ضمناً بالجهاز بدل النسخة المرفقة مع اوربوتغير قادرة على تثبيت أو تحديث توردائما ضع الأيقونة في شريط الأدوات عندما يكون اوربوت متصلاًتنبيهات دائمة
+ قم بأظهار التنبيه بشكل موسع بأستخدام تور. أخرج من البلد ورقم الآي بي رقم العنوان على الشبكة
+ تنبيه موسّعتم تفعيل الجسور!
+ اللغةاختار الإعدادات المحلية و اللغة لاوربوتاختار اللغةإما ان تترك اللغة الافتراضية او إما ان تغير اللغة
+ مدعومة من قبل تورحفظ الإعدادات
+ لا يوجد ارتباط بألانترنيت: تور في وضع الوقف المؤقت
+ عرض النطاق
+ اسفل
+ أعلى
+ لاتوجد شبكة نوم-آلي
+ ضع تور في وضع النوم عند عدم وجود الأنترنيت
+ لقد تحولت الى هوية تور جديدة
+ متصفح
+ استخدم جات سكيور
+ أدارة تور
+ قم بتمكين هذا التطبيق من التحكم بخدمات تور
+ لا يبدو بأن لديك اورفوكس منصباً. هل تريد مساعدتاً في ذلك او لنقم فقط بتشغيل المتصفح؟
+ هل ترغب بتنصيب التطبيقات؟
+ لا يوجد اتصال بألشبكة. سيدخل تور الى وضع النوم
+ الاتصال بألشبكة جيد. تنبيه تور من النوم
+ تحديث الاعدادات في خدمات تور
+ تور سوكس
+ منفذ الشبكات الحاسوبية او بورت الذي يقدمه تور الى وحدة الخدمة النائبة البروكسي في سوكس. (التقصير 9050 او 0 عدم القدرة)
+ تهيئة منفذ الشبكات الحاسوبية بورت في سوكس
+ منفذ الشبكات الحاسوبية في وحدة الخدمة النائبة البروكسي في تور
+ منفذ الشبكات الحاسوبية او بورت الذي يقدمه تور الى البروكسي الشفاف (التقصير 9040 او 0 عدم القدرة)
+ تهيئة بورت البروكسي الشفاف
+ تور, نظام اسماء النطاقات, بورت
+ منفذ الشبكات الحاسوبية او بورت الذي يقدمه تور الى خدمة اسماء النطاق دي ان اس. (التقصير 5400 او 0 لعدم القدرة)
+ إعدادات بورت خادم اسماء النطاقفي بي ان شبكة وهمية خاصة
diff --git a/res/values-az/strings.xml b/app/src/main/res/values-az/strings.xml
similarity index 90%
rename from res/values-az/strings.xml
rename to app/src/main/res/values-az/strings.xml
index 456bab7f..0a84a251 100644
--- a/res/values-az/strings.xml
+++ b/app/src/main/res/values-az/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotPulsuz proksi tətbiqetməsi olan Orbot başqa tətbiqetmələrə internetdən daha təhlükəsiz istifadə etmək imkanı verir. Orbot sizin internet trafikinizi şifrələmək üçün Tordan istifadə edir və dünyanın hər yerində kompüterlərin birindən o birinə sıçramaqla bunu gizlədir. Tor pulsuz proqram təminatıdır, eyni zamanda sizin şəxsi azadlığınız və təhlükəsizliyinizə, gizli biznes fəaliyyəti və əlaqələrə, o cümlədən trafik analiz adlanan dövlət təhlükəsizliyinə xələl gətirə biləcək şəbəkə nəzarəti formalarından müdafiə olunmağa yardım edən açıq şəbəkədir.
@@ -132,6 +132,7 @@
Hər şeyi proksilə
Heç nəyi proksiləmə
+ Seçiminin yerini dəyişİxrac Edilən Şəbəkə Proksisi (istəyə bağlı)İxrac Edilən Proksi NövüProksi serveri istifadə etmək üçün protokol: HTTP, HTTPS, Socks4, Socks5
@@ -250,32 +251,45 @@ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
İnternetlə əlaqə yaxşıdır. Tor iş rejiminə keçir...Tor xidmətində quraşdırmalar yüklənirTor SOCKS
+ Torun təklif etdiyi Port SOCKS proksi işləyir (standart: 9050, yaxud söndürmək üçün 0) SOCKS Port ConfigTor TransProxy Port
+ Torun təklif etdiyi Port Transparent proksi işləyir (standart: 9040, yaxud söndürmək üçün 0) TransProxy Port ConfigTor DNS Port
+ Torun təklif etdiyi Port DNS işləyir (standart: 5400, yaxud söndürmək üçün 0)DNS Port ConfigTorrc Custom ConfigYALNIZ EKSPERTLƏR: birbaşa torrc config xətlərini daxil edinCustom TorrcMobile Martus - Benetech İnsan haqları Sənədləri tətbiqetməsiSizin ictimai Tor İP-ləriniz
+ Orbotla bağlı probleminiz varsa, lütfən, Android->Settings->Apps-də bu tətbiqetməni söndürün;Tətbiqetmə konflikti
+ Transproxy avtomatik yeniləmə
+ Şəbəkə vəziyyəti dəyişəndə Transproxy qaydalarını yenidən tətbiq edin
+ Transproxy MƏCBURİ POZMA
+ Bütün transproxy şəbəkə qaydalarını elə İNDİ ləğv etmək üçün bura klikləyin
+ Transparent proksi qaydaları ləğv edildi
+ Root girişiniz yoxdur
+ Quraşdırma dəyişikliklərinin tətbiq edilməsi üçün Orbota başlamağa və ya onu dayandırmağa ehtiyacınız ola bilər. VPNkbpsmbpsKBMBKörpülər yeniləndi
- Lütfən, Orbotu söndürün və yenidən yandırın ki, dəyişikliklər ətətbiq edilsin.
+ Lütfən, Orbotu söndürün və yenidən yandırın ki, dəyişikliklər tətbiq edilsin.QR kodlar
+ Sənin mobil şəbəkən Toru aktiv şəkildə əngəlləyirsə, şəbəkəyə daxil olmaq üçün Körpüdən istifadə edə bilərsən. Körpüləri aktivləşdirmək üçün yuxarıdakı körpü növlərindən birini SEÇ.Körpü rejimiEmeylVebAktivləşdirTətbiqetmələr VPN Rejimi
+ Tor şəbəkəsi vasitəsiylə qoşulmaq üçün Android.\n\n*WARNING*-in VPN funksiyasından istifadə edərək öz qurğunda bütün tətbiqetmələri aktivləşdirə bilərsən. Bu, yeni, eksperimental funksiyadır və bəzən avtomatik olaraq başlamaya, yaxud dayana bilər. Bundan anonimlik məqsədiylə istifadə etmək OLMAZ, bundan YALNIZ süzgəc və qoruma divarlarından keçmək üçün istifadə etmək lazımdır. Emeyl göndərin
- Körpü ünvanını siz emeyl və veb vasitəsiylə, ya da körpünün QR kodunu skan etməklə əldə edə bilərsiniz. Körpü ünvanı haqda sorğunun altında \'Email\'i, yaxud \'Web\'i seçin.\n\nÜnvanı əldə edəndən sonra &-i nüsxələyin və onu Orbot quraşdırmasındakı "Bridges" parametrinə qoyun və cihazı yenidən yükləyin.
+ Körpü ünvanını siz emeyl və veb vasitəsiylə, ya da körpünün QR kodunu skan etməklə əldə edə bilərsiniz. Körpü ünvanı haqda sorğunun altında \'Email\'i, yaxud \'Web\'i seçin.\n\nÜnvanı əldə edəndən sonra &-i nüsxələyin və onu Orbot quraşdırmasındakı \"Bridges\" parametrinə qoyun və cihazı yenidən yükləyin.Orfoxu quraşdırınStandart BrauzerQEYD: Intel X86/ATOM cihazlarında yalnız standart Tor körpülər işləyir.
diff --git a/res/values-bg/strings.xml b/app/src/main/res/values-bg/strings.xml
similarity index 98%
rename from res/values-bg/strings.xml
rename to app/src/main/res/values-bg/strings.xml
index d79a4059..22aff363 100644
--- a/res/values-bg/strings.xml
+++ b/app/src/main/res/values-bg/strings.xml
@@ -1,4 +1,4 @@
-
+
ОрботOrbot е безплатна прокси програма, която дава възможноста на други програми да използват интерент по-сигурно. Orbot използва Tor, за да криптира Интернет трафика и след това го скрива като препраща през няколко компютъра по целия свят. Tor е безплатен софтуер и отворена мрежа, която ти помага да се предпазиш от шпиониране по мрежата, което заплашва твоята свобода и лично пространство, конфиденциални бизнес отношение и връзки, и от вид правителствено следене наречено трафик анализ.
@@ -277,6 +277,7 @@
Мостове включени!Моля, рестартирай Orbot, за да влязат в действие променитеQR Кодове
+ Ако вашата мрежа целенасочено блирва Tor, може да използвате Мост, за да се свържете. ИЗБЕРЕТЕ един от видовете мостове изброени по-горе, за да включите тази функционалност.Режим мостИмейлУеб
diff --git a/res/values-bn-rBD/strings.xml b/app/src/main/res/values-bn-rBD/strings.xml
similarity index 96%
rename from res/values-bn-rBD/strings.xml
rename to app/src/main/res/values-bn-rBD/strings.xml
index 979056e5..d179a61e 100644
--- a/res/values-bn-rBD/strings.xml
+++ b/app/src/main/res/values-bn-rBD/strings.xml
@@ -1,4 +1,4 @@
-
+
অরবটOrbot একটি ফ্রি প্রক্সি অ্যাপ্লিকেশন যা অন্যান্য Apps কে আরও নিরাপদভাবে ইন্টারনেট ব্যবহার করার ক্ষমতাপ্রদান করে। Orbot আপনার ইন্টারনেট ট্রাফিক এনক্রিপ্ট করতে টর ব্যবহার এবং তারপর সারা বিশ্বের কম্পিউটারের সিরিজের moddho diye porichalito kore gopon kore. টর ফ্রি সফটওয়্যার এবং আপনি ট্রাফিক বিশ্লেষণ হিসেবে পরিচিত ব্যক্তিগত স্বাধীনতা ও গোপনীয়তা, গোপনীয় বাণিজ্যিক কার্যক্রম এবং সম্পর্ক, এবং রাষ্ট্রীয় নিরাপত্তা হুমকির মুখে পড়ে নেটওয়ার্ক নজরদারি একটি ফর্ম বিরুদ্ধে রক্ষা করতে সাহায্য করে যে একটি খোলা নেটওয়ার্ক.
@@ -6,7 +6,6 @@
অরবট চালু হচ্ছে . . . টর নেটওয়ার্কের সাথে সংযুক্ত হয়েছেঅরবট নিষ্ক্রিয় করা হয়েছে
- অরবট বন্ধ হয়ে যাচ্ছেটর ক্লায়েন্ট চালু করা হচ্ছেসম্পূর্ণঅপেক্ষা করা হচ্ছে
diff --git a/res/values-bn/strings.xml b/app/src/main/res/values-bn-rIN/strings.xml
similarity index 88%
rename from res/values-bn/strings.xml
rename to app/src/main/res/values-bn-rIN/strings.xml
index de5c3894..844f834c 100644
--- a/res/values-bn/strings.xml
+++ b/app/src/main/res/values-bn-rIN/strings.xml
@@ -1,4 +1,4 @@
-
+
diff --git a/res/values-ach/strings.xml b/app/src/main/res/values-bn/strings.xml
similarity index 88%
rename from res/values-ach/strings.xml
rename to app/src/main/res/values-bn/strings.xml
index de5c3894..844f834c 100644
--- a/res/values-ach/strings.xml
+++ b/app/src/main/res/values-bn/strings.xml
@@ -1,4 +1,4 @@
-
+
diff --git a/res/values-bn-rIN/strings.xml b/app/src/main/res/values-brx/strings.xml
similarity index 88%
rename from res/values-bn-rIN/strings.xml
rename to app/src/main/res/values-brx/strings.xml
index de5c3894..844f834c 100644
--- a/res/values-bn-rIN/strings.xml
+++ b/app/src/main/res/values-brx/strings.xml
@@ -1,4 +1,4 @@
-
+
diff --git a/res/values-bs/strings.xml b/app/src/main/res/values-bs/strings.xml
similarity index 68%
rename from res/values-bs/strings.xml
rename to app/src/main/res/values-bs/strings.xml
index 7c1b196a..bcef3470 100644
--- a/res/values-bs/strings.xml
+++ b/app/src/main/res/values-bs/strings.xml
@@ -1,4 +1,4 @@
-
+
PomoćPomoć
@@ -13,12 +13,6 @@
-
-
-
-
-
diff --git a/res/values-ca/strings.xml b/app/src/main/res/values-ca/strings.xml
similarity index 99%
rename from res/values-ca/strings.xml
rename to app/src/main/res/values-ca/strings.xml
index 715c6fa0..709b1e45 100644
--- a/res/values-ca/strings.xml
+++ b/app/src/main/res/values-ca/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-cs-rCZ/strings.xml b/app/src/main/res/values-cs-rCZ/strings.xml
similarity index 99%
rename from res/values-cs-rCZ/strings.xml
rename to app/src/main/res/values-cs-rCZ/strings.xml
index a77614e3..468e0b44 100644
--- a/res/values-cs-rCZ/strings.xml
+++ b/app/src/main/res/values-cs-rCZ/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-cs/strings.xml b/app/src/main/res/values-cs/strings.xml
similarity index 93%
rename from res/values-cs/strings.xml
rename to app/src/main/res/values-cs/strings.xml
index adc9376c..65e386fa 100644
--- a/res/values-cs/strings.xml
+++ b/app/src/main/res/values-cs/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -24,7 +24,6 @@
ZapnoutVypnoutO aplikaci
- PrůvodcePomocZavřítO aplikaci
@@ -64,18 +63,12 @@
Varování
-
-
-
-
-
Transparentní proxyNení
-
StatusChybaUloz nastaveni
+ Aplikace
diff --git a/res/values-cy/strings.xml b/app/src/main/res/values-cy/strings.xml
similarity index 94%
rename from res/values-cy/strings.xml
rename to app/src/main/res/values-cy/strings.xml
index 23af4ad9..a48a10a4 100644
--- a/res/values-cy/strings.xml
+++ b/app/src/main/res/values-cy/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -7,9 +7,8 @@
https://check.torproject.org/?TorButton=truecychwyn a stopio Torgwasanaethdirpwrytor
- Mae Orbot yn cychwyn…
+ Mae Orbot yn cychwyn...Wedi cysylltu â rhwydwaith Tor
- Mae Orbot yn cauYn cychwyn cleient TorWedi ei gwblhau.yn aros.
@@ -19,11 +18,9 @@
GosodiadauLogHelp
- AppsCychwynStopAmdanom ni
- DewinLlwytho i lawrLlwytho i fynyHelp
diff --git a/res/values-da/strings.xml b/app/src/main/res/values-da/strings.xml
similarity index 99%
rename from res/values-da/strings.xml
rename to app/src/main/res/values-da/strings.xml
index 0ddf38a8..2c63a078 100644
--- a/res/values-da/strings.xml
+++ b/app/src/main/res/values-da/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot er en gratis og åben proxy-applikation, der gør det muligt at anvende internettet mere sikkert fra andre programmer. Orbot bruger Tor til at kryptere internettrafikken, og skjuler den ved at sende den gennem serverere, lokaliseret i hele verden. Tor er gratis og åben software, der kan hjælpe dig mod netværksovervågning kaldet trafikanalyse, der kan true din personlige frihed, dit privatliv, handelsaktivitet og forhold.
diff --git a/app/src/main/res/values-de-rAT/strings.xml b/app/src/main/res/values-de-rAT/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-de-rAT/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml
similarity index 83%
rename from res/values-de/strings.xml
rename to app/src/main/res/values-de/strings.xml
index b95dd073..acf26626 100644
--- a/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@@ -1,7 +1,7 @@
-
+
Orbot
- Orbot ist eine freie Proxy-Anwendung, mithilfe derer andere Anwendung das Internet sicherer nutzen können. Orbot nutzt Tor, um Ihren Internetverkehr zu verschlüsseln und zu verstecken, indem er über eine Reihe weltweit verteilter Computer geleitet wird. Tor ist ein freies Programm und ein offenes Netzwerk, dass Ihnen dabei hilft, sich vor Angriffen auf die persönliche Freiheit, die Privatsphäre und vertraulichen Geschäftsbeziehungen sowie vor staatlicher Datenverkehrsanalyse des Internetverkehrs zu schützen.
+ Orbot ist eine kostenlose Proxy-Anwendung, mit deren Hilfe andere Anwendungen das Internet sicherer nutzen können. Orbot verwendet Tor, um Ihren Internetverkehr zu verschlüsseln und ihn dann zu verbergen, indem er über eine Reihe weltweit verteilter Computer geleitet wird. Tor ist ein freies Programm und ein offenes Netzwerk, das Ihnen hilft, sich gegen Angriffe auf die persönliche Freiheit und die Privatsphäre oder auf vertrauliche Geschäftsbeziehungen sowie gegen die Datenüberwachung aus Staatssicherheitsgründen zu wehren.http://orbot/http://check.torproject.orghttps://check.torproject.org
@@ -11,7 +11,7 @@
Orbot startet …Verbunden mit dem Tor-NetzwerkOrbot ist deaktiviert
- Tor-Service wird heruntergefahren
+ TorService wird heruntergefahrenTor-Programm wird gestartet …abgeschlossen.warten.
@@ -25,7 +25,7 @@
StartStoppÜber
- Apps holen...
+ Weitere Apps …HeruntergeladenHochgeladenHilfe
@@ -61,16 +61,16 @@
AbbrechenNähere Informationen zu Orbot
- Orbot ist ein Open-Source Programm, welches Tor, LibEvent und Polipo enthält. Es stellt einen lokalen HTTP-Proxy (Port: 8118) und einen SOCKS-Proxy (Port: 9050) in das Tor-Netzwerk zur Verfügung. Orbot hat auch die Möglichkeit sämtlichen Verkehr auf gerooteten Geräten durch Tor umzuleiten.
+ Orbot ist eine quelloffene Anwendung, die Tor, LibEvent und Polipo enthält. Sie stellt einen lokalen HTTP-Proxy (Port: 8118) und einen SOCKS-Proxy (Port: 9050) in das Tor-Netzwerk bereit. Auf gerooteten Geräten kann Orbot auch sämtliche Internetverbindungen durch Tor leiten.Berechtigung erteiltOrbot-Berechtigungen
- Exzellent! Wir haben festgestellt, dass Sie Orbot Root-Rechte eingeräumt haben. Wir werden diese Macht weise nutzen.
- Obwohl es nicht nötig ist, kann Orbot ein mächtigeres Werkzeug werden, wenn Sie ihm Root-Rechte einräumen. Drücken Sie auf den Knopf unten, um Orbot diese Superkräfte einzuräumen.
+ Ausgezeichnet! Sie haben Orbot Root-Rechte eingeräumt. Orbot wird diese Berechtigung sinnvoll verwenden.
+ Es ist nicht zwingend erforderlich, aber Orbot kann ein leistungsfähigeres Werkzeug werden, wenn Ihr Gerät gerootet ist. Drücken Sie unten auf den Schalter, um Orbot Superuser-Rechte zu gewähren.Falls Sie keinen Root-Zugriff haben oder nicht wissen, was das ist, achten Sie darauf, dass Sie Anwendungen verwenden, die Orbot nutzen können.Ich habe verstanden und möchte ohne Systemverwalterzugriff weitermachenOrbot Root-Rechte einräumenTorification konfigurieren
- Orbot gibt Ihnen die Wahl, den Datenverkehr aller Anwendungen durch Tor zu leiten ODER einzelne Anwendungen auszuwählen.
+ Orbot lässt Ihnen die Wahl, den Datenverkehr aller Anwendungen durch Tor zu leiten ODER einzelne Anwendungen auszuwählen.Den Verkehr aller Anwendungen durch Tor leitenAnwendungen einzeln für Tor auswählenOrbot aktivierte Anwendungen
@@ -82,27 +82,27 @@
StoryMaker - Schreiben Sie eine Geschichte und überlassen Sie Tor das Sicherheitsmanagement!https://guardianproject.info/2012/05/02/orbot-your-twitter/Vermittlungseinstellungen
- Wenn die Android App, welche Sie nutzen HTTP oder SOCKS Proxys unterstützt, lässt sie sich über Orbot mit Tor nutzen.\n\nIm Feld \'Host\' wird 127.0.0.1 oder \'localhost\' eingetragen. Für HTTP wird der Port 8118 eingetragen. Für SOCKS ist der Port 9050 zu verwenden. Sie sollten SOCKS4A oder SOCKS5 verwenden, falls möglich.\n\n\n\n Für mehr Informationen zu Proxy-Verwendung auf Android, besuchen Sie das FAQ auf http://tinyurl.com/proxyandroid\n
+ Wenn die verwendete Android-App die Nutzung eines HTTP- oder SOCKS-Proxys unterstützt, kann sie mit Orbot verknüpft werden und Tor nutzen.\n\n\nDie Einstellung für \'Host\' ist 127.0.0.1 oder \'localhost\'. Für HTTP wird der Port 8118 eingetragen. Für SOCKS der Port 9050. Sie sollten möglichst SOCKS4A oder SOCKS5 verwenden.\n\n\n\n Mehr Informationen zur Verwendung von Proxys unter Android finden Sie in den FAQ auf http://tinyurl.com/proxyandroid\nOrbot ist bereit!
- Millionen Menschen weltweit nutzen Tor aus sehr verschiedenen Gründen.\n\nJournalisten und Blogger, Verteidiger für Menschenrechte, Polizeibeamte, Soldaten, Firmen, Bürger repressiver Regime und ganz normale Menschen... und jetzt können Sie das auch!
+ Millionen Menschen auf der ganzen Welt nutzen Tor aus einer Vielzahl von Gründen..\n\nJournalisten und Blogger, Verteidiger für Menschenrechte, Polizeibeamte, Soldaten, Firmen, Bürger repressiver Regime und ganz normale Menschen … und jetzt können Sie das auch!Bitte konfigurieren Sie Orbot, bevor Sie es verwenden können!
- Sie haben sich erfolgreich mit dem Tor-Netzwerk verbunden - was aber NICHT bedeutet, dass Ihr Gerät sicher ist. Sie können den \'Browser\' Knopf verwenden, um Ihre Verbindung zu überprüfen. \n\nBesuchen Sie uns auf https://guardianproject.info/apps/orbot oder senden Sie uns eine E-Mail an help@guardianproject.info, um mehr zu erfahren.
+ Sie haben sich erfolgreich mit dem Tor-Netzwerk verbunden - was aber NICHT bedeutet, dass Ihr Gerät sicher ist. Sie können den Knopf »Browser« verwenden, um Ihre Verbindung zu überprüfen. \n\nBesuchen Sie uns auf https://guardianproject.info/apps/orbot oder senden Sie uns eine E-Mail an help@guardianproject.info, um mehr zu erfahren.Durch das Bestätigen mit »OK« wird die Seite https://check.torproject.org in Ihrem Webbrowser geöffnet, sodass Sie überprüfen können, ob Orbot richtig konfiguriert ist und Sie mit Tor verbunden sind.Versteckte DiensteAllgemeinOrbot beim Systemstart ausführen
- Automatisches Starten von Orbot und Verbinden von Tor beim Start des Android-Gerätes
+ Automatisches Starten von Orbot und Verbinden mit Tor beim Start des Android-Gerätes
- Orbot bringt Tor zu Android!\n\nTor hilft Ihnen sich gegen Zensur, Verfolgung und Überwachung, welche die Privatsphäre gefährdet, sowie Informationssammlung zu verteidigen.\n\nDieser Assistent hilft Ihnen dabei Orbot und Tor einzurichten.
+ Orbot bringt Tor zu Android!\n\nTor unterstützt Sie, sich gegen Zensur, Datenrückverfolgung und die Überwachung des Netzes zu wehren, die Ihre Privatsphäre, vertraulichen Informationen und persönlichen Beziehungen bedrohen.\n\nDieser Assistent hilft Ihnen dabei, Orbot und Tor einzurichten.WarnungOrbot nur zu installieren, anonymisiert nicht automatisch den mobilen Netzwerkverkehr.\n\nSie müssen Orbot, das Gerät und die Apps konfigurieren, um Tor erfolgreich zu verwenden.ZugriffsrechteSie können Orbot wahlweise Systemverwalterzugriff geben, um erweiterte Funktionen zu aktivieren, wie z.B. transparente Vermittlung.
- Wenn Sie dieses nicht möchten, dann verwenden Sie bitte Anwendungen, die mit Orbot zusammen arbeiten können
+ Wenn Sie dies nicht möchten, stellen Sie bitte sicher, Anwendungen zu verwenden, die für die Zusammenarbeit mit Orbot geschrieben wurden.Ihr Gerät scheint nicht gerootet zu sein oder stellt keinen Root oder \'Systemverwalterzugriff bereit.\n\nBitte nutzen Sie den \'Apps\' Modus auf dem Hauptbildschirm.Orbot aktivierte Anwendungen
@@ -150,10 +150,10 @@
StatusVoll transparente Vermittlung wird eingestellt …Anwendungsbasierte transparente Vermittlung wird eingestellt …
- Transparentes Vermittlung AKTIVIERT
+ Transparente Vermittlung AKTIVIERTTransProxy für Anbindung aktiviert!WARNUNG: Fehler beim Starten der transparenten Vermittlung!
- TransProxy Regeln gelöscht
+ TransProxy-Regeln gelöschtTor-Prozess konnte nicht gestartet werden:Polipo läuft auf Port: Anschlussbasierte transparente Vermittlung wird eingestellt …
@@ -161,8 +161,8 @@
Um die Brückenfunktion nutzen zu können, müssen Sie mindestens eine Brücken-IP-Adresse eingeben.Von Ihrem Gmail-Konto eine E-Mail an bridges@torproject.org mit dem Text »get bridges« im Nachrichtenfeld senden.Fehler
- Ihre eingestellten erreichbaren Adressen haben einen Ausnahmefehler erzeugt!
- Ihre Relaiseinstellungen haben einen Ausnahmefehler erzeugt!
+ Ihre eingestellten erreichbaren Adressen haben einen Ausnahmefehler verursacht!
+ Ihre Relaiseinstellungen haben einen Ausnahmefehler verursacht!AusgangsnetzknotenFingerabdrücke, Spitznamen, Länder und Adressen für den letzten Knotenpunkt.Ausgangsnetzknoten eingeben
@@ -180,7 +180,7 @@
Brückenadressen eingebenRelaisWeiterleitung
- Ihr Gerät aktivieren, dass es ein Nichtausgangsrelais ist
+ Ihr Gerät als Nichtausgangsrelais aktivierenRelaisanschlussAnschluss, auf dem bei Ihrem Tor-Relais gehört werden sollOR-Port eingeben
@@ -193,7 +193,7 @@
Die Anschlüsse sind hinter einer restriktiven Firewall erreichbarPorts eingebenVersteckte Dienste
- Auf dem Gerät einen Servern betreiben, über den auf das Tor-Netzwerk zugegriffen werden kann
+ Auf dem Gerät einen Server betreiben, auf den das Tor-Netzwerk zugreifen kannLokale Ports für versteckte Dienste eingebenPorts der versteckten DiensteDer adressierbare Name für Ihren versteckten Dienst (wird automatisch generiert)
@@ -208,18 +208,18 @@
Polipo v1.1.9: https://github.com/jech/polipoIPtables v1.4.21: http://www.netfilter.orgOpenSSL v1.0.1q: http://www.openssl.org
- Eine Anwendungen möchte den versteckten Server-Anschluss %S öffnen. Das ist sicher, wenn Sie der Anwendung vertrauen.
- existierender Tor-Prozess gefunden…
+ Eine Anwendung möchte den versteckten Server-Anschluss %S öffnen. Das ist sicher, wenn Sie der Anwendung vertrauen.
+ bestehender Tor-Prozess gefunden …Etwas ist schief gelaufen. Bitte Protokoll prüfenVersteckte Dienste auf:Name des versteckten Dienstes kann nicht gelesen werdenTor kann nicht gestartet werden:Starten Sie Ihr Gerät neu, Tor konnte nicht zurückgesetzt werden!
- Die vorgegeben IPtables verwenden
+ Vorgegebene IPtables verwendenDie vorhandene IPtables-Datei verwenden, anstatt der von Orbot mitgelieferten.Die Tor-Programmdateien konnten nicht installiert oder aktualisiert werden.Wenn Orbot verbunden ist immer das Orbot-Symbol in der Statusleiste anzeigen
- Aktivitätsbenachrichtigungen
+ AktivitätsanzeigeErweiterte Benachrichtigung mit Tor-Austrittsland und IP anzeigenErweiterte BenachrichtigungenBrücken aktiviert!
@@ -230,12 +230,12 @@
Voreinstellung beibehalten oder Sprache ändernbetrieben mit TorEinstellungen speichern
- Keine Internetverbindung; Tor ist auf Standby...
+ Keine Internetverbindung; Tor ist in Bereitschaft …Bandbreite:runterhoch
- Kein Netzwerkautoschlaf
- Tor schlafen legen, wenn kein Internet verfügbar ist
+ Bereitschaft wenn kein Netz
+ Tor in Bereitschaft versetzen, wenn kein Internet verfügbar istSie haben zu einer neuen Tor-Identität gewechselt!BrowserChatSecure benutzen
@@ -243,8 +243,8 @@
Diese Anwendung aktivieren, um den Tor-Dienst zu kontrollierenEs sieht nicht so aus, dass Sie Orfox installiert haben. Wollen Sie dabei Hilfe oder sollen wir einfach den Browser öffnen?Anwendungen installieren?
- Keine Netzwerkverbindung. Tor geht auf Standby...
- Netzwerkverbindung aktiv. Tor wird aktiviert...
+ Keine Netzwerkverbindung. Tor wird in Bereitschaft versetzt …
+ Netzwerkverbindung ist vorhanden. Tor wird aktiviert …Einstellungen im Tor-Dienst werden aktualisiertTor SOCKSPort auf dem der SOCKS-Proxy bereitgestellt wird (Standard: 9050 oder 0 zum deaktivieren)
@@ -277,6 +277,7 @@
Brücken aktualisiertBitte Orbot zum Aktivieren der Änderungen neustartenQR-Codes
+ Wenn Ihr mobiles Netzwerk aktiv Tor sperrt, können Sie mit einer Brücke auf das Netzwerk zugreifen. Wählen Sie einen der oben genannten Brückentypen aus, um Brücken zu aktivieren.BrückemodusE-MailNetz
diff --git a/res/values-el/strings.xml b/app/src/main/res/values-el/strings.xml
similarity index 99%
rename from res/values-el/strings.xml
rename to app/src/main/res/values-el/strings.xml
index aa3bb553..30c827c2 100644
--- a/res/values-el/strings.xml
+++ b/app/src/main/res/values-el/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/app/src/main/res/values-en-rGB/strings.xml b/app/src/main/res/values-en-rGB/strings.xml
new file mode 100644
index 00000000..4ddc60d8
--- /dev/null
+++ b/app/src/main/res/values-en-rGB/strings.xml
@@ -0,0 +1,13 @@
+
+
+ Next
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-eo/strings.xml b/app/src/main/res/values-eo/strings.xml
similarity index 96%
rename from res/values-eo/strings.xml
rename to app/src/main/res/values-eo/strings.xml
index 4b45efb0..3c103de7 100644
--- a/res/values-eo/strings.xml
+++ b/app/src/main/res/values-eo/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -10,7 +10,6 @@
Orbot ŝaltiĝas...Konektita al Tor-retoOrbot estas malaktivigita
- Orbot malŝaltiĝasŜaltiĝas Tor-kliento...kompleta.atendas.
@@ -20,11 +19,9 @@
AgordojProtokoloHelpo
- AplikaĵojStartiHaltiPri
- AsistantoElŝutadoAlŝutadoHelpo
@@ -144,8 +141,6 @@
Kapacito:elal
- Kontroli RetumilonUzi ChatSecureInstali aplikaĵojn?
- Instali Orweb
diff --git a/res/values-es-rAR/strings.xml b/app/src/main/res/values-es-rAR/strings.xml
similarity index 90%
rename from res/values-es-rAR/strings.xml
rename to app/src/main/res/values-es-rAR/strings.xml
index 1ec6b048..b921a402 100644
--- a/res/values-es-rAR/strings.xml
+++ b/app/src/main/res/values-es-rAR/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -7,24 +7,21 @@
https://check.torproject.org/?TorButton=truereiniciar Tortorproxyservice
- Orbot está iniciándose…
+ Orbot está iniciándose...Conectado a la red Tor\"Orbot está Desactivado
- Orbot se está apagando
- Iniciando el cliente Tor…
+ Iniciando el cliente Tor...Completar
- esperando…
+ esperando...CIUDADO: Tu tráfico no es anónimo aún! Por favor configura tus aplicaciones para que usen el HTTP proxy 127.0.0.1:8118 o SOCKS4A o el proxy SOCKS5 127.0.0.1:9050InicioNavegarConfiguraciónRegistroAyuda
- AppsIniciarDetenerAcerca de
- AsistenteDescargarSubirAyuda
diff --git a/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml
similarity index 98%
rename from res/values-es/strings.xml
rename to app/src/main/res/values-es/strings.xml
index f491357e..15c5d59c 100644
--- a/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot es una aplicación libre de proxy (interpuesto) que faculta a otras aplicaciones para usar Internet de forma más segura. Orbot utiliza Tor para cifrar su tráfico de Internet, y luego lo oculta rebotándolo a través de una serie de computadoras por todo el mundo. Tor es software libre y una red abierta que le ayuda a defenderse contra una forma de vigilancia de red conocida como análisis de tráfico que amenaza la libertad y la privacidad personales, las actividades y relaciones comerciales confidenciales, y la seguridad de estado.
@@ -278,6 +278,7 @@ direcciones (o rangos). No prevalecen sobre las configuraciones de exclusión de
Bridges actualizadosPor favor, reinicie Orbot para habilitar los cambiosCódigos QR
+ Si su red móvil/celular bloquea activamente Tor, puede usar un Puente (bridge) para acceder a la red. SELECCIONE uno de los tipos de repetidor puente arriba para hablitar los puentes.Modo bridgeCorreo electrónicoPágina web
diff --git a/res/values-et/strings.xml b/app/src/main/res/values-et/strings.xml
similarity index 99%
rename from res/values-et/strings.xml
rename to app/src/main/res/values-et/strings.xml
index e5a9adad..9ef3be46 100644
--- a/res/values-et/strings.xml
+++ b/app/src/main/res/values-et/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-eu/strings.xml b/app/src/main/res/values-eu/strings.xml
similarity index 99%
rename from res/values-eu/strings.xml
rename to app/src/main/res/values-eu/strings.xml
index d8a85673..198c6121 100644
--- a/res/values-eu/strings.xml
+++ b/app/src/main/res/values-eu/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-fa/strings.xml b/app/src/main/res/values-fa/strings.xml
similarity index 98%
rename from res/values-fa/strings.xml
rename to app/src/main/res/values-fa/strings.xml
index d455dfed..b70cc0f1 100644
--- a/res/values-fa/strings.xml
+++ b/app/src/main/res/values-fa/strings.xml
@@ -1,4 +1,4 @@
-
+
ربات پیازیاربت یک برنامه پروکسی مجانی است که دیگر برنامه ها را به استفاده امن از اینترنت توانمند می کند . اربوت از تور برای رمزگذاری کردن ترافیک اینترنت شما استفاده می کند و بعد آن ها را از طریق کامپیوترهای متفاوت در نقاط مختلف جهان مخفی می کند. تور یک برنامه مجانی و شبکه باز است که شما از شما در مقابل تحت نظر بودن در شبکه٬ تهدید آزادی های شخصی٬ خصوصی٬ فعالیت های کاری و رابطه های شخصی بطور امن محافظت می کند.
@@ -88,6 +88,7 @@
بسیاری از مردم در سرتاسر جهان از تور به دلایل متفاوت استفاده می کنند.\n\n خبرنگارها و بلاگرها٬ فعالان حقوق بشر٬ سربازان٬ ماموران اجرای قانون٬ شهروندان رژیم های سرکوبگر و مردم معمولی... و حالا تو لطفا اوربوت را پیکربندی کنید قبل از اینکه شما شروع به استفاده از آن کنید!
+ با موفقیت به شبکه Tor متصل شده اید - اما این بدان معنا نیست دستگاه شما امن است. شما می توانید استفاده کنید از کلید \"مرورگر\" برای تست اتصال . \n\n درباره ما در https://guardianproject.info/apps/orbot و یا ارسال ایمیل به help@guardianproject.info برای کسب اطلاعات بیشتر.با این قدم پیشفرض مرورگر وب شما به صفحه https://check.torproject.org باز می شود تا شما مشاهده کنید آیا ربات پیازی تنظیم شده است و آیا شما به تور وصل شده اید یا نه.سرويس های مخفی هاستکلی
@@ -125,6 +126,7 @@
گره های ورودیاثرانگشت ها، اسامی مستعار، کشورها و آدرسهای جهش اولگره های ورودی را وارد کنید
+ اجازه دادن اجرا در پس زمینههمه پروکسی هاهیچ پروکسیانتخاب برعکس شود
@@ -277,6 +279,7 @@
ایمیلوبفعال
+ حالت نرم افزار VPNبا استفاده از امکان وی پی ان اندروید٬ اوربات ترافیک تمام اپلیکیشن های موبایل شما را از طریق شبکه تور انتقال میدهد.
\n\n*هشدار*
امکان تونل تمام گوشی هنوز جدید و در حال آزمایش است. به همین دلیل امکان دارد که به صورت خودکار فعال نشود یا هنگام استفاده قطع شود. از این امکان برای ناشناس بودن در وب هرگز نباید استفاده کنید و باید فقط از آن برای عبور از فایروال ها و دور زدن فیلترینگ استفاده شود.
diff --git a/res/values-fi/strings.xml b/app/src/main/res/values-fi/strings.xml
similarity index 99%
rename from res/values-fi/strings.xml
rename to app/src/main/res/values-fi/strings.xml
index 5eb1777a..01794933 100644
--- a/res/values-fi/strings.xml
+++ b/app/src/main/res/values-fi/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot on ilmainen välityspalvelinsovellus, joka tarjoaa muille sovelluksille mahdollisuuden käyttää internetiä turvallisemmin. Orbot käyttää Toria kryptaamaan verkkoliikenteesi ja sitten piilottaa sen kierrättämällä sitä usean tietokoneen kautta ympäri maailman. Tor on vapaa ohjelmisto ja avoin verkosto, jotka auttavat puolustautumaan vapautta ja yksityisyyttä uhkaavalta verkkovalvonnalta ja valtioiden verkonseurannalta sekä suojaamaan salaisia liiketoimintoja ja -yhteyksiä.
diff --git a/res/values-fr-rFR/strings.xml b/app/src/main/res/values-fr-rFR/strings.xml
similarity index 98%
rename from res/values-fr-rFR/strings.xml
rename to app/src/main/res/values-fr-rFR/strings.xml
index 4817a92c..3a11d068 100644
--- a/res/values-fr-rFR/strings.xml
+++ b/app/src/main/res/values-fr-rFR/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot est une appli libre de serveur mandataire permettant aux applis d\'utiliser Internet avec une sécurité accrue. Orbot utilise Tor pour chiffrer votre trafic Internet et le cache ensuite en le relayant au travers d\'ordinateurs de par le monde. Tor est un logiciel libre et un réseau ouvert qui vous aide à vous défendre contre une forme de surveillance réseau qui menace la liberté personnelle et la protection des données personnelles, les activités professionnelles confidentielles et les relations, et l\'analyse du trafic des gouvernements.
@@ -277,6 +277,7 @@
Ponts mis à jourVeuillez redémarrer Orbot pour activer les changementsCodes QR
+ Si votre réseau mobile bloque Tor activement, vous pouvez utiliser un pont pour accéder au réseau.\n\nCHOISIR un des types de ponts ci-dessus pour activer les ponts.Mode pontCourrielWeb
diff --git a/app/src/main/res/values-fr/strings.xml b/app/src/main/res/values-fr/strings.xml
new file mode 100644
index 00000000..fa051335
--- /dev/null
+++ b/app/src/main/res/values-fr/strings.xml
@@ -0,0 +1,54 @@
+
+
+ Orbot
+ Orbot est une application proxy gratuite qui améliore l\'utilisation plus sécurisée des applications. Orbot utilise Tor pour crypter votre trafic internet et le cacher en passant par une série d\'ordinateur partout dans le monde. Tor est un logiciel gratuit et un réseau ouvert qui vous aide à vous défendre contre les surveillances de réseau qui font peur à la liberté personnelle et la vie privée, les activités confidentielles des entreprises et des relations, et l\'état de la sécurité connu sous le nom d\'analyse de trafic.
+ http://orbot/
+ http://check.torproject.org
+ https://check.torproject.org
+ https://check.torproject.org/?TorButton=true
+ Démarrer et arrêter Tor
+ torproxyservice
+ Démarrage de Orbot...
+ Connecté au réseau Tor
+ Orbot est désactivé
+ Le service Tor est en cours de fermeture
+ Démarrage du client Tor...
+ terminé.
+ en attente.
+ ATTENTION : Votre trafic n\'est pas encore anonyme ! Veuillez configurer votre application pour utiliser le proxy HTTP 127.0.0.1:8118 ou le proxy SOCKS4A ou SOCKS5A 172.0.0.1:9050
+ Accueil
+ Naviguer
+ Paramètres
+ Log
+ Aide
+ VPN
+ Démarrer
+ Arrêter
+ A propos
+ Obtenir des applications
+ Télécharger
+ Envoyer
+ Aide
+ Fermer
+ A propos
+ Effacer la log
+ Vérifier
+ Quitter
+ Analyser BridgeQR
+ Partager BridgeQR
+ - appui long pour commencer -
+ Passage du trafic Internet de manière transparente (Requiert le Root)
+ Passage du trafic Internet de manière transparente
+ Orbot
+
+
+
+
+
+
+
+
+ Passage du trafic Internet de manière transparente
+
+ VPN
+
diff --git a/res/values-gl/strings.xml b/app/src/main/res/values-gl/strings.xml
similarity index 96%
rename from res/values-gl/strings.xml
rename to app/src/main/res/values-gl/strings.xml
index d13502da..8496d4b6 100644
--- a/res/values-gl/strings.xml
+++ b/app/src/main/res/values-gl/strings.xml
@@ -1,6 +1,7 @@
-
+
Orbot
+ Orbot é unha aplicación de proxy libre que permite a outras aplicacións usar a internet dun xeito máis seguro. Orbot usa Tor para encriptar o teu tráfico de internet ocultando e rebotándoo a través dunha serie de ordenadores ao redor do mundo. Tor é software libre e unha rede aberta que axuda a defenderte contra unha forma de vixiancia na rede que ameaza a liberdade e privacidade persoal, actividades confidenciáis de negocios e relacións, e estado de seguridade coñecido como análise de tráfico.http://orbot/http://check.torproject.orghttps://check.torproject.org
diff --git a/res/values-gu-rIN/strings.xml b/app/src/main/res/values-gu-rIN/strings.xml
similarity index 62%
rename from res/values-gu-rIN/strings.xml
rename to app/src/main/res/values-gu-rIN/strings.xml
index 228d2985..bfb4b94f 100644
--- a/res/values-gu-rIN/strings.xml
+++ b/app/src/main/res/values-gu-rIN/strings.xml
@@ -1,4 +1,4 @@
-
+
રદ કરો
@@ -9,12 +9,6 @@
-
-
-
-
-
diff --git a/res/values-gu/strings.xml b/app/src/main/res/values-gu/strings.xml
similarity index 69%
rename from res/values-gu/strings.xml
rename to app/src/main/res/values-gu/strings.xml
index e5a9cbd8..3965a3d3 100644
--- a/res/values-gu/strings.xml
+++ b/app/src/main/res/values-gu/strings.xml
@@ -1,4 +1,4 @@
-
+
મદદમદદ
@@ -12,12 +12,6 @@
-
-
-
-
-
diff --git a/res/values-iw/strings.xml b/app/src/main/res/values-he/strings.xml
similarity index 99%
rename from res/values-iw/strings.xml
rename to app/src/main/res/values-he/strings.xml
index e894ce3a..e5e33f9b 100644
--- a/res/values-iw/strings.xml
+++ b/app/src/main/res/values-he/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot הינה אפליקציית פרוקסי חינמית המאפשרת לאפליקציות אחרות להשתמש באינטרנט בבטחה. Orbot נעזרת ב-Tor כדי להצפין את תעבורת האינטרנט שלך ולהסוותה באמצעותה ניתובה דרך מספר מחשבים ברחבי העולם. Tor היא תוכנה חופשית ורשת פתוחה המסייעת לך להתגונן מפני סוגים מסוימים של אמצעי ניטור ומעקב אחר רשת האינטרנט המאיימים על הפרטיות, החירות האישית, פעילויות עסקיות ומערכות יחסים חשאיות.
diff --git a/res/values-hi/strings.xml b/app/src/main/res/values-hi/strings.xml
similarity index 82%
rename from res/values-hi/strings.xml
rename to app/src/main/res/values-hi/strings.xml
index 76854700..9156dfa2 100644
--- a/res/values-hi/strings.xml
+++ b/app/src/main/res/values-hi/strings.xml
@@ -1,10 +1,13 @@
-
+
+ Orbot
+ औरबौट एक मुफ्त अैपब्राउज़सेटिंग्समददमददबंद करें
+ Orbotवापसरद्द करें
diff --git a/res/values-hr-rHR/strings.xml b/app/src/main/res/values-hr-rHR/strings.xml
similarity index 81%
rename from res/values-hr-rHR/strings.xml
rename to app/src/main/res/values-hr-rHR/strings.xml
index 01c7dd20..717ae740 100644
--- a/res/values-hr-rHR/strings.xml
+++ b/app/src/main/res/values-hr-rHR/strings.xml
@@ -1,4 +1,4 @@
-
+
PolaznoPretraži
@@ -21,14 +21,8 @@
Upozorenje
-
-
-
-
Nepoznato
-
StatusGreška
diff --git a/res/values-hr/strings.xml b/app/src/main/res/values-hr/strings.xml
similarity index 92%
rename from res/values-hr/strings.xml
rename to app/src/main/res/values-hr/strings.xml
index af0b8bbb..19ddf3e5 100644
--- a/res/values-hr/strings.xml
+++ b/app/src/main/res/values-hr/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot je besplatna proxy aplikacija koja omogućuje ostalim aplikacijama da koriste internet sigurnije. Orbot koristi Tor za enkripciju Vašeg Internet prometa, a zatim ga skriva šaljući ga kroz seriju računala diljem svijeta. Tor je besplatan software i otvorena mreža koja pomaže u borbi protiv nadzora mreže koji ugrožava osobne slobode i privatnost, povjerljive poslovne aktivnosti i odnose, te pomaže u borbi protiv analize prometa.
@@ -11,6 +11,7 @@
Orbot se pokreće...Spojen na Tor mrežuOrbot je deaktiviran
+ TorService se gasiPokrećem Tor klijent...gotovo.čekam.
@@ -20,9 +21,11 @@
PostavkeDnevnikPomoć
+ VPNPočetakZaustaviO
+ Dohvati aplikacije...PreuzimanjeSlanjePomoć
@@ -84,6 +87,7 @@
Milijuni ljudi diljem svijeta koriste Tor iz raznih razloga.\n\nNovinari i blogeri, pravobranitelji, policijski službenici, vojnici, korporacije, građani represivnih režima i uobičajeni građani... a od sad i Vi!Molimo konfigurirajte Orbot prije nego ga počnete koristiti!
+ Uspješno ste spojeni na Tor mrežu - ali ovo NE znači da je Vaš uređaj siguran. Možete koristiti gumb \'Preglednik\' kako bi testirali svoju vezu. \n\nPosjetite nas na https://guardianproject.info/apps/orbot ili nam pošaljite email na help@guardianproject.info kako bi naučili više.Ovo će otvoriti Vaš web preglednik na https://check.torproject.org kako bi vidjeli je li Orbot konfiguriran i jeste li povezani na Tor.Hosting Skrivenih UslugaOpćenito
@@ -103,6 +107,7 @@
Orbot-Omogućene AplikacijeChatSecure: Sigurna aplikacija za čavrljanje s Povjerljivom Enkripcijom
+ Orfox: Preglednik s pojačanom privatnosti koji radi kroz TorPronađi sve Guardian Projekt aplikacije na Google PlayPronađi sve Guardian Project aplikacije na F-Droid-uPronađi sve Guardian Project aplikacije na https://f-droid.org
@@ -121,6 +126,8 @@
Ulazni ČvoroviOtisci prstiju, nadimci, države i adrese za prvi skokUnesi Ulazne Čvorove
+ Dozvoli pokretanja u pozadini
+ Dopusti bilo kojoj aplikaciji da kaže Orbot-u da pokrene Tor i povezane uslugeProxy-raj sveNe proxy-raj ništaIzokreni odabrano
@@ -200,6 +207,7 @@
LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/Polipo v1.1.9: https://github.com/jech/polipoIPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.orgAplikacija želi otvoriti port %S skrivenog poslužitelja Tor mreži. Ovo je sigurno ako vjerujete aplikaciji.pronađeni postojeći Tor procesi...Nešto loše se dogodilo. Provjerite dnevnik
@@ -229,9 +237,11 @@
Nema mrežnog auto-spavanjaStavi Tor na spavanje kad internet nije dostupanPrebacili ste se na nov Tor identitet!
+ PreglednikKoristi ChatSecureUpravljaj Tor-omOmogući ovoj palikaciji da upravlja Tor-om
+ Čini se da nemate Orfox instaliran. Želite li pomoć s tim ili da samo otvorimo preglednik?Instaliraj aplikacije?Nema mrežne povezivosti. Stavljam Tor na spavanje...Mrežan povezanost je dobra. Budim Tor...
@@ -259,6 +269,7 @@
Pravila transparentnog proxy-a očišćena!Nema omogućen root pristupMožda će te morati zaustaviti i pokrenuti Orbot da bi se omogućile promjenjene postavke.
+ VPNkbpsmbpsKB
@@ -266,13 +277,17 @@
Mostova ažuriranoPonovno pokrenite Orbot da bi omogućili promjeneQR kodovi
+ Ako Vaš mreža aktivno blokira Tor, možete koristiti Most kako bi pristupili mreži. ODABERITE jedan od gorenavedenih tipova mosta kako bi ih omogućili.Način rada MostEmailWebAktiviraj
+ VPN način rada aplikacijaMožete omogućiti svim aplikacijama na svom uređaju da se pokreću kroz Tor koristeći VPN značajku Android-a.\n\n*UPOZORENJE* Ovo je nova, eksperimentalna značajka i u nekim slučajevima se možda neće automatski pokrenuti, ili će se zaustaviti. NE bi ju trebalo koristiti za anonimnost, nego SAMO za prolaženje kroz vatrozide i filtere.Pošalji emailMožete dobiti adrese mostova kroz email, web ili skeniranjem QR koda. Odaberite \'Email\' ili \'Web\' niže da zatražite adresu mosta.\n\nJednom kad imate adresu, kopirajte i zalijepite ju u \"Mostovi\" postavku Orbot-a i ponovno ga pokrenite.
+ Instaliraj OrfoxStandardni preglendikNAPOMENA: samo standardni Tor mostovi rade na Intel X86/ATOM uređajima
+ Svijet
diff --git a/res/values-hu/strings.xml b/app/src/main/res/values-hu/strings.xml
similarity index 98%
rename from res/values-hu/strings.xml
rename to app/src/main/res/values-hu/strings.xml
index e4795c7b..6b4e2644 100644
--- a/res/values-hu/strings.xml
+++ b/app/src/main/res/values-hu/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotAz Orbot egy ingyenes proxy alkalmazás, ami képessé tesz alkalmazásokat, hogy biztonságosabban használhassák az internetet. Az Orbot Tor-t használ, hogy titkosítsa az internetforgalmadat és elrejtse azáltal, hogy pattogtatja számítógépek sorozatain keresztül a világ körül. A Tor ingyenes szoftver és nyitott hálózat, ami segít megvédeni a hálózati felügyelettől, ami fenyegeti a személyi szabadságot és magánéletet, a bizalmas céges tevékenységeket és kapcsolatokat, és állambiztonság címén a forgalomelemzéstől.
@@ -277,6 +277,7 @@
Hidak frissítveKérlek indítsd újra az Orbot-ot a változások engedélyezéséhezQR kódok
+ Ha a mobilhálózatod aktívan blokkolja a Tor-t, használhatsz Hidat, hogy hozzáférj a hálózathoz. VÁLASSZ egyet a fenti híd típusokból, hogy engedélyezd a hidakat.Híd módEmailWeb
diff --git a/app/src/main/res/values-hy-rAM/strings.xml b/app/src/main/res/values-hy-rAM/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-hy-rAM/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-ia/strings.xml b/app/src/main/res/values-ia/strings.xml
similarity index 96%
rename from res/values-ia/strings.xml
rename to app/src/main/res/values-ia/strings.xml
index fa922908..db863c61 100644
--- a/res/values-ia/strings.xml
+++ b/app/src/main/res/values-ia/strings.xml
@@ -1,4 +1,4 @@
-
+
InitioNavigar
diff --git a/res/values-in-rID/strings.xml b/app/src/main/res/values-id/strings.xml
similarity index 98%
rename from res/values-in-rID/strings.xml
rename to app/src/main/res/values-id/strings.xml
index 0a541cff..344037a2 100644
--- a/res/values-in-rID/strings.xml
+++ b/app/src/main/res/values-id/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot adalah aplikasi proxy gratis yang membuat aplikasi-aplikasi lainnya dapat terkoneksi dengan internet secara aman. Orbot menggunakan Tor untuk mengenkripsi hubungan internet anda dan menyalurkannya melewati berbagai komputer di seluruh dunia. Tor adalah software gratis dan suatu network terbuka, yang membantu anda menghindari pengawasan network yang mengancam kebebasan pribadi dan privasi, aktivitas bisnis rahasia dan relasi, serta keamanan negara yang dikenal dengan analisa traffic.
@@ -11,6 +11,7 @@
Orbot sedang dimulai...Tersambung ke Jaringan TorOrbot telah dibatalkan
+ TorService dimatikanMemulai klien Tor...selesai.menunggu.
@@ -20,9 +21,11 @@
PengaturanLogBantuan
+ VPNMulaiBerhentiTentang
+ Dapatkan aplikasi...UnduhUnggahBantuan
@@ -121,6 +124,7 @@
Simpul MasukSidik jari, alias, negara dan alamat untuk loncatan pertamaMasukkan Simpul Masuk
+ Ijinkan Latar Belakang BerjalanProxy SemuanyaTanpa ProxyBalik Pilihan
@@ -229,6 +233,7 @@
Auto-Tidur Tidak Ada JaringanMenempatkan Tor untuk tidur ketika tidak ada internet yang tersediaAnda telah beralih ke identitas Tor baru!
+ PerambanGunakan ChatSecureKelola TorAktifkan aplikasi ini untuk mengontrol layanan Tor
@@ -259,6 +264,7 @@
Rule proxy transparan telah kosong!Anda tidak punya akses ROOTAnda mungkin harus stop lalu start kembali Orbot agar perubahan setting menjadi aktif.
+ VPNkbpsmbpsKB
diff --git a/app/src/main/res/values-in-rID/strings.xml b/app/src/main/res/values-in-rID/strings.xml
new file mode 100644
index 00000000..344037a2
--- /dev/null
+++ b/app/src/main/res/values-in-rID/strings.xml
@@ -0,0 +1,284 @@
+
+
+ Orbot
+ Orbot adalah aplikasi proxy gratis yang membuat aplikasi-aplikasi lainnya dapat terkoneksi dengan internet secara aman. Orbot menggunakan Tor untuk mengenkripsi hubungan internet anda dan menyalurkannya melewati berbagai komputer di seluruh dunia. Tor adalah software gratis dan suatu network terbuka, yang membantu anda menghindari pengawasan network yang mengancam kebebasan pribadi dan privasi, aktivitas bisnis rahasia dan relasi, serta keamanan negara yang dikenal dengan analisa traffic.
+ http://orbot/
+ http://check.torproject.org
+ https://check.torproject.org
+ https://check.torproject.org/?TorButton=true
+ mulai dan akhiri Tor
+ torproxyservice
+ Orbot sedang dimulai...
+ Tersambung ke Jaringan Tor
+ Orbot telah dibatalkan
+ TorService dimatikan
+ Memulai klien Tor...
+ selesai.
+ menunggu.
+ PERINGATAN: Trafik anda belum anonim! Silahkan konfigurasikan aplikasi anda untuk dapat menggunakan proxy HTTP 127.0.0.1:8118 atau SOCKS4A atau proxy SOCKS5 127.0.0.1:9050
+ Beranda
+ Jelajah
+ Pengaturan
+ Log
+ Bantuan
+ VPN
+ Mulai
+ Berhenti
+ Tentang
+ Dapatkan aplikasi...
+ Unduh
+ Unggah
+ Bantuan
+ Tutup
+ Tentang
+ Hapus Log
+ Periksa
+ Keluar
+ Pindai BridgeQR
+ Bagikan BridgeQR
+ - sentuh dan tahan untuk memulai -
+ Proxy Transparan (Dibutuhkan Root)
+ Proxy Transparan
+ Otomatis Torfying Aplikasi
+ Tor Semuanya
+ Trafik proxy untuk semua aplikasi melalui Tor
+ Alternatif Port Proxy
+ PERINGATAN: Temukan port umum (80, 443, dll). *Gunakan Hanya* jika \'Semua\' atau \'Aplikasi\' mode tidak bekerja.
+ Daftar Port
+ Daftar port untuk proxy. *GUNAKAN HANYA* jika modus \'Semua\' atau \'Apl\' tidak bekerja
+ Masukkan port untuk proxy
+ Minta Akses Root
+ Meminta akses root untuk proxy transparan
+ Binary Tor berhasil dipasang!
+ File binary Tor tidak dapat dipasang. Silahkan periksa log dan beritahukan ke tor-assistants@torprojects.org
+ Kesalahan Pada Aplikasi
+ Orbot
+ Tentang Orbot
+ Berikutnya
+ Kembali
+ Selesai
+ Oke
+ Batal
+
+ Beberapa Rincian Orbot
+ Orbot adalah aplikasi open-source yang mengandung Tor, LibEvent dan Polipo. Tor menyediakan HTTP proxy (8118) dan SOCKS proxy (9050) lokal menuju jaringan Tor. Orbot juga dapat, pada perangkat yang di-root, untuk mengirimkan semua lalu-lintas data internet melalui Tor.
+ Izin Diberikan
+ Perizinan Orbot
+ Baik sekali! Kami telah mendeteksi bahwa anda telah mengaktifkan perizinan root untuk Orbot. Kami akan menggunakan kekuatan ini secara bijak.
+ Sementara itu tidak diperlukan, Orbot dapat menjadi tool yang lebih kuat jika perangkat anda memiliki akses root. Gunakan tombol dibawah untuk memberikan kekuatan super kepada Orbot!
+ Jika anda tidak memiliki akses root atau tidak tahu tentang apa yang kita bicarakan, pastikan untuk menggunakan aplikasi yang dibuat untuk bekerja dengan Orbot.
+ Saya mengerti dan ingin melanjutkan tanpa Superuser
+ Berikan Akses Root untuk Orbot
+ Konfigurasi Torifikasi
+ Orbot memberikan pilihan kepada anda untuk mengerahkan semua trafik aplikasi melalui Tor ATAU untuk memilih aplikasi anda secara individu.
+ Proxy Semua Aplikasi Melalui Tor
+ Pilih Individu Aplikasi untuk Tor
+ Orbot- Aplikasi teraktifkan
+ Aplikasi dibawah ini dikembangkan untuk bekerja dengan Orbot. Klik pada setiap tombol untuk memasangnya sekarang, atau anda dapat menemukan mereka di lain waktu pada Google Play, website GuardianProject.info atau melalui F-Droid.org
+ ChatSecure - Client instant messaging aman untuk Android
+ Pengaturan Proxy - Pelajari bagaimana mengkonfigurasikan aplikasi untuk bekerja dengan Orbot
+ Aplikasi Mesin Pencari DuckDuckGo
+ Setel proxy Twitter ke host \"localhost\" dan port 8118
+ StoryMaker - Tulis cerita dan biarkan Tor yang mengurus keamanannya!
+ https://guardianproject.info/2012/05/02/orbot-your-twitter/
+ Pengaturan Proxy
+ Jika aplikasi Android yang anda gunakan mendukung penggunaan proxy HTTP atau SOCKS, maka anda dapat mengaturnya untuk terhubung ke Orbot dan menggunakan Tor. Setting host-nya 127.0.0.1 atau \"localhost\". Untuk HTTP, setting port-nya adalah 8118. Untuk SOCKS, proxy-nya adalah 9050. Anda disarankan menggunakan SOCKS4A atau SOCKS5 jika memungkinkan. Anda dapat mempelajari lebih lanjut mengenai pemakaian proxy pada Android melalui FAQ di: http://tinyurl.com/proxyandroid
+ Orbot sudah siap!
+ Jutaan orang di seluruh dunia menggunakan Tor untuk berbagai tujuan. Jurnalis dan blogger, pembela hak asasi manusia, penegak hukum, prajurit, perusahaan, warga negara di rezim yang represif, dan warga biasa... dan kini anda sudah siap juga!
+ Konfigurasi Orbot terlebih dahulu sebelum anda menggunakannya!
+
+ Hal ini akan membuka peramban web anda ke https://check.torproject.org agar dapat melihat jika Orbot kemungkinan sudah dikonfigurasikan dan anda telah terhubung dengan Tor.
+ Jasa Penyimpanan Rahasia
+ Umum
+ Mulai Orbot saat Boot
+ Secara otomatis memulai Orbot dan menghubungkan dengan Tor ketika perangkat Android anda boot
+
+
+ Orbot membawa Tor ke Android! Tor membantu anda melawan penyaringan konten, analisis trafik dan pengawasan jaringan yang mengancam privasi, informasi rahasia dan hubungan pribadi. Wizard ini akan membantu anda mengkonfigurasikan Orbot dan Tor pada perangkat anda.
+
+ Peringatan
+ Pemasangan Orbot tidak otomatis membuat trafik mobile anda anonim. Anda harus melakukan konfigurasi Orbot, perangkat anda dan aplikasi lainnya untuk dapat menggunakan Tor dengan baik.
+
+ Perizinan
+ Anda dapat secara opsional memberikan Orbot akses \'Superuser\' untuk mengaktifkan fitur lanjutan, seperti Transparan Proxying.
+ Jika anda tidak ingin melakukan ini, mohon pastikan bahwa anda menggunakan aplikasi yang dibuat untuk dapat bekerja dengan Orbot.
+ Perangkat anda belum di-root atau tidak punya akses \'Superuser\'. Silakan coba mode \'Aplikasi\' di tampilan utama.
+
+ Orbot-Aplikasi Teraktifkan
+ ChatSecure: Aplikasi obrolan aman dengan Enkripsi Off-the-Record
+ Temukan semua aplikasi Guardian Project di Google Play
+ Temukan semua aplikasi Guardian Project di F-Droid
+ Temukan semua aplikasi Guardian Project di https://f-droid.org
+
+ Transparan Proxying
+ Hal ini akan memungkinkan aplikasi anda untuk secara otomatis berjalan melalui jaringan Tor tanpa konfigurasi apapun.
+ (Tandai box ini jika anda tidak tahu apa yang kita bicarakan)
+ Tidak ada
+ Tor Tethering
+ Mengaktifkan Transparan Proxying Tor untuk Wifi dan Perangkat Tether USB (diperlukan restart)
+ Meminta Akses Superuser
+ Pilih Aplikasi
+ Pilih Aplikasi untuk Mengerahkan Melalui Tor
+ Konfigurasi Simpul
+ Itu adalah pengaturan lanjutan yang dapat mengurangi anonimitas anda
+ Simpul Masuk
+ Sidik jari, alias, negara dan alamat untuk loncatan pertama
+ Masukkan Simpul Masuk
+ Ijinkan Latar Belakang Berjalan
+ Proxy Semuanya
+ Tanpa Proxy
+ Balik Pilihan
+ Outbound Proxy Jaringan (Opsional)
+ Outbound Jenis Proxy
+ Protokol yang digunakan untuk server proxy: HTTP, HTTPS, Socks4, Socks5
+ Masukkan Jenis Proxy
+ Outbound Host Proxy
+ Nama host Server Proxy
+ Masukkan Host Proxy
+ Outbound Port Proxy
+ Port Server Proxy
+ Masukkan port Proxy
+ Outbound Nama Pengguna Proxy
+ Nama Pengguna Proxy (Opsional)
+ Masukkan Nama Pengguna Proxy
+ Outbound Sandi Proxy
+ Sandi Proxy (Opsional)
+ Masukkan Sandi Proxy
+ Status
+ Menyetel transparan proxying penuh...
+ Menyetel apl-berbasis proxying transparan...
+ Proxying transparan DIAKTIFKAN
+ TransProxy diaktifkan untuk Tethering!
+ PERINGATAN: kesalahan dalam memulai proxying transparan!
+ Aturan TransProxy dibersihkan
+ Tidak dapat memulai proses Tor:
+ Polipo aktif di port:
+ Menyetel proxying transparan berbasis-port...
+ Kesalahan pada Bridge
+ Agar dapat menggunakan fitur bridge, anda perlu memasukkan minimal satu alamat IP bridge.
+ Kirimkan email ke bridges@torproject.org dengan baris \"get bridges\" dengan sendirinya dalam tubuh surat dari akun gmail.
+ Kesalahan
+ Pengaturan ReachableAddresses anda menyebabkan kesalahan!
+ Pengaturan relay anda menyebabkan kesalahan!
+ Node Keluar
+ fingerprints, nama, negara dan alamat untuk hop terakhir
+ Memasuki Node Keluar
+ Node pengecualian
+ Pengecualian fingerprints,nama, negara dan alamat
+ Memasuki Node Pengecualian
+ Node Terlarang
+ Pakai *hanya* spesifik node
+ Bridges
+ Pakai Bridges
+ Bridges Terobfuskasi
+ Nyalakan alternatif node masuk ke dalam Tor Network
+ Nyalakan jika pengaturan bridges adalah bridges terobfuskasi
+ Alamat IP dan port bridges
+ Memasuki Alamat Bridge
+ Relays
+ Sedang me-Relay
+ Nyalakan perangkat anda menjadi non-exit relay
+ Port Relay
+ Port mendengarkan untuk TOR relay anda
+ Memasuki OR port
+ Nama Relay
+ sebuah nama untuk Tor Relay anda
+ Masukkan nama relay
+ Addresses Terjangkau
+ Jalankan sebagai client dibalik firewall dengan ketentuan ketat
+ Ports terjangkau
+ Port terjangkau dibalik firewall ketat
+ Memasuki ports
+ Layanan Penyimpanan Rahasia
+ Membolehkan perangkat-nyala untuk diakses lewat Tor Network
+ memasuki localhost port untuk layanan rahasia
+ Ports Layanan Rahasia
+ nama teralamatkan untuk layanan rahasia anda (otomatis dibuat)
+ nyalakan debug log untuk output (harus menggunakan adb atau aLogCat untuk menampilkan)
+ Beranda Projek:
+ https://www.torproject.org/docs/android https://guardianproject.info/apps/orbot/
+ Lisensi Tor
+ https://torproject.org
+ Perangkat Lunak Pihak Ke-3:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ Sebuah aplikasi ingin membuka port %S server tersembunyi ke jaringan Tor. Hal ini aman jika anda mempercayai aplikasi tersebut.
+ menemukan proses Tor yang ada...
+ Sesuatu yang buruk terjadi. Periksa log
+ layanan tersembunyi pada:
+ tidak dapat membaca nama layanan tersembunyi
+ Tidak dapat memulai Tor:
+ Boot ulang perangkat anda, gagal me-reset Tor!
+ Gunakan Iptables Default
+ menggunakan binary iptables built-in daripada yang disertakan dengan Orbot
+ Binary Tor tidak dapat dipasang atau ditingkatkan
+ Selalu pelihara icon dalam toolbar ketika Orbot terhubung
+ Pemberitahuan Selalu-Hidup
+ Tampilkan notifikasi melebar dengan negara dan IP keluar Tor
+ Notifikasi Melebar
+ Bridge diaktifkan!
+
+ Bahasa
+ Pilih lokal dan bahasa untuk Orbot
+ Pilih Bahasa
+ Biarkan default atau berlaih ke bahasa saat ini
+ diperkuat dengan Tor
+ Simpan Pengaturan
+ Tidak ada koneksi internet; Tor sedang standby...
+ Bandwidth:
+ unduh
+ unggah
+ Auto-Tidur Tidak Ada Jaringan
+ Menempatkan Tor untuk tidur ketika tidak ada internet yang tersedia
+ Anda telah beralih ke identitas Tor baru!
+ Peramban
+ Gunakan ChatSecure
+ Kelola Tor
+ Aktifkan aplikasi ini untuk mengontrol layanan Tor
+ Pasang aplikasi?
+ Tidak ada jaringan terhubung. Menidurkan Tor...
+ Jaringan terhubung baik. Memanggil Tor...
+ memperbarui setting pada layanan Tor
+ SOCKS Tor
+ Port tempat proxy SOCKS Tor aktif (standar: 9050 atau 0 untuk mematikan)
+ Konfigurasi Port SOCKS
+ Port TransProxy Tor
+ Port tempat Proxy Transparan Tor aktif (standar: 9040 atau 0 untuk mematikan)
+ Konfigurasi Port TransProxy
+ Port DNS Tor
+ Port tempat DNS Tor aktif (standar: 5400 atau 0 untuk mematikan)
+ Konfigurasi Port DNS
+ Konfigurasi Torrc
+ HANYA UNTUK AHLI: masukkan baris konfigurasi direct Torrc
+ Torrc Custom
+ Mobile Martus - Aplikasi Dokumentasi Hak Asasi Manusia milik Benetech
+ IP Publik Tor Anda:
+ Mohon nonaktifkan aplikasi ini di Android Settings Apps jika Orbot anda bermasalah
+ Konflik Aplikasi
+ Auto-Refresh Transproxy
+ Pasang ulang rule Transproxy saat status jaringan berubah
+ BUANG PAKSA Transproxy
+ Ketuk disini untuk mengosongkan semua rule jaringan Transproxy SEKARANG
+ Rule proxy transparan telah kosong!
+ Anda tidak punya akses ROOT
+ Anda mungkin harus stop lalu start kembali Orbot agar perubahan setting menjadi aktif.
+ VPN
+ kbps
+ mbps
+ KB
+ MB
+ Bridge Telah Diperbarui
+ Silakan start ulang Orbot untuk mengaktifkan perubahan
+ Kode QR
+ Mode Bridge
+ Email
+ Laman
+ Aktivasi
+ Anda dapat membuat semua aplikasi di perangkat anda bekerja melalui jaringan Tor menggunakan fitur VPN dari Android. *AWAS* Fitur ini masih baru, percobaan dan pada beberapa kasus tidak start otomatis, atau bahkan berhenti. Tidak untuk anonimitas, dan HANYA untuk melewati firewall dan penyaringan.
+ Kirim Email
+ Anda bisa mendapatkan alamat bridge melalui email, halaman web atau dengan memindai kode QR bridge tersebut. Pilih \'Email\' atau \'Laman\' di bawah untuk meminta alamat bridge. Setelah anda mendapatkannya, salin lalu tempel di pilihan \"Bridges\" pada setting Orbot lalu start ulang.
+ Peramban Standar
+ CATATAN: Hanya bridge Tor yang standar yang bekerja di perangkat Intel X86/ATOM
+
diff --git a/res/values-in/strings.xml b/app/src/main/res/values-in/strings.xml
similarity index 98%
rename from res/values-in/strings.xml
rename to app/src/main/res/values-in/strings.xml
index f2cf3c65..42c44612 100644
--- a/res/values-in/strings.xml
+++ b/app/src/main/res/values-in/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-is/strings.xml b/app/src/main/res/values-is/strings.xml
similarity index 99%
rename from res/values-is/strings.xml
rename to app/src/main/res/values-is/strings.xml
index f169370c..ca2f9cbd 100644
--- a/res/values-is/strings.xml
+++ b/app/src/main/res/values-is/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot er ókeypis proxy smáforrit sem gerir öðrum smáforritum kleift að nota veraldarvefinn á öruggari hátt. Orbot notar Tor til að dulkóða umferð þína á netinu og felur hana svo með að hoppa í gegnum fjölda tölva um allan heim. Tor er ókeypis hugbúnaður og opið net sem aðstoðar þig við að verjast gegn eftirliti á netinu sem vinnur gegn frelsi einkalífsins og friðhelgi, trúnaðar viðskiptamálum og samböndum, og ríkisöryggi þekkt sem umferðargreining.
diff --git a/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml
similarity index 98%
rename from res/values-it/strings.xml
rename to app/src/main/res/values-it/strings.xml
index 18756bbb..62f1455a 100644
--- a/res/values-it/strings.xml
+++ b/app/src/main/res/values-it/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot è un\'applicazione proxy che permette alle altre applicazioni di accedere a internet in maniera più sicura. Orbot usa Tor per cifrare il traffico internet e lo nasconde poi facendolo rimbalzare attraverso una serie di computer attorno al mondo. Tor è un software libero e una rete aperta che aiuta a difendersi da una forma di sorveglianza della rete conosciuta come analisi del traffico. Quest\'ultima minaccia libertà e privacy personale, attività commerciali riservate, rapporti interpersonali, e persino la sicurezza di stato.
@@ -277,6 +277,7 @@
Bridge attivatiPer favore riavvia Orbot per rendere effettive le modificheCodici QR
+ Se la tua rete cellulare blocca attivamente Tor puoi utilizzare un Bridge per accedere alla rete. Seleziona uno dei tipi di bridge da sopra per attivare i bridgeModalità BridgeEmailWeb
diff --git a/app/src/main/res/values-iw/strings.xml b/app/src/main/res/values-iw/strings.xml
new file mode 100644
index 00000000..e5e33f9b
--- /dev/null
+++ b/app/src/main/res/values-iw/strings.xml
@@ -0,0 +1,233 @@
+
+
+ Orbot
+ Orbot הינה אפליקציית פרוקסי חינמית המאפשרת לאפליקציות אחרות להשתמש באינטרנט בבטחה. Orbot נעזרת ב-Tor כדי להצפין את תעבורת האינטרנט שלך ולהסוותה באמצעותה ניתובה דרך מספר מחשבים ברחבי העולם. Tor היא תוכנה חופשית ורשת פתוחה המסייעת לך להתגונן מפני סוגים מסוימים של אמצעי ניטור ומעקב אחר רשת האינטרנט המאיימים על הפרטיות, החירות האישית, פעילויות עסקיות ומערכות יחסים חשאיות.
+ http://orbot/
+ http://check.torproject.org
+ https://check.torproject.org
+ https://check.torproject.org/?TorButton=true
+ התחל ועצור את Tor
+ שירות פרוקסי Tor
+ Orbot מתחיל…
+ מחובר לרשת Tor
+ Orbot כבוי
+ מתחיל לקוח Tor...
+ הושלם.
+ מחכה.
+ אזהרה: התעבורה שלך אינה אנונימית עדיין! בבקשה הגדר את האפליקציות שלך כך שיתאפשר שימוש בפרוקסי HTTP (קרי 127.0.0.1:8118) או SOCKS4A או SOCKS5 (קרי 127.0.0.1:9050)
+ בית
+ דפדף
+ הגדרות
+ רישום
+ עזרה
+ התחל
+ עצור
+ אודות
+ הורדה
+ העלאה
+ עזרה
+ סגור
+ אודות
+ נקה רישום
+ בדוק
+ יציאה
+ סרוק BridgeQR
+ שתף BridgeQR
+ -נגיעה ארוכה להתחלה-
+ פרוקסי שקוף (שורש נדרש)
+ פרוקסי שקוף
+ עבודה אוטומטית עם אפליקציות דרך Tor
+ הכל דרך Tor
+ תעבור דרך פרוקסי עבור כל האפליקציות דרך Tor
+ מפלט פורט פרוקסי
+ אזהרה: עקוף פורטים נפוצים (80,443 וכו\'). *השתמש רק* אם האופנים \'All\' או \'App\' לא עובדים.
+ רשימת פורטים
+ רשימת פורטים לפרוקסי. *השתמש רק* אם האופנים \'All\' או \'App\' לא עובדים.
+ הזן פורטים לפרוקסי
+ דרושה גישת שורש
+ בקש גישה עליונה עבור שימוש בפרוקסי שקוף
+ קבצים ברי הרצה של Tor הותקנו בהצלחה!
+ הקבצים ברי ההרצה של Tor לא ניתנו להתקנה. בבקשה בדוק את הלוג והודע ל
+tor-assistants@torproject.org
+ שגיאת אפליקציה
+ Orbot
+ אודות Orbot
+ הבא
+ הקודם
+ סיים
+ אישור
+ ביטול
+
+ פרטים מסוימים של Orbot
+ Orbot היא אפליקציית קוד פתוח הכוללת את Tor, LibEvent ו-Polipo. היא מתחבר לרשת Tor באמצעות שרת פרוקסי HTTP מקומי (8118) ושרת פרוקסי SOCKS (פורט 9050). Orbot יכולה בנוסף עם הרשאות רוט לנתב את כל תעבורת האינטרנט של המכשיר דרך Tor כברירת מחדל.
+ ניתנה הרשאה
+ הרשאות Orbot
+ מצוין! גילינו כי יש לך הרשאות שורש מאופשרות בשביל Orbot. אנחנו נשתמש בכוח הזה בחוכמה.
+ בזמן שזה לא נדרש, Orbot יכולה להפוך להיות כלי חזק יותר אם למכשיר שלך יש גישה עליונה. תשתמש בכפתור למטה כדי לקבל כוחות על של Orbot !
+ אם אין לך גישה עליונה או אין לך מושג על מה אנחנו מדברים, רק תוודא שתשתמש באפליקציות שנועדו לעבוד עם Orbot.
+ הבנתי ואני מעדיף להמשיך בלי Superuser
+ אפשר גישת שורש עבור Orbot
+ הגדר עבודה באמצעות Tor
+ Orbot נותנת לך אפשרות לכוון את כל תעבורת האפליקציות דרך Tor או לבחור את האפליקציות שלך בנפרד.
+ השתמש בפרוקסי בכל האפליקציות דרך Tor
+ בחר אפליקציות מסוימות עבור Tor
+ Orbot מתאפשר על ידי אפליקציות
+ האפליקציות מתחת פותחו לעבודה עם Orbot. לחץ על כל כפתור להתקנה מיידית, או שאתה יכול למצוא אותם אחר כך ב Google Play, באתר GuardianProject.info או
+דרך F-Droid.org
+ ChatSecure - תוכנת מסרים מידיים מאובטחת לאנדרואיד
+ הגדרות פרוקסי - למד איך להגדיר אפליקציות לעבוד עם Orbot
+ DuckDuckGo אפליקציית מנוע חיפוש
+ קבע פרוקסי Twitter למארח \"localhost\" ולפורט 8118
+ StoryMaker - מערך שיעורים לעיתונאים על שימוש ב-Tor להגנה על עבודתם.
+ https://guardianproject.info/2012/05/02/orbot-your-twitter/
+ הגדרות פרוקסי
+ אם אפליקצת האנדרואיד שאתה משתמש תומכת בפרוקסי מבוסס HTTP או SOCKS, תוכל להגדיר אותה לעבוד עם Orbot תחת Tor. \n\n\n ההגדרות הן: שם השרת הוא 127.0.0.1 או \"localhost\". עבור HTTP, הפורט הוא 8118. עבור SOCKS, הפורט הוא 9050. עליך להשתמש בSOCKS4A או SOCKS5 אם אפשר.\n \n\n\n תוכל ללמוד עוד אודות פרוקסי באנדרואיד תחת עמוד השאלות הנפוצות שלנו בכתובת: http://tinyurl.com/proxyandroid
+ Orbot מוכן!
+ מיליוני אנשים ברחבי העולם משתמשים בTor מסיבות רבות.\n\n עיתונאים ובלוגרים, פעילי זכויות אדם, שוטרים, חיילים, תאגידים, אזרחי במשטרים מדוגאים וגם אזרחים פשוטים... ועכשיו גם אתה!
+ אנא הגדר את Orbot לפני שתוכל להתחיל להשתמש בה!
+
+ דבר זה יוביל את דפדפן הרשת שלך למוד https://check.torproject.org כדי לראות אם Orbot הוגדרה כראוי וכן כי אתה מחובר לרשת Tor.
+ איחסון שירותים נסתרים
+ כללי
+ התחל את Orbot בהדלקת המכשיר
+ התחל את Orbot והתחבר לרשת Tor אוטומטית כאשר המכשיר נדלק
+
+
+
+ אזהרה
+
+ הרשאות
+ אתה יכול להעניק לאפליקציה Orbot גישת \'Superuser\' כדי לאפשר מאפיינים מתקדמים כמו למשל, פרוקסי שקוף.
+ אם אתה לא רוצה לעשות את זה, אנא הקפד להשתמש באפליקציות שיועדו לעבוד עם Orbot
+
+ Orbot-יישומים מופעלים
+ ChatSecure: אפליקציית מסרים עם הצפנת Off-the-Record
+ מצא את כל אפליציות Guardian Project אצל Google Play
+
+ פרוקסי שקוף
+ זה מאפשר לאפליקציות שלך לרוץ באופן אוטומטי דרך רשת Tor ללא כל תצורה.
+ (סמן תיבה זו אם אין לך מושג על מה אנחנו מדברים)
+ כלום
+ Tor Tethering
+ מאפשר עבודה עם פרוקסי שקוף עבור רשת אלחוטית ומכשירי USB Tethered (דורש אתחול מחדש)
+ דרוש אישור Superuser
+ בחר אפלקציות
+ בחר אפלקציות
+ הגדרות Node
+ קיימות הגדרות מתקדמות שיכולות להפחית את האנונימיות שלך
+ Entrance Nodes
+ טביעות אצבע, כינויים, ארצות וכתובות עבור המעבר הראשון
+ הכנס Entrance Nodes
+ העבר הכל דרך פרוקסי
+ אל תשתמש בפרוקסי
+ הפוך בחירה
+ Outbound Proxy Type
+ פרוטוקול שימוש בשרת פרוקסי: HTTP, HTTPS, Socks4,Socks5
+ סוג הפרוקסי
+ מארח של Outbound Proxy
+ שם מארח שרת פרוקסי
+ הכנס מארח פרוקסי
+ פורט של Outbound Proxy
+ פורט שרת פרוקסי
+ הכנס פורט של פרוקסי
+ שם משתמש של Outbound Proxy
+ שם משתמש פרוקסי (רשות)
+ הזן שם משתמש פרוקסי
+ סיסמא של Outbound Proxy
+ סיסמת פרוקסי (רשות)
+ הזן סיסמת פרוקסי
+ סטטוס
+ הכנה של הפרוקסי השקוף...
+ הכנה של הפרוקסי השקוף מבוסס אפליקציות...
+ פרוקסי שקוף מאופשר
+ פרוקסי שקוף מאופשר ל Tathering!
+ אזהרה: שגיאה התחילה את הפרוקסי השקוף!
+ כללי TransProxy טוהרו
+ אין אפשרות להתחיל תהליך Tor:
+ Polipo רץ על פורט:
+ הכנה של הפרוקסי השקוף מבוסס פורט...
+ שגיאת גשר
+ שגיאה
+ צמתי יציאה
+ הזן צמתי יציאה
+ צמתים מוצאים
+ הזן צמתים מוצאים
+ צמתים קפדנים
+ השתמש *רק* בצמתים מצוינים אלו
+ גשרים
+ השתמש בגשרים
+ גשרים מעורפלים
+ כתובת ה-IP ויציאה של הגשרים
+ הכנס כתובות גשר
+ ממסרים
+ ממסור
+ אפשר למכשיר שלך להיות תחנת ממסר שאיננה יציאה
+ פורט הממסר
+ פורט מאזין עבור Tor relay
+ הכנס יציאת OR
+ כינוי הממסר
+ הכינוי לממסר Tor שלך
+ הזן כינוי עבור ממסר
+ כתובות בהישג יד
+ פורטים בהישג יד
+ הזן פורטים
+ אחסון שירותים נסתרים
+ הזן פורטים של localhost עבור שירותים נסתרים
+ פורט השירותים הנסתרים
+ אתרי הפרויקט:
+ https://www.torproject.org/docs/android\nhttps://guardianproject.info/apps/orbot/
+ הרשיון של Tor
+ https://torproject.org/
+ תוכנה-צד-ג׳:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ נמצא תהליך Tor קיים…
+ משהו רע התרחש. בדוק את היומן
+ שירות נסתר ב:
+ לא מסוגל לקרוא שם שירות נסתר
+ לא מסוגל להתחיל את Tor:
+ אתחל את המכשיר שלך, אין אפשרות להפעיל מחדש את Tor!
+ השתמש בברירות המחדל של iptables
+ לשמור תמיד את האיקון בסרגל כלים כשאורבוט מחובר
+ גשרים מאופשרים!
+
+ שפה
+ בחר את המקומיות והשפה של Orbot
+ בחר שפה
+ השאר ברירת מחדל או החלף לשפה הנוכחית
+ מופעל באמצעות Tor
+ שמירת הגדרות
+ אין חיבור לאינטרנט; תור ממתין...
+ רוחב פס:
+ מטה
+ מעלה
+ כבה את Tor כאשר אין חיבור לאינטרנט
+ החלפת אל זהות Tor חדשה!
+ הפעל את ChatSecure
+ נהל Tor
+ אפשר את אפליקציה זו כדי לשלוט בשירות Tor
+ להתקין אפליקציה?
+ אין חיבור לרשת. מכבה את Tor....
+ החיבור עובד טוב. מעיר את Tor...
+ מעדכן הגדרות Tor במכשיר
+ Tor SOCKS
+ הגדרות SOCKS Port
+ Tor TransProxy Port
+ הגדרת הפורט של TransProxy
+ Tor DNS Port
+ הIPs החיצוניים שלך עם Tor:
+ אין לך גישת רוט מאופשרת
+ תצטרך לכבות ולהפעיל את Orbot על מנת להחיל את השינוי בהגדרות.
+ kbps
+ mbps
+ KB
+ MB
+ קוד QR
+ דוא\"ל
+ אתר
+ הפעל
+ שלח דוא\"ל
+ דפדפן רגיל
+
diff --git a/res/values-ja/strings.xml b/app/src/main/res/values-ja/strings.xml
similarity index 97%
rename from res/values-ja/strings.xml
rename to app/src/main/res/values-ja/strings.xml
index a780cd8b..1f117565 100644
--- a/res/values-ja/strings.xml
+++ b/app/src/main/res/values-ja/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbotは他のアプリがインターネットをより安全に使うことを可能にするフリーのプロキシアプリです。Orbotでは、Torを用いてあなたの端末のトラフィックを暗号化し、世界中のコンピューターを中継することで、そのトラフィックを隠します。Torはフリーのソフトウェアとオープンなネットワークであり、ユーザーの自由とプライバシーを脅かす監視活動や、機密のビジネス活動、国家によるトラフィック分析から身を守ることを助けてくれます。
@@ -277,6 +277,7 @@
ブリッジを更新しました変更を有効にするにはOrbotを再起動してくださいQRコード
+ モバイルネットワークが積極的にTorをブロックする場合、ブリッジを使用してネットワークにアクセスすることができます。\n\nブリッジを有効にするため、上のいずれかのブリッジタイプを選択してください。ブリッジ モードメールWeb
diff --git a/app/src/main/res/values-kn-rIN/strings.xml b/app/src/main/res/values-kn-rIN/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-kn-rIN/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/app/src/main/res/values-kn/strings.xml b/app/src/main/res/values-kn/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-kn/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-ko/strings.xml b/app/src/main/res/values-ko/strings.xml
similarity index 99%
rename from res/values-ko/strings.xml
rename to app/src/main/res/values-ko/strings.xml
index f5361d01..765b5720 100644
--- a/res/values-ko/strings.xml
+++ b/app/src/main/res/values-ko/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-ky/strings.xml b/app/src/main/res/values-ky/strings.xml
similarity index 74%
rename from res/values-ky/strings.xml
rename to app/src/main/res/values-ky/strings.xml
index 88c07a4e..89c837cc 100644
--- a/res/values-ky/strings.xml
+++ b/app/src/main/res/values-ky/strings.xml
@@ -1,4 +1,4 @@
-
+
ЫрастоолорЖардам
@@ -14,13 +14,7 @@
-
-
-
-
-
АбалКата
diff --git a/app/src/main/res/values-lt-rLT/strings.xml b/app/src/main/res/values-lt-rLT/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-lt-rLT/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-lt/strings.xml b/app/src/main/res/values-lt/strings.xml
similarity index 96%
rename from res/values-lt/strings.xml
rename to app/src/main/res/values-lt/strings.xml
index 515fd235..b9253dd9 100644
--- a/res/values-lt/strings.xml
+++ b/app/src/main/res/values-lt/strings.xml
@@ -1,4 +1,4 @@
-
+
NaršytiNustatymai
diff --git a/res/values-lv/strings.xml b/app/src/main/res/values-lv/strings.xml
similarity index 99%
rename from res/values-lv/strings.xml
rename to app/src/main/res/values-lv/strings.xml
index 6aeabd6a..194c7b0b 100644
--- a/res/values-lv/strings.xml
+++ b/app/src/main/res/values-lv/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot ir starpniekserveru bezmaksas lietotne, kas sniedz iespēju citām lietotnēm drošāk lietot internetu. Orbot izmanto Tor, lai šifrētu Jūsu interneta datplūsmu, tad to paslēpj, pārsūtot to caur daudziem datoriem visā pasaulē. Tor ir bezmaksas programmatūra un atvērts tīkls, kas palīdz Jums aizsargāties pret tīkla uzraudzības veidu - datplūsmas analīzi -, ar kuras palīdzību tiek apdraudēta personiskā brīvība un privātums, konfidenciālas lietišķas darbības un attiecības, kā arī valsts drošība.
diff --git a/res/values-mk/strings.xml b/app/src/main/res/values-mk/strings.xml
similarity index 99%
rename from res/values-mk/strings.xml
rename to app/src/main/res/values-mk/strings.xml
index 85f76a5d..c5ca87f6 100644
--- a/res/values-mk/strings.xml
+++ b/app/src/main/res/values-mk/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot е слободна прокси апликација која им овозможува на другите апликации да го користат интернетот побезбедно. Orbot користи Tor за шифрирање на интернет-сообраќајот, а потоа го сокрива и го доставува преку неколку компјутери во целиот свет. Tor е слободен софтвер и отворена мрежа која се справува со вид надзор на мрежата која штети на личната слобода и приватноста, доверливи деловни активности и односи, и државната безбедност позната како анализа на сообраќајот.
diff --git a/app/src/main/res/values-ml/strings.xml b/app/src/main/res/values-ml/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-ml/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/app/src/main/res/values-mn/strings.xml b/app/src/main/res/values-mn/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-mn/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/app/src/main/res/values-mr-rIN/strings.xml b/app/src/main/res/values-mr-rIN/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-mr-rIN/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-ms-rMY/strings.xml b/app/src/main/res/values-ms-rMY/strings.xml
similarity index 99%
rename from res/values-ms-rMY/strings.xml
rename to app/src/main/res/values-ms-rMY/strings.xml
index 4b1355c2..e281414a 100644
--- a/res/values-ms-rMY/strings.xml
+++ b/app/src/main/res/values-ms-rMY/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-ms/strings.xml b/app/src/main/res/values-ms/strings.xml
similarity index 99%
rename from res/values-ms/strings.xml
rename to app/src/main/res/values-ms/strings.xml
index 32f8aa79..c327e579 100644
--- a/res/values-ms/strings.xml
+++ b/app/src/main/res/values-ms/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-my/strings.xml b/app/src/main/res/values-my/strings.xml
similarity index 97%
rename from res/values-my/strings.xml
rename to app/src/main/res/values-my/strings.xml
index c7c4e757..07ab4759 100644
--- a/res/values-my/strings.xml
+++ b/app/src/main/res/values-my/strings.xml
@@ -1,4 +1,4 @@
-
+
ပင်မ စာမျက်နှာဖွင့်ကြည့်ရန်
diff --git a/res/values-nb/strings.xml b/app/src/main/res/values-nb/strings.xml
similarity index 99%
rename from res/values-nb/strings.xml
rename to app/src/main/res/values-nb/strings.xml
index 1c0ce162..6fe4aebd 100644
--- a/res/values-nb/strings.xml
+++ b/app/src/main/res/values-nb/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot er en gratis proxy app som gjør det mulig for andre apps å bruke internett mer sikkert. Orbot bruker Tor for å kryptere din Internettrafikk, og skjuler da din trafikk ved å sende trafikken gjennom en lang rekke datamaskiner over hele verden. Tor er et gratis dataprogram, og et åpent nettverk som hjelper deg å forsvare deg mot en form for nettverksovervåking som truer din personlige frihet og privatliv, konfidensiell bedriftsvirksomhet og relasjoner, og statlig sikkerhet kjent som trafikkanalyse.
diff --git a/res/values-nl/strings.xml b/app/src/main/res/values-nl/strings.xml
similarity index 99%
rename from res/values-nl/strings.xml
rename to app/src/main/res/values-nl/strings.xml
index 51c4892b..bbd3c17e 100644
--- a/res/values-nl/strings.xml
+++ b/app/src/main/res/values-nl/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot is een gratis en vrije proxy-app die het andere apps mogelijk maakt het internet veiliger te gebruiken. Orbot gebruikt Tor om je internetverkeer te coderen en het vervolgens te verhullen het door het door een serie computers over de hele wereld te routeren. Tor is vrije software en een open netwerk dat je helpt te verdedigen tegen een vorm van netwerktoezicht die persoonlijke vrijheid en privacy, vertrouwelijke bedrijfsactiviteiten en relaties en staatsveiligheid genaamd \'traffic analyse\' bedreigt.
diff --git a/res/values-pa/strings.xml b/app/src/main/res/values-pa/strings.xml
similarity index 73%
rename from res/values-pa/strings.xml
rename to app/src/main/res/values-pa/strings.xml
index 8fdc9bb1..2756370d 100644
--- a/res/values-pa/strings.xml
+++ b/app/src/main/res/values-pa/strings.xml
@@ -1,4 +1,4 @@
-
+
ਚਰਨਾਪਰਿਸਥਿਤੀ
@@ -13,13 +13,7 @@
-
-
-
-
ਖਾਲੀ
-
diff --git a/res/values-pl/strings.xml b/app/src/main/res/values-pl/strings.xml
similarity index 92%
rename from res/values-pl/strings.xml
rename to app/src/main/res/values-pl/strings.xml
index 87ee636f..e550da5c 100644
--- a/res/values-pl/strings.xml
+++ b/app/src/main/res/values-pl/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot jest darmową aplikacją proxy która wspomaga inne aplikacje do używania internetu bezpiecznie. Orbot używa Tora do szyfrowania Twojego ruchu internetowego i następnie przepuszczania go przez wiele innych komputereów pororzucanych na całym świecie. Tor jest darmowym oprogramowaniem i otwartą siecią która pomaga Tobie w obronie przed monitoringiem sieci która zagrarza osobistej wolności i prywatności, poufnym biznesowym aktywnościom.
@@ -11,6 +11,7 @@
Orbot startuje...Podłączony do sieci TorOrbot wyłączony
+ TorService wyłącza sięUruchamianie klienta sieci Tor...gotowe.czekaj.
@@ -20,9 +21,11 @@
UstawieniaLogiPomoc
+ VPNStartStopO programie
+ Zdobądź aplikacjePobieranie (prędkość/suma)Wysyłanie (prędkość/suma)Pomoc
@@ -84,6 +87,7 @@
Miliony ludzi na całym świecie używają Tora z różnych powodów.\n\nDziennikarze i blogerzy, działacze na rzecz praw człowieka, stróże prawa, żołnierze, korporacje, obywatele represyjnych reżimów i zwykli obywatele... teraz Ty też możesz!Proszę skonfiguruj Orbot zanim zaczniesz go uzywać!
+ Pomyślnie połączyłeś się do sieci Tor - ale to nie oznacza, że Twoje urządzenie jest bezpieczne. Możesz użyć przycisku \'Przeglądarka\' aby sprawdzić swoje połączenie. \n\nOdwiedź nas na https://guardianproject.info/apps/orbot lub wyślij nam maila na help@guardianproject.info aby dowiedzieć się więcej.To otworzy Twoją domyślną przeglądarkę na adresie https://check.torproject.org w celu sprawdzenia, czy Orbot jest skonfigurowany i jest połączenie z Torem.Usługi ukryteOgólne
@@ -103,6 +107,7 @@
Orbot-Włączone AplikacjeChatSecure: Bezpieczny komunikator z szyfrowaniem Off-the-Record
+ Orfox: Przeglądarka, która działa przez ToraZnajdź wszystkie aplikacje Guardian Project na Google PlayZobacz wszystkie aplikacje Guardian Project na F-DroidZobacz wszystkie aplikacje Guardian Project na https://f-droid.org
@@ -121,6 +126,8 @@
Węzły wejścioweOdciski palców, nicki, państwa i adresy na pierwszy razWpisz Węzły Wejściowe
+ Pozwól na start z tle
+ Pozwól każdej aplikacji powiedzieć, aby Orbot uruchomił Tor i inne związane z nim usługiPrzepuszczaj wszystko przez proxyNie przepuszczaj niczego przez proxyOdwróć zaznaczone
@@ -200,6 +207,7 @@
LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/Polipo v1.1.9: https://github.com/jech/polipoIPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.orgAplikacja chce otworzyć port ukrytego serwera %S do Sieci Tor. Jest to bezpieczne, jeśli ufasz aplikacji.znaleziono istniejący proces Tora...Coś nie poszło nie tak. Sprawdź logi
@@ -229,9 +237,11 @@
Brak Auto-Uśpienia SieciUstaw Tor\'a w tryb uśpienia kiedy połączenie internetowe będzie niedostępneNowa tożsamość Tor\'a została zmieniona!
+ PrzeglądarkaUżyj ChatSecureAdministruj Tor\'emPozwól tej aplikacji kontrolować serwis Tor
+ Wygląda na to, że nie masz zainstalowanej Orfoxa. Chcesz abyśmy Ci pomogli, czy chcesz abyśmy otworzyli to w przeglądarce?Zainstalować aplikacje?Brak połączenia internetowego. Tor będzie w trybie snu...Połączenie internetowe jest dobre. Trwa budzenie Tora...
@@ -259,6 +269,7 @@
Ustawienia Transproxy zostały wyczyszczone!Nie masz praw użytkownika root.Możesz zatrzymać i uruchomić ponownie Orbota, aby zmiany ustawień weszły w życie.
+ VPNkbpsmbpsKB
@@ -266,13 +277,17 @@
Zaktualizowane BridgesProszę zrestartować Orbot, aby zmiany mogły wejść w życieKody QR
+ Jeśli Twoja sieć telefoniczna aktywnie blokuje Tora, to możesz używać Bridge., aby połączyć się z siecią. WYBIERZ jeden typ bridge powyżej, aby włączyć bridges.Tryb BridgeEmailWebAktywuj
+ Tryb VPN AplikacjiMożesz włączyć opcję dla wszystkich aplikacji, tak, aby ich ruch internetowy był przepuszczany przez sieć Tor używając do tego opcji VPN w Androidzie.\n\n*UWAGA* Jest to nowa, eksperymentalana opcja i w niektórych przypadkach może ona nie uruchomić się automatycznie, lub może się zatrzymać. Opcja ta NIE POWINNA być używana w celach uzyskania anonimowości, a TYLKO wyłącznie w celu ominięcia firewalli i filtrów.Wyślij EmailMożesz uzyskać adres Bridge poprzez email, internet, lub poprzez zeskanowanie kodu QR. Wybierz \'Email\' lub \'Internet\' poniżej, aby poprosić o adres bridge\'a.\n\nJak już będziesz mieć ten adres to skopiuj i wklej go do \"Bridges\" we właściwościach Orbota a następnie go zrestartuj.
+ Zainstaluj OrfoxStandardowa przeglądarkaUWAGA: Tylko standardowe bridges działają na urządzeniach z Intel X86/ATOM.
+ Świat
diff --git a/app/src/main/res/values-ps/strings.xml b/app/src/main/res/values-ps/strings.xml
new file mode 100644
index 00000000..844f834c
--- /dev/null
+++ b/app/src/main/res/values-ps/strings.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/res/values-pt-rBR/strings.xml b/app/src/main/res/values-pt-rBR/strings.xml
similarity index 71%
rename from res/values-pt-rBR/strings.xml
rename to app/src/main/res/values-pt-rBR/strings.xml
index 182ebaae..b23e3043 100644
--- a/res/values-pt-rBR/strings.xml
+++ b/app/src/main/res/values-pt-rBR/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot é um aplicativo de proxy livre que capacita outros aplicativos a usar a internet com mais segurança. Orbot usa o Tor para criptografar seu tráfego na internet e então o esconde \"saltando\" entre uma série de computadores ao redor do mundo. Tor é um software livre e de rede aberta que ajuda você a se defender de certas formas de vigilância que ameaçam privacidade e liberdade pessoais, atividades e relações comerciais confidenciais e segurança estatal conhecida como análise de tráfego.
@@ -25,6 +25,7 @@
IniciarPararSobre
+ Obter aplicativos...DownloadUploadAjuda
@@ -60,6 +61,7 @@
CancelarAlguns detalhes do Orbot
+ Orbot é uma aplicação de código aberto que contém Tor, libEvent e Polipo. Ela provê um proxy HTTP local (8118) e um proxy SOCKS (9050) dentro da rede Tor. Orbot também tem a a habilidade, num dispositivo de com acesso root, de enviar todo o tráfego de internet através do Tor.Permissão ConcedidaPermissões do OrbotExcelente! Detectamos que você habilitou permissões de root para Orbot. Nós usaremos este poder com sabedoria.
@@ -77,11 +79,15 @@
Configurações de Proxy - Aprenda como configurar apps para trabalhar com OrbotFerramenta de Busca DuckDuckGoDefine o proxy do Twitter para \"localhost\" e a porta 8118
+ StoryMaker - Faça uma história e deixe-a para o tor por segurança!https://guardianproject.info/2012/05/02/orbot-your-twitter/Configurações de Proxy
+ Se a app Android que você está usando puder suportar o uso de proxy HTTP ou SOCKS, então você pode configurar para conectar ao Orbot e usar o Tor. As configurações de host são 127.0.0.1 ou \"localhost\". Para HTTP, a porta configurada é 8118. Para SOCKS, o proxy é 9050. Você deve usar SOCKS4A ou SOCKS5 se possível. Você pode aprender mais sobre proxy no Android através do FAQ em: http://tinyurl.com/proxyandroidOrbot está pronto!
+ Centenas de milhares de pessoas ao redor do mundo usam o Tor por uma enorme variedade de razões. Jornalistas e bloggers, defensores dos direitos humanos, oficiais da lei, soldados, corporações, cidadãos em regimes repressivos, e somente cidadãos comuns... e agora você está pronto para usar, também! Por favor, configure o Orbot antes de começar a usá-lo!
+ Você se conectou à rede Tor com sucesso - mas isto NÃO significa que seu dispositivo é seguro. Você pode usar a opção \'Checar\' no menu para testar seu navegador. Visite-nos em https://guardianproject.info/apps/orbot ou envie um e-mail para help@guardianproject.info para saber mais.Isto irá abrir seu navegador web em https://check.torproject.org com o intuito de ver se o Orbot está provavelmente configurado e você está conectado ao Tor.Serviços OcultosGeral
@@ -89,16 +95,22 @@
Automaticamente iniciar o Orbot e conectar o Tor quando seu Android bootar.
+ Orbot trouxe Tor para Android!! Tor ajuda você a se defender contra filtro de conteúdo, análises de tráfego e vigilância de rede que ameaçam sua privacidade, informação confidencial e relacionamentos pessoais. Este assistente irá ajudá-lo a configurar o Orbot e Tor no seu dispositivo.Aviso
+ Simplesmente instalando o Orbot não irá automaticamente anonimizar seu tráfego móvel. Você deve configurar apropriadamente o Orbot, seu dispositivo e outras apps para usar o Tor com sucesso.PermissõesVocê pode opcionalmente garantir ao Orbot acesso de \'Superusuário\' para habilitar recursos avançados, como um proxy transparente.Se você não quiser fazer isto, tenha certeza de usar apps feitas para trabalhar com o Orbot.
+ Seu dispositivo não parece ser roteado ou prover um acesso \'Superusuário\'. De maneira a você se beneficiar do Tor, você precisará usar apps criadas para trabalhar com o Orbot, ou que suportem configurações de proxy HTTP ou SOCKS. Apps Orbot HabilitadasChatSecure: app de chat seguro com criptografia Off-the-Record
+ Orfox: navegador de privacidade aprimorada que funciona através do TorEncontre todos os aplicativos da Guardian Project no Google Play
+ Encontre todos os aplicativos da Guardian Project no F-Droid
+ Encontre todos os aplicativos da Guardian Project no https://f-droid.orgProxy TransparenteIsto permite à suas apps automaticamente rodarem através da rede Tor sem nenhuma configuração.
@@ -114,6 +126,9 @@
Nós de EntradaImpressões digitais, apelidos, países e endereços para a primeira etapaInsira os Nós de Entrada
+ Permitir estrelas em segundo plano
+ Todo o Proxy
+ Nenhum ProxyInverter SeleProxy de saída da rede (Opcional)Tipo de Proxy
@@ -139,6 +154,7 @@
AVISO: erro ao iniciar o proxy transparente!Regras TransProxy limpasNão foi possível iniciar o processo Tor:
+ Polipo está rodando na porta:Configurando proxy transparente baseado em porta...Erro na PonteComo condição para usar o recurso de ponte, você deve inserir pelo menos um endereço IP de ponte.
@@ -190,24 +206,30 @@
LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/Polipo v1.1.9: https://github.com/jech/polipoIPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.orgUma app quer abrir a porta %S oculta do servidor para a rede Tor. Isto é seguro se você confia na app.procurando processos Tor existentes...Algo ruim aconteceu. Cheque o loserviço oculto em:habilitar ler o nome do serviço ocultoHabilitar iniciar o Tor:
+ Reinicie seu dispositivo, incapaz de resetar Tor!Usar tabelas de IP padrão:usar as tabelas ip binárias embutidas ao invés das tabelas do pacote OrbotOs binários Tor não estão disponíveis para serem instalados ou atualizados.Sempre manter o ícone na barra de tarefas quando o Orbot está conectadoNotificações Sempre Ligadas
+ Mostrar notificação expandida com Tor país de saída e IP
+ Notificações ExpandidasPontes habilitadas!IdiomaEscolha o local e idioma para o OrbotEscolha o IdiomaDeixe o padrão ou troque o idioma atual
+ distribuído por TorSalvar Configurações
+ Sem conexão na internet; Tor está na espera...Largura de banda:downup
@@ -218,17 +240,46 @@
Usar ChatSecureGerenciar TorHabilitar este app a controlar o serviço Tor
+ Parece que você não tem o Orweb instalado. Quer ajuda com isso ou devemos apenas abrir o navegador?Instalar apps?
+ Sem conectividade na rede. Colocando o Tor para dormir...
+ Conectividade da rede está boa. Acordando Tor
+ atualizando configurações no serviço Tor
+ Tor SOCKS
+ Porta que Tor oferece seu proxy SOCKS (padrão: 9050 ou 0 para desativar)
+ Config da Porta SOCKS
+ Porta TransProxy Tor
+ Porta que Tor oferece seu Proxy Transparente no (padrão: 9040 ou 0 para desativar)
+ Config da Porta TransProxy
+ Porta DNS Tor
+ Porta que Tor oferece seu DNS no (padrão: 5400 ou 0 para desativar)
+ Config da Porta DNS
+ Config Personalizada do Torrc
+ Torrc Personalizado
+ Seus IPs Públicos do Tor:Conflito de aplicattivo
+ Transproxy FORÇAR REMOÇÃO
+ Você não tem acesso root ativado
+ Você pode precisar parar e iniciar Orbot para as configurações de mudar para ser ativado.VPNkbpsmbpsKBMB
+ Pontes Atualizadas
+ Por favor reinicie Orbot para habilitar as mundançasQR Codes
+ Se a sua rede móvel ativamente blocos Tor, você pode usar uma ponte para acessar a rede. Selecione um dos tipos de pontes acima, para permitir pontes.
+ Modo PonteEmailWebAtvar
+ Modo Apps VPN
+ Você pode permitir que todos os aplicativos em seu dispositivo para executar através da rede Tor usando o recurso VPN do Android.\n\n*AVISO* Esta é uma característica nova, experimental e em alguns casos pode não começar automaticamente, ou pode parar. Não deve ser usado para manter o anonimato, e serão utilizadas apenas para obter através de firewalls e filtros.Enviar Email
+ Você pode obter um endereço de ponte através de e-mail, web ou lendo um código QR ponte. Selecione \'E-mail\' ou \'Web\' abaixo para solicitar uma ponte endereço. \n\nUma vez que você tem um endereço, copie & colá-lo na "Bridges" preferência na configuração e reiniciar do Orbot.
+ Instalar OrfoxNavegador Padrão
+ NOTA: Apenas pontes Tor padrão funcionam em dispositivos Atom/Intel X86
+ Mundo
diff --git a/res/values-pt-rPT/strings.xml b/app/src/main/res/values-pt-rPT/strings.xml
similarity index 91%
rename from res/values-pt-rPT/strings.xml
rename to app/src/main/res/values-pt-rPT/strings.xml
index d580cae9..20ba24b2 100644
--- a/res/values-pt-rPT/strings.xml
+++ b/app/src/main/res/values-pt-rPT/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot
diff --git a/res/values-pt/strings.xml b/app/src/main/res/values-pt/strings.xml
similarity index 99%
rename from res/values-pt/strings.xml
rename to app/src/main/res/values-pt/strings.xml
index a36ed0f4..69f7a770 100644
--- a/res/values-pt/strings.xml
+++ b/app/src/main/res/values-pt/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-ro-rRO/strings.xml b/app/src/main/res/values-ro-rRO/strings.xml
similarity index 96%
rename from res/values-ro-rRO/strings.xml
rename to app/src/main/res/values-ro-rRO/strings.xml
index d0e466c0..f0ae485d 100644
--- a/res/values-ro-rRO/strings.xml
+++ b/app/src/main/res/values-ro-rRO/strings.xml
@@ -1,4 +1,4 @@
-
+
Pagina de startRăsfoieşte
diff --git a/res/values-ro/strings.xml b/app/src/main/res/values-ro/strings.xml
similarity index 99%
rename from res/values-ro/strings.xml
rename to app/src/main/res/values-ro/strings.xml
index 571f5122..01166b4f 100644
--- a/res/values-ro/strings.xml
+++ b/app/src/main/res/values-ro/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-rs-rAR/strings.xml b/app/src/main/res/values-rs-rAR/strings.xml
similarity index 98%
rename from res/values-rs-rAR/strings.xml
rename to app/src/main/res/values-rs-rAR/strings.xml
index 0f876c9b..132b67e8 100644
--- a/res/values-rs-rAR/strings.xml
+++ b/app/src/main/res/values-rs-rAR/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml
new file mode 100644
index 00000000..94029fb0
--- /dev/null
+++ b/app/src/main/res/values-ru/strings.xml
@@ -0,0 +1,293 @@
+
+
+ Orbot
+ Orbot - это свободная программа для прокси-соединений, она позволяет другим приложениям более безопасно использовать интернет-соединение. Orbot использует Tor для шифрования интернет-трафика, который затем скрывается в ходе пересылки через несколько компьютеров в разных частях планеты. Tor является свободным программным приложением, а также открытой сетью, помогающей защититься от слежки в сетях, угрожающей личной свободе и частной жизни, конфиденциальным бизнес-деятельности и контактам, а также государственной программе безопасности, известной как анализ трафика.
+ http://orbot/
+ http://check.torproject.org
+ https://check.torproject.org
+ https://check.torproject.org/?TorButton=true
+ Запуск и остановка Tor
+ torproxyservice
+ Запуск Orbot...
+ Подключён к сети Tor
+ Orbot отключён
+ Служба Tor выключается
+ Запускается клиент Tor...
+ завершено.
+ ожидание.
+ ПРЕДУПРЕЖДЕНИЕ: ваш трафик ещё не анонимен! Пожалуйста, настройте свои приложения на использование HTTP-прокси 127.0.0.1:8118 или же SOCKS4A или SOCKS5-прокси 127.0.0.1:9050
+ Домашняя страница
+ Просмотр
+ Настройки
+ Журнал
+ Справка
+ VPN
+ Запустить
+ Остановить
+ О программе
+ Получить приложения...
+ Загрузка
+ Отправка
+ Справка
+ Закрыть
+ О программе
+ Очистить журнал
+ Проверка
+ Выход
+ Сканировать QR-код моста
+ Опубликовать QR-код моста
+ - долгое нажатие для запуска -
+ Прозрачный прокси (требуется root-доступ)
+ Прозрачный прокси
+ Автоматическая Tor-ификация приложений
+ Направлять всё через Tor
+ Направлять трафик всех приложений через Tor
+ Резервный порт прокси
+ ПРЕДУПРЕЖДЕНИЕ: обходит общие порты (80, 443, и т.д.). *ИСПОЛЬЗОВАТЬ ТОЛЬКО* если режимы \'Всё\' или \'Приложение\' не работают.
+ Список портов
+ Список портов для проксификации. *ИСПОЛЬЗОВАТЬ ТОЛЬКО* если режимы \'Всё\' или \'Приложение\' не работают.
+ Введите порты для проксификации
+ Запросить root-доступ
+ Запросить root-доступ для прозрачной проксификации
+ Программа Tor успешно установлена!
+ Не удалось установить программу Tor. Пожалуйста, проверьте системный журнал и сообщите нам: tor-assistants@torproject.org
+ Ошибка приложения
+ Orbot
+ Об Orbot
+ Вперёд
+ Назад
+ Завершить
+ OK
+ Отмена
+
+ Некоторые сведения о программе Orbot
+ Orbot — это приложение с открытым исходным кодом, которое содержит Tor, LibEvent и Privoxy. Оно предоставляет локальный HTTP-прокси (8118) и SOCKS-прокси (9050) в сеть Tor. Orbot также позволяет на устройствах с правами root пересылать весь интернет-трафик через Tor.
+ Разрешение получено
+ Разрешения Orbot
+ Отлично! Мы определили, что вы предоставили root-права для Orbot. Мы будем использовать эту возможность с умом.
+ Хотя это и не требуется, Orbot может быть более мощным инструментом, если ваше устройство имеет права root. Нажмите на кнопку ниже и предоставьте Orbot супервозможности!
+ Если у вас нет root-прав или вы не имеете представления о чём мы говорим, просто убедитесь, что используете приложения, разработанные для Orbot.
+ Я понимаю и хочу продолжить без прав суперпользователя
+ Дать root-права Orbot
+ Настроить Tor-ификацию
+ Программа Orbot даёт вам возможность направлять трафик всех приложений через Tor ИЛИ выбрать приложения для перенаправления самостоятельно.
+ Направлять все приложения через Tor
+ Направлять выбранные приложения через Tor
+ Orbot-задействованные приложения
+ Мы советуем вам скачать и использовать приложения, которые умеют работать напрямую через Orbot. Нажмите на кнопки ниже, чтобы запустить процесс установки.
+ ChatSecure - защищённый обмен сообщениями в Android
+ Настройки прокси: узнайте, как настроить приложения для работы с Orbot
+ Приложение поисковой системы DuckDuckGo
+ Twitter поддерживает http-прокси \"localhost:8118\"
+ StoryMaker - напишите рассказ и оставьте его Tor для обеспечения безопасности!
+ https://guardianproject.info/2012/05/02/orbot-your-twitter/
+ Настройки прокси
+ Если используемое вами приложение для Android поддерживает HTTP или SOCKS-прокси, то вы можете настроить его на подключение к Orbot и использование Tor.\n\n\nЗначение хоста - 127.0.0.1 или \"localhost\". Для HTTP номер порта - 8118. Для SOCKS-прокси - 9050. По возможности используйте SOCKS4A или SOCKS5.\n \n\n\nВы можете узнать больше о работе через прокси на Android, прочитав этот FAQ: http://tinyurl.com/proxyandroid\n
+ Orbot готов к использованию!
+ Миллионы людей во всём мире используют Tor по различным причинам. Журналисты и блоггеры, правозащитники, сотрудники правоохранительных органов, солдаты, корпорации, граждане стран с репрессивным режимом и просто обычные граждане..., а теперь готовы и вы!
+ Пожалуйста, настройте Orbot прежде чем приступить к использованию!
+
+ Вы успешно подключились к сети Tor, но это НЕ значит, что ваше устройство безопасно. Вы можете воспользоваться функцией \'Проверка\' из меню, чтобы протестировать ваш браузер.\n\nПосетите наш сайт https://guardianproject.info/apps/orbot или отправьте письмо на адрес help@guardianproject.info, чтобы узнать больше.
+ Это приведёт к запуску браузера, выбранного на вашем устройстве по умолчанию, и подключению к сайту https://check.torproject.org с целью проверки правильности работы Orbot и определения, подключены ли вы к сети Tor.
+ Скрытые службы
+ Общие
+ Запускать Orbot при загрузке
+ Автоматически запускать Orbot и подключаться к сети Tor при загрузке вашего Android-устройства
+
+
+ Orbot позволяет использовать Tor на Android!\n\nTor позволяет вам защититься от фильтрации содержимого, анализа трафика и наблюдения за сетью, которые ставят под угрозу приватность, конфиденциальную информацию и личные отношения.\n\nЭтот мастер поможет вам настроить Orbot и Tor на вашем устройстве.
+
+ Предупреждение
+ Сама по себе установка Orbot не сделает автоматически ваш мобильный трафик анонимным.\n\nВы должны правильно настроить Orbot, ваше устройство и другие приложения, что бы успешно использовать Tor.
+
+ Разрешения
+ Вы так же можете по желанию дать Orbot права \'Суперпользователя\' для доступа к дополнительным возможностям типа прозрачной проксификации.
+ Если вы не хотите делать это, пожалуйста, удостоверьтесь, что используете приложения, созданные для работы с Orbot.
+ Похоже, ваше устройство не имеет root-прав и не предоставляет доступ \'Суперпользователя\'.\n\nЧтобы использовать Tor, вам надо использовать приложения, построенные для работы с Orbot или те, которые поддерживают использование HTTP или SOCKS-прокси.
+
+ Приложения, работающие с Orbot:
+ ChatSecure: приложение для безопасной переписки с конфиденциальным шифрованием
+ Orfox: конфиденциальный браузер, работающий через Tor
+ Найти все приложения Guardian Project на Google Play
+ Найти все приложения Guardian Project на F-Droid
+ Найти все приложения Guardian Project на сайте https://f-droid.org
+
+ Прозрачное проксирование
+ Это позволяет вашим приложениям автоматически работать по сети Tor без какого-либо конфигурирования.
+ (Отметьте данный пункт, если вы не знаете о чём идёт речь)
+ Нет
+ Тетеринг Tor
+ Включить прозрачную проксификацию Tor для устройств с тетерингом по Wi-Fi и USB (требуется перезапуск)
+ Запросить доступ Суперпользователя
+ Выбранные приложения
+ Выбрать приложения для направления через Tor
+ Конфигурация узла
+ Это дополнительные настройки, которые могут снизить вашу анонимность
+ Входные узлы
+ Отпечатки, псевдонимы, страны и адреса для первого прыжка
+ Введите входные узлы
+ Разрешить фоновую загрузку
+ Позволить любому приложению требовать от Orbot запускать Tor и относящиеся к нему сервисы
+ Проксировать всё
+ Не проксировать
+ Инвертировать выделенное
+ Исходящий сетевой прокси (необязательно)
+ Тип прокси
+ Протокол для использования прокси-сервером: HTTP, HTTPS, Socks4, Socks5
+ Введите тип прокси
+ Хост прокси
+ Имя хоста прокси-сервера
+ Введите хост прокси
+ Порт прокси
+ Порт прокси-сервера
+ Введите порт прокси
+ Имя пользователя прокси
+ Имя пользователя прокси-сервера (необязательно)
+ Введите имя пользователя прокси
+ Пароль пользователя прокси
+ Пароль пользователя прокси-сервера (необязательно)
+ Введите пароль пользователя прокси
+ Статус
+ Установка общей прозрачной проксификации...
+ Установка основанной на приложениях прозрачной проксификации...
+ Прозрачная проксификация ВКЛЮЧЕНА
+ Прозрачный прокси поддерживает тетеринг!
+ ВНИМАНИЕ: ошибка запуска прозрачной проксификации!
+ Правила прозрачного прокси удалены
+ Невозможно запустить Tor:
+ Polipo работает на порту:
+ Установка основанной на портах прозрачной проксификации...
+ Ошибка моста
+ Для использования необходимо задать IP-адрес как минимум одного моста.
+ Отправьте письмо на адрес bridges@torproject.org со строкой \"get bridges\" в теле сообщения из учётной записи GMail.
+ Ошибка
+ Ваши настройки доступных адресов вызвали исключение!
+ Настройки вашего ретранслятора вызвали исключение!
+ Выходные узлы
+ Отпечатки, псевдонимы, страны и адреса для последнего прыжка
+ Введите выходные узлы
+ Исключённые узлы
+ Отпечатки, псевдонимы, страны и адреса на исключение
+ Введите исключённые узлы
+ Точные узлы
+ Использовать *только* эти заданные узлы
+ Мосты
+ Использовать мосты
+ Обфусцированные мосты
+ Включить альтернативные входные узлы в сеть Tor
+ Заданные мосты обфусцированы
+ IP-адреса и порты мостов
+ Введите адреса мостов
+ Ретрансляторы
+ Ретрансляция
+ Разрешить вашему устройству быть невыходным ретранслятором
+ Порт ретранслятора
+ Слушающий порт для вашего ретранслятора Tor
+ Введите порт OR
+ Имя ретранслятора
+ Имя для вашего ретранслятора Tor
+ Введите пользовательское имя ретранслятора
+ Доступные адреса
+ Запускать как клиент за межсетевым экраном с ограничивающими политиками
+ Доступные порты
+ Порты, доступные из-за ограничительного сетевого экрана
+ Введите порты
+ Включить скрытые службы
+ Запустить сервера, доступные через сеть Tor
+ Введите локальные порты для скрытых служб
+ Порты скрытой службы
+ Адресуемое имя для вашей скрытой службы (создаётся автоматически)
+ Включить вывод журнала отладки (требует использовать adb или aLogCat для просмотра)
+ Домашняя страница проекта:
+ https://www.torproject.org/docs/android\nhttps://guardianproject.info/apps/orbot/
+ Лицензия Tor
+ https://torproject.org
+ Программы сторонних разработчиков:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.org
+ Приложение хочет открыть скрытый порт сервера %S сети Tor. Это безопасно, если вы доверяете данному приложению.
+ найден существующий процесс Tor...
+ Произошла какая-то ошибка. Проверьте журнал.
+ скрытая служба на:
+ невозможно прочитать имя скрытой службы
+ Невозможно запустить Tor:
+ Перезагрузите устройство, невозможно переустановить Tor!
+ Использовать Iptables по умолчанию
+ Использовать встроенный файл iptables вместо поставляемого с Orbot
+ Исполняемые файлы Tor не смогли установиться или обновится.
+ Всегда отображать иконку в панели задач когда Orbot подключен
+ Постоянное уведомление о работе
+ Показать расширенное уведомление Tor со страной выхода и IP
+ Расширенные уведомления
+ Мосты включены!
+
+ Язык
+ Выбрать язык интерфейса для Orbot
+ Выбрать язык
+ Оставить по умолчанию или переключить текущий язык
+ основано на Tor
+ Сохранить настройки
+ Отсутствует подключение к интернету, Tor находится в режиме ожидания…
+ Канал:
+ к нам
+ от нас
+ Автозасыпание без сети
+ Переводить Tor в спящий режим при отсутствии интернета
+ Вы переключились на новый идентификатор Tor!
+ Проверить браузер
+ Использовать ChatSecure
+ Управление Tor
+ Разрешить приложению управлять сервисом Tor
+ Не похоже, что у вас установлен Orfox. Хотите справку на эту тему или просто открыть браузер?
+ Установить приложения?
+ Нет подключения к сети. Tor входит в режим сна...
+ Подключение к сети установлено. Tor просыпается...
+ обновление настроек в сервисе Tor
+ Tor SOCKS
+ Порт, на котором Tor предоставляет свой SOCKS-прокси (по умолчанию: 9050, 0 - для отключения)
+ Настройка порта SOCKS
+ Порт прозрачного прокси Tor
+ Порт, на котором Tor предоставляет свой прозрачный прокси (по умолчанию: 9040, 0 - для отключения)
+ Настройка порта прозрачного прокси
+ Порт DNS Tor
+ Порт, на котором Tor предоставляет свой DNS (по умолчанию: 5400, 0 - для отключения)
+ Настройка порта DNS
+ Пользовательские настройки Torrc
+ ТОЛЬКО ДЛЯ ЭКСПЕРТОВ: внесите настройки напрямую в строки файла конфигурации torrc
+ Пользовательские Torrc
+ Mobile Martus - приложение Benetech документация по правам человека
+ Ваши публичные IP-адреса Tor:
+ Пожалуйста, отключите эту программу в Android->Настройки->Приложения, если у вас возникли проблемы с Orbot:
+ Конфликт приложений
+ Автообновление прозрачного прокси
+ Повторно применить правила прозрачного прокси при изменении состояния сети
+ ПРИНУДИТЕЛЬНОЕ УДАЛЕНИЕ прозрачного прокси
+ Нажмите здесь, чтобы НЕМЕДЛЕННО очистить все сетевые правила прозрачного прокси
+ Правила прозрачного прокси удалены!
+ У вас не включён root-доступ
+ Возможно, потребуется остановить и запустить Orbot заново для подключения изменений настроек.
+ VPN
+ кбит/с
+ мбит/с
+ КБ
+ МБ
+ Мосты обновлены
+ Пожалуйста, перезапустите Orbot для вступления изменения в силу
+ QR-коды
+ Если ваша сеть мобильной связи активно блокирует Tor, вы можете использовать мосты Tor для доступа к сети. Выберите один из типов мостов выше, чтобы включить эту функцию.
+ Режим моста
+ Эл. почта
+ Сайт
+ Активация
+ VPN-режим приложений
+ Вы можете включить функцию перенаправления всех приложений на вашем устройстве через сеть Tor, используя функцию VPN в Android.\n\n* ПРЕДУПРЕЖДЕНИЕ * Это новая экспериментальная функция и в некоторых случаях может остановиться или не запуститься автоматически. Она не должна быть использована для анонимности, а ТОЛЬКО для прохождения фильтров и межсетевых экранов.
+ Отправить письмо
+ Вы можете получить адрес моста по электронной почте, с сайта или путём сканирования QR-кода. Выберите \"Эл. почта\" или \"Сайт\" ниже, чтобы запросить адрес моста.\n\nПолученный адрес скопируйте и вставьте его в разделе настроек Orbot \"Мосты\", после чего перезапустите приложение.
+ Установить Orfox
+ Стандартный браузер
+ ПРИМЕЧАНИЕ: только стандартные мосты Tor работают на устройствах Intel X86/Atom
+ Мир
+
diff --git a/res/values-si-rLK/strings.xml b/app/src/main/res/values-si-rLK/strings.xml
similarity index 99%
rename from res/values-si-rLK/strings.xml
rename to app/src/main/res/values-si-rLK/strings.xml
index 32a0f134..e4dc474e 100644
--- a/res/values-si-rLK/strings.xml
+++ b/app/src/main/res/values-si-rLK/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-sk-rSK/strings.xml b/app/src/main/res/values-sk-rSK/strings.xml
similarity index 63%
rename from res/values-sk-rSK/strings.xml
rename to app/src/main/res/values-sk-rSK/strings.xml
index 13a4974f..b7578c49 100644
--- a/res/values-sk-rSK/strings.xml
+++ b/app/src/main/res/values-sk-rSK/strings.xml
@@ -1,4 +1,4 @@
-
+
PomocníkPomocník
@@ -10,12 +10,6 @@
-
-
-
-
-
diff --git a/res/values-sk/strings.xml b/app/src/main/res/values-sk/strings.xml
similarity index 91%
rename from res/values-sk/strings.xml
rename to app/src/main/res/values-sk/strings.xml
index 593b5acf..2f648ef5 100644
--- a/res/values-sk/strings.xml
+++ b/app/src/main/res/values-sk/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -10,8 +10,7 @@
Orbot štartuje…Pripojený do Tor sieteOrbot je deaktivovaný
- Orbot sa vypína
- Štartujem Tor klienta…
+ Štartujem Tor klienta...hotovo.čakám.VAROVANIE: Váš prenos nie je ešte anonymný! Prosím, nakonfigurujte aplikácie aby používali HTTP proxy 127.0.0.1:8118 alebo SOCKS4A alebo SOCKS5 proxy server 127.0.0.1:9050
@@ -19,7 +18,6 @@
PrehliadaťNastaveniaPomocník
- AppsO aplikáciíPomocníkZatvoriť
diff --git a/res/values-sl/strings.xml b/app/src/main/res/values-sl/strings.xml
similarity index 94%
rename from res/values-sl/strings.xml
rename to app/src/main/res/values-sl/strings.xml
index 6c5756cd..1b8a4c6b 100644
--- a/res/values-sl/strings.xml
+++ b/app/src/main/res/values-sl/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -7,11 +7,10 @@
https://check.torproject.org/?TorButton=truezačni in ustavi Tortorproxyservice
- Orbot se zaganja…
+ Orbot se zaganja...Povezan v omrežje TorOrbot ni aktiviran
- Orbot se zaustavlja
- Zagon Tor klijenta…
+ Zagon Tor klijenta...končano.čakam.POZOR: Vaš promet še ni anonimen! Prosimo, nastavite vaše aplikacije da uporabijo HTTP posredniški strežnik 127.0.0.1:8118 ali SOCKS4A ali SOCKS5 posredniški strežnik 127.0.0.1:9050
@@ -20,11 +19,9 @@
NastavitveDnevnikPomoč
- ProgramiZačniUstaviO programu
- ČarovnikPrenesiNaložiPomoč
diff --git a/res/values-sn/strings.xml b/app/src/main/res/values-sn/strings.xml
similarity index 95%
rename from res/values-sn/strings.xml
rename to app/src/main/res/values-sn/strings.xml
index fdb4e7db..ad1cd1de 100644
--- a/res/values-sn/strings.xml
+++ b/app/src/main/res/values-sn/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://check.torproject.org
diff --git a/res/values-sq/strings.xml b/app/src/main/res/values-sq/strings.xml
similarity index 96%
rename from res/values-sq/strings.xml
rename to app/src/main/res/values-sq/strings.xml
index 19f4a4ca..5a7c9897 100644
--- a/res/values-sq/strings.xml
+++ b/app/src/main/res/values-sq/strings.xml
@@ -1,4 +1,4 @@
-
+
ShpiLundro
diff --git a/res/values-sr/strings.xml b/app/src/main/res/values-sr/strings.xml
similarity index 95%
rename from res/values-sr/strings.xml
rename to app/src/main/res/values-sr/strings.xml
index 42484d68..b3cc7ed5 100644
--- a/res/values-sr/strings.xml
+++ b/app/src/main/res/values-sr/strings.xml
@@ -1,12 +1,13 @@
-
+
Орбот
+ Орбот је бесплатна прокси апликација која даје моћ другим апликацијама да безбедније користе интернет. Орбот користи Тор за шифровање вашег интернет саобраћаја и онда га скрива слањем кроз низ рачунара широм света. Тор је слободан софтвер и отворена мрежа која помаже да се одбраните од разних облика надзора мрежа који угрожавају личну слободу и приватност, поверљиве пословне активности и личне односе и државне безбедности познате као анализа саобраћаја.http://orbot/http://check.torproject.orghttps://check.torproject.orghttps://check.torproject.org/?TorButton=trueпокрени и заустави Tor
- Тор прокси сервис
+ Тор прокси услугаОрбот се покреће...Повезан са Тор мрежомОрбот је деактивиран
@@ -19,6 +20,7 @@
ПодешавањаЛоговиПомоћ
+ ВПНКрениЗауставиО нама
@@ -194,4 +196,5 @@
Изаберите језикКористи подразумевајући или пребаци на тренутни језикСачувај подешавања
+ ВПН
diff --git a/res/values-sv/strings.xml b/app/src/main/res/values-sv/strings.xml
similarity index 98%
rename from res/values-sv/strings.xml
rename to app/src/main/res/values-sv/strings.xml
index c8b27c07..5654a28f 100644
--- a/res/values-sv/strings.xml
+++ b/app/src/main/res/values-sv/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot är en gratis proxyapp som möjliggör andra appar att använda internet mer säkert. Orbot använder Tor för att kryptera din internettrafik och döljer den genom att den studsar genom ett antal datorer världen över. Tor är fri programvara och ett öppet nätverk som hjälper dig att skydda dig mot en form av nätverksövervakning som hotar personlig integritet och frihet, hemliga affärsaktiviteter och relationer, och skyddar mot statlig övervakning även kallad trafikanalys.
@@ -277,6 +277,7 @@
Bryggor uppdateradeVänligen starta om Orbot för att aktivera ändringarnaQR-koder
+ Om ditt mobilnätverk aktivt blockerar Tor så kan du använda en brygga för att komma åt nätverket. VÄLJ en typ av brygga ovan för att aktivera bryggor.BrygglägeE-postWebb
diff --git a/res/values-ta/strings.xml b/app/src/main/res/values-ta/strings.xml
similarity index 83%
rename from res/values-ta/strings.xml
rename to app/src/main/res/values-ta/strings.xml
index 2961c0cc..5a24f449 100644
--- a/res/values-ta/strings.xml
+++ b/app/src/main/res/values-ta/strings.xml
@@ -1,4 +1,4 @@
-
+
ஆர்பாட் ஆர்பாட், இன்னும பாதுகாப்பான முறையில் இணைய பயன்படுத்த மற்ற பயன்பாடுகள் பலப்படுத்துகிறார் என்று ஒரு இலவச ப்ராக்ஸி பயன்பாடு ஆகும். ஆர்பாட் உங்கள் இணைய போக்குவரத்து குறியாக்க தோர் பயன்படுத்துகிறது மற்றும் அதன் பின்னர் உலகம் முழுவதும் கணினிகள் ஒரு தொடர் மூலம் எதிர்க்கிறது அதை மறுத்தவர். தோர் இலவச மென்பொருள் மற்றும் நீங்கள் போக்குவரத்து பகுப்பாய்வு என்ற தனிப்பட்ட சுதந்திரம் மற்றும் தனியுரிமை, ரகசிய வணிக நடவடிக்கைகள் மற்றும் உறவுகள், மற்றும் மாநில பாதுகாப்பை அச்சுறுத்தும் நெட்வொர்க் கண்காணிப்பு வடிவ எதிராக பாதுகாக்க உதவுகிறது என்று ஒரு திறந்த நெட்வொர்க் ஆகும்.
@@ -11,7 +11,6 @@
ஆர்பாட் துவங்குகிறது...தோர் நெட்வொர்க் இணைக்கப்பட்டஆர்பாட் நிறுத்தப்பட்டது
- Orbot நிறுத்தப்படுகிறதுதோர் துவங்கப்படுகிறது...முடிந்தது.காத்திருக்கிறது
@@ -21,11 +20,9 @@
அமைப்புகள்பதிவுகள்உதவி
- ஆப்ஸ்துவங்குநிறுத்துஆர்பாட் பற்றி
- வழிகாட்டிபதிவிறக்குபதிவேற்றுஉதவி
@@ -49,13 +46,23 @@
ஆர்பாட் பற்றிய தகவல்Orbot தோர், LibEvent மற்றும் Polipo கொண்டுள்ளது என்று ஒரு திறந்த மூல பயன்பாடு ஆகும். இது ஒரு local HTTP பதிலாள் (8118) மற்றும் தோர் நெட்வொர்க் ஒரு SOCKS ப்ராக்ஸி (9050) வழங்குகிறது. Orbot மேலும் தோர் மூலம் அனைத்து இணைய போக்குவரத்து அனுப்பும் திறனை, ROOTED சாதனத்தில் கொண்டிருக்கிறது.அனுமதி வழங்கப்பட்டது
+ டக் டக் கோ தேடுபொறி செயலி
+ பதிலாள் அமைப்புகள்
+ ஆர்பாட் தயாராக உள்ளது!
+ தயவு செய்து, ஆர்பாடை கட்மைத்த பின் பயன்படுத்தவும்
+ எச்சரிக்கை
+ அனுமதிகள்
+ ஆர்பாடுடன் செயல்படும் செயலிகள்
+ செயலிகளை தேர்ந்தெடு
+ பதிலாள் கடவுச்சொல் (கட்டாயமற்ற)
+ பதிலாள் கடவுச்சொல்லை உள்ளிடவும்
+ நிலை
- ஆப்ஸ்
diff --git a/res/values-th/strings.xml b/app/src/main/res/values-th/strings.xml
similarity index 99%
rename from res/values-th/strings.xml
rename to app/src/main/res/values-th/strings.xml
index efe4d5d7..81d5f0f1 100644
--- a/res/values-th/strings.xml
+++ b/app/src/main/res/values-th/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
diff --git a/res/values-tl/strings.xml b/app/src/main/res/values-tl/strings.xml
similarity index 51%
rename from res/values-tl/strings.xml
rename to app/src/main/res/values-tl/strings.xml
index 1953ff3c..25b99db0 100644
--- a/res/values-tl/strings.xml
+++ b/app/src/main/res/values-tl/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -10,7 +10,6 @@
Nagsisimula na ang Orbot…Konektado sa Tor networkNaka-deactivate ang Orbot
- Ang Orbot ay magsasara naBinubuksan ang Tor client…kumpleto na.nag-hihintay
@@ -20,11 +19,10 @@
SettingsTalaTulong
- Apps
+ VPNSimulanIhintoTungkol
- PantasDownloadUploadTulong
@@ -33,6 +31,7 @@
Linisin ang talaTiyakinLabasan
+ Ipamahagi ang BridgeQR- pindutin ng matagal para mag umpisa -Nanganganinag na pag Po-proxy (Kailangan ang Root)Nanganganinag na pag Po-proxy
@@ -58,6 +57,7 @@
KanselahinIlang detalye sa Orbot
+ Ang Orbot ay isang open-source application na naglalaman ng Tor, LibEvent at Polipo. Ito ay nagbibigay ng local HTTP proxy (8118) at SOCKS proxy (9050) sa Tor network. Ang Orbot ay nagbibigay din ng kakayahan, sa mga rooted device, na ipadala ang lahat ng trapiko sa internet sa pamamagitan ng Tor.Napahintulotan naPahintulot ng OrbotMahusay! Natuklasan namin na mayroon pahintulot ang Orbot para sa root. Gagamitin namin ito ng mabuti.
@@ -77,6 +77,7 @@
I-set ang Twitter proxy sa host \"localhost\" at port 8118https://guardianproject.info/2012/05/02/orbot-your-twitter/Proxy Settings
+ Kung ang ginagamit na Android app ay gumagamit ng HTTP o SOCKS proxy, ibig sabihin lang noon ay pwede mong isaayos para kumunekta sa Orbot sa paggamit ng Tor.\n\n\n Ang host settings ay 127.0.0.1 o \"localhost\". Para naan sa HTTP, ang port setting ay 8118. Para naman sa SOCKS, ang proxy ay 9050. Kailangan mong gamitin ang SOCKS4A o SOCKS5 kung posible.\n \n\n\n Mas marami kang matututunan sa proxying sa Android sa pamamagitan ng FAQ sa: http://tinyurl.com/proxyandroid .\n Handa na ang Orbot!Bubuksan nito ang iyong browser sa https://check.torproject.org para matignan kung ang Orbot ay na-kompigura at konektado ka sa Tor.
@@ -86,17 +87,22 @@
Kusang umpisahan ang Orbot at kumonekta sa Tor sa pag bukas ng iyong Android Device
+ Ang Orbot ang nagdala ng Tor sa Android!\n\nAng Tor ay tumutulong sa iyo na sanggain ang pagsala ng nilalaman, pag-analisa ng trapiko at pangmamatyag sa network na mapanganib sa iyong privacy, conpidensyal na impormasyon at personal na relasyon.\n\nAng wizard ang makakatulong sa iyo para isaayos ang Orbot at Tor sa iyong device.Babala
+ Sa pag-install nang Orbot, hindi nito awtomatikong ina-anonymize ang iyong trapiko sa iyong mobile.\n\nKailangan mong isaayos ng tama ang Orbot, sa iyong device at sa iba pang apps para matagumpay na magamit ang Tor.Mga PahintulotMaari mong piliin bigyan ng pahintulot ang Orbot ng \'Superuser\' access para ma-enable ang mga advanced features tulad ng Transparent Proxying.Kapag ayaw mo itong gawin, siguraduhing gumamit ng apps na ginawa upang gumana kasama ang Orbot.
+ Mukang ang iyong device ay hindi pa rooted o hindi nagbibigay ng daan sa root o \'Superuser\'.\n\nPakiusap, o hindi kaya subukan ang paraan ng \'Apps\' sa pangunahing screen.Orbot-Enabled AppsChatSecure: Isang secure chat app na may Off-the-Record Encryption
- Orweb: rivacy-enhanced browser na gumagana sa Tor
+ Orfox: Privacy-enhanced browser na gumagana sa pamamagitan ng Tor.Hanapin ang lahat ng Guardian Project apps sa Google Play
+ Hanapin ang lahat ng Guardian Project apps sa F-Droid
+ Hanapin ang lahat ng Guardian Project apps sa https://f-droid.orgTransparent ProxyingIto ay bibigyan ng pahintulot ang iyong mga apps na kusang mag-run sa Tor network kahit walang pag-kompigura na ginawa.
@@ -112,18 +118,37 @@
Entrance NodesFingerprints, nicks, mga bansa at mga address para sa unang luksoPumasok sa Entrance Nodes
+ Pahintulutan na magsimula sa background
+ Hayaan ang kahit anong app na sabihin kay Orbot na magsimula ng Tor at anumang malapit na serbisyo.
+ Proxy All
+ Proxy None
+ Baliktarin ang napiliOutbound Network Proxy (Optional)Outbound Proxy TypeMga protocol na gagamitin para sa proxy server: HTTP, HTTPS, Socks4, Socks5Ilagay ang Proxy Type
+ Outbound Proxy Host
+ Proxy Server hostnameIlagay ang Proxy Host
+ Outbound Proxy
+ Proxy Server PortIlagay ang Proxy port
+ Outbound Proxy Username
+ Proxy Username (Optional)
+ Ilagay ang Proxy Username
+ Outbound Proxy Password
+ Proxy Password (Optional)
+ Ilagay ang Proxy PasswordKatayuan
+ Isinasaayos ang kabuuang transparent proxying...
+ Isinasaayos ang app-based transparent proxying...Na i-enable na ang Transparent proxyingNa i-enable na ang TransProxy para sa Thethering!BABALA: error sa pag start ng transparent proxying!Nalinis na ang mga batas ng TransProxyHindi ma umpisahan ang proseso ng Tor:
+ Ang Polipo ay gumagana ngayon sa port:
+ Isinasaayos ang port-based transpaprent proxying...Error sa BridgePara magamit ang feature ng bridge, kailangan mong mag lagay ng kahit isang bridge IP address.Magpadala ng email sa bridges@torproject.org na mayroong linyang \"get bridges\" at wala ng iba pang kasama sa katawa ng email gamit ang isang gmail account.
@@ -135,5 +160,90 @@
Enter Exit NodesHindi kasama ang NodesFingerprints, nicks, mga bansa at mga address na hindi isasama
+ Enter Exclude Nodes
+ Strict Nodes
+ Gumamit ng *only* sa mga ispesipikong nodes
+ Bridges
+ Gumamit ng Bridges
+ Obfuscated Bridges
+ I-enable ang kahaliling entrance nodes sa Tor Network
+ I-enable kung ang naisaayos na bridges ay obfuscated bridges
+ IP address at port ng bridges
+ Ilagay ang Bridge Addresses
+ Relays
+ Relaying
+ I-enable ang iyong device na non-exit relay
+ Relay Port
+ Pinapakinggan ang port para sa iyong Tor relay
+ I-lagay ang OR port
+ Relay nickname
+ Ang nickname para sa iyong Tor relay
+ I-lagay ang pasadyang relay nickname
+ Reachable Addresses
+ Patakbuhin bilang kliente sa likod ng firewall na may istriktong polisiya
+ Reachable Ports
+ Ports reachable sa likod ng istriktong firewall
+ I-lagay ang ports
+ Nakatagong Service Hosting
+ pahintulutan sa on-device server na maging malalapitan sa pamamagitan ng Tor network
+ I-lagay ang localhost ports para sa nakatagong serbisyo
+ Tagong Service Ports
+ ang addressable na pangalan sa iyong tagong serbisyo (awtomatikong nabuo)
+ paganahiin ang debug log para sa output (kailangang gamitin ang adb o aLogCat para makita)
+ Project Home(s):
+ https://www.torproject.org/docs/android\nhttps://guardianproject.info/apps/orbot/
+
+ Ang Tor License
+ https://torproject.org
+ 3rd-Party-Software:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.org
+ May app na gustong buksan ang nakatagong server port %S sa Tor network. Ito ay ligtas kung pinagkakatiwalaan ang app.
+ nakakita ng umiiral na Tor process...
+ May nangyaring masama. Tingnan ang log
+ nakatagong serbisyo sa:
+ hindi mabasa ang pangalan ng tagong serbisyo
+ Hindi masimulan ang Tor:
+ I-reboot ang iyong device, hindi ma-reset ang Tor!
+ Gumamit ng Default na Iptables
+ gamitin ang built-in iptables binary kaysa sa isang nabigkis kasama ng Orbot
+ Ang Tor binaries ay hindi ma-install o ma-upgrade.
+ Palaging panatilihin ang icon sa toolbar kapag ang Orbot ay naka-connect
+ Palaging i-On ang Notifications
+ Ipakita ang pinalaking notification kasama ng Tor exit country at IP
+ Pinalawak na Notifications
+ Bridges enabled!
+ Wika
+ Pumili ng locale at wika para sa Orbot
+ Pumili ng Wika
+ Iwanang default o palitan ang kasalukuyang wika
+ powered by Tor
+ I-Save ang Settings
+ Walang connection sa internet; Ang Tor ay naka-standby mode...
+ Bandwidth:
+ baba
+ taas
+ Walang Auto-Sleep sa Network
+ Ilagay ang Tor sa sleep kapag walang internet na pwede
+ Ikaw ay nagpalit ng bagong pagkakakilanlan sa Tor!
+ Browser
+ Gamitin ang ChatSecure
+ Manage Tor
+ VPN
+ kbps
+ mbps
+ KB
+ MB
+ Email
+ Web
+ Activate
+ Apps VPN Mode
+ Send Email
+ I-install ang Orfox
+ Standard Browser
+ Mundo
diff --git a/res/values-tr/strings.xml b/app/src/main/res/values-tr/strings.xml
similarity index 99%
rename from res/values-tr/strings.xml
rename to app/src/main/res/values-tr/strings.xml
index 8958de8e..ac750255 100644
--- a/res/values-tr/strings.xml
+++ b/app/src/main/res/values-tr/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot başka uygulamaların interneti daha güvenli olarak kullanmasını sağlayan ücretsiz bir proxy uygulamasıdır. Orbot Tor\'u kullanarak internet trafiğinizi şifreler ve dünya üzerindeki pek çok farklı bilgisayardan geçirerek gizler. Tor sizin kişisel özgürlüğünüzü ve mahremiyetinizi, gizli ticari aktivitelerinizi ve bağlantılarınızı koruma altına alan bir yazılım ve açık ağdır.
diff --git a/res/values-uk/strings.xml b/app/src/main/res/values-uk/strings.xml
similarity index 99%
rename from res/values-uk/strings.xml
rename to app/src/main/res/values-uk/strings.xml
index a57001dd..9672e2c2 100644
--- a/res/values-uk/strings.xml
+++ b/app/src/main/res/values-uk/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot — це вільна програма для проксі-з\'єднань, яка дозволяє іншим додаткам безпечніше використовувати інтернет-з\'єднання. Orbot використовує Tor для шифрування інтернет-трафіку, який далі приховується під час пересилання через кілька комп\'ютерів у різних частинах планети. Tor є вільним програмним забезпеченням, а також відкритою мережею, що допомагає захиститися від мережевого стеження, яке загрожує особистій свободі та приватному життю, конфіденційній бізнес-діяльності і контактам, а також державної програми безпеки, що відома як аналіз трафіку.
diff --git a/res/values-ur/strings.xml b/app/src/main/res/values-ur/strings.xml
similarity index 69%
rename from res/values-ur/strings.xml
rename to app/src/main/res/values-ur/strings.xml
index c484ae7e..21abd16d 100644
--- a/res/values-ur/strings.xml
+++ b/app/src/main/res/values-ur/strings.xml
@@ -1,4 +1,4 @@
-
+
براؤز کیجیےمدد
@@ -13,12 +13,6 @@
-
-
-
-
-
diff --git a/res/values-uz/strings.xml b/app/src/main/res/values-uz/strings.xml
similarity index 95%
rename from res/values-uz/strings.xml
rename to app/src/main/res/values-uz/strings.xml
index 0fe7e1f8..785d9672 100644
--- a/res/values-uz/strings.xml
+++ b/app/src/main/res/values-uz/strings.xml
@@ -1,4 +1,4 @@
-
+
Orbothttp://orbot/
@@ -10,7 +10,6 @@
UyMoslamalarYordam
- DasturlarDastur haqidaYuklab olishYuklash
@@ -40,7 +39,7 @@
XatoTor litsenziyasihttps://torproject.org
- Mavjud bo\'lgan Tor jarayoni topildi…
+ Mavjud bo\'lgan Tor jarayoni topildi...Orbot uchun lokal va tilni tanlashTilni tanlansh
diff --git a/app/src/main/res/values-vi/strings.xml b/app/src/main/res/values-vi/strings.xml
new file mode 100644
index 00000000..6562b4eb
--- /dev/null
+++ b/app/src/main/res/values-vi/strings.xml
@@ -0,0 +1,293 @@
+
+
+ Orbot
+ Orbot là một ứng dụng proxy miễn phí, được thiết kế để làm cho các ứng dụng khác kết nối với Internet một cách an toàn. Orbot sử dụng Tor để mã hóa các kết nối Internet rồi ẩn danh nó thông qua một loạt các nút trong mạng Tor. Tor là phần mềm miễn phí và là một mạng lưới mở giúp bạn chống lại sự giám sát mạng, vốn đe dọa riêng tư trực tuyến, hay các hoạt động bí mật...
+ http://orbot/
+ http://check.torproject.org
+ https://check.torproject.org
+ https://check.torproject.org/?TorButton=true
+ khởi động và ngừng Tor
+ dịch vụ tor proxy
+ Ortbot đang khởi động...
+ Đã kết nối với mạng Tor
+ Orbot đã được vô hiệu hóa
+ Đang tắt dịch vụ Tor
+ Bắt đầu Tor
+ hoàn thành.
+ đang chờ.
+ Chú ý: Kết nối của bạn chưa phải là ẩn danh! Hãy cài đặt các ứng dụng của bạn để sử dụng HTTP Proxy 127.0.0.1:8118, Proxy SOCKS4A hoặc proxy SOCKS5 127.0.0.1:9050
+ Trang chủ
+ Trình duyệt
+ Thiết lập
+ Nhật ký
+ Giúp đỡ
+ Mạng riêng ảo
+ Bắt đầu
+ Ngừng
+ Về
+ Các ứng dụng khác...
+ Tải về
+ Tải lên
+ Giúp đỡ
+ Đóng
+ Giới thiệu
+ Xóa nhật ký
+ Kiểm tra
+ Thoát
+ Quét mã BridgeQR
+ Xuất mã BridgeQR
+ - nhấn giữ để khởi động -
+ Proxy trong suốt (Yêu cầu root)
+ Proxy trong suốt
+ Tự động áp dụng Tor cho ứng dụng
+ Áp dụng Tor cho tất cả ứng dụng
+ Chuyển tất cả các kết nối của các ứng dụng qua Tor
+ Cổng Proxy dự phòng
+ CHÚ Ý: Tránh dùng các cổng thông dụng (80, 443, v.v...). *CHỈ* dùng nếu chế độ \"áp dụng Tor cho tất cả\" hoặc \"chọn ứng dụng\" không dùng được.
+ Danh sách cổng
+ Liệt kê các cổng để áp dụng proxy. *CHỈ* dùng nếu chế độ \"áp dụng Tor cho tất cả\" hoặc \"chọn ứng dụng\" không dùng được.
+ Điền số cổng để áp dụng proxy
+ Yêu cầu root
+ Yêu cầu root để kích hoạt proxy trong suốt
+ Tập nhị phân của Tor đã được cài đặt!
+ Tập nhị phân của Tor bị lỗi khi cài đặt. Xin hãy kiểm tra nhật ký và thông báo cho tor-assistants@torproject.org
+ Ứng dụng bị lỗi
+ Orbot
+ Về Orbot
+ Tiếp
+ Trở về
+ Kết thúc
+ Đồng ý
+ Hủy
+
+ Vài chi tiết về Orbot
+ Orbot là một ứng dụng mã nguồn mở có chứa Tor, LibEvent và Polipo. Nó cung cấp một proxy HTTP nội bộ (8118) và một proxy SOCKS (9050) tới mạng Tor. Orbot cũng có khả năng chuyển tất cả các kết nối Internet thông qua Tor trên các thiết bị đã root.
+ Đã cho phép quyền
+ Quyền truy cập của Orbot
+ Tuyệt! Chúng tôi đã nhận ra máy bạn có root được kích hoạt cho Orbot. Chúng tôi sẽ tận dụng điều này.
+ Mặc dù không cần thiết, nhưng Orbot có thể trở thành một công cụ mạnh mẽ hơn nếu thiết bị của bạn có root. Hãy ấn nút dưới đây để cho phép Orbot có \"siêu năng lực\"!
+ Nếu bạn không root hoặc không rành về những gì chúng tôi trình bày, xin chỉ dùng những ứng dụng đã được tạo ra để dùng kết hợp với Orbot.
+ Tôi hiểu rõ và sẽ tiếp tục dùng mà không cần root
+ Cho phép Orbot truy cập root
+ Cài đặt thông báo cho Tor
+ Orbot cho phép chuyển tất cả các kết nối của các ứng dụng qua Tor HOẶC áp dụng cho từng ứng dụng riêng lẻ.
+ Áp dụng proxy Tor cho tất cả các ứng dụng
+ Lựa chọn từng ứng dụng để áp dụng Tor
+ Các ứng dụng đã được áp dụng Tor
+ Những ứng dụng sau đây đã được thiết lập để dùng với Orbot. Nhấn ứng dụng bất kỳ để cài đặt ngay bây giờ, hoặc bạn có thể tìm những ứng dụng này trên Google Play, tại trang GuardianProject.info hoặc qua F-Droid.org.
+ ChatSecure - Ứng dụng IM (tin nhắn tức thời) bảo mật cho Android
+ Cài đặt Proxy - Tìm hiểu cách thiết lập ứng dụng để dùng với Orbot
+ Ứng dụng tìm kiếm DuckDuckGo
+ Cài proxy của Twitter với host là \"localhost\" và cổng là 8118
+ StoryMaker - Viết một câu chuyện rồi để nó cho Tor để bảo mật!
+ https://guardianproject.info/2012/05/02/orbot-your-twitter/
+ Cài đặt proxy
+ Nếu ứng dụng Android mà bạn đang dùng hỗ trợ giao thức proxy HTTP hay SOCKS, thì bạn có thể cấu hình nó kết nối tới Orbot và sử dụng Tor.\n\n\n Cài đặt host mặc định là 127.0.0.1 hoặc \"localhost\". Với HTTP, cổng là 8118, còn SOCKS là 9050. Bạn nên dùng SOCKS4A hoặc SOCKS5 nếu có thể.\n \n\n\n Bạn có thể tìm hiểu thêm về cấu hình proxy trên Android qua mục FAQ tại: http://tinyurl.com/proxyandroid
+ Orbot đã sẵn sàng!
+ Hàng trăm ngàn người trên toàn thế giới dùng Tor với nhiều lý do. Những nhà báo, blogger, các nhà hoạt động nhân quyền, an ninh, quân đội, tổ chức, công dân của những nước bị đang bị đàn áp, hoặc chỉ là những người dân bình thường... và bây giờ là bạn cũng đang chuẩn bị là một trong số họ!
+ Vui lòng thiết lập Orbot trước khi bạn sử dụng nó!
+
+ Bạn đã kết nối thành công tới mạng Tor - nhưng điều đó KHÔNG có nghĩa là thiết bị của bạn đã hoàn toàn an toàn. Bạn có thể kiểm tra kết nối của bạn qua nút \"Trình duyệt\". \n\nTruy cập ttps://guardianproject.info/apps/orbot hoặc gửi email tới help@guardianproject.info để biết thêm chi tiết.
+ Sẽ mở trang web https://check.torproject.org để kiểm tra xem Orbot đã được cài đặt đúng chưa và bạn có đang kết nối qua Tor hay không.
+ Dịch vụ web hosting ẩn
+ Tổng quát
+ Chạy Orbot khi khởi động thiết bị
+ Tự khởi động Orbot và kết nối vào mạng Tor sau khi thiết bị Android của bạn khởi động
+
+
+ Orbot mang Tor đến Android! \n\nTor giúp bạn chống lại bộ lọc nội dung mạng, các hoạt động phân tích kết nối mạng và theo dõi mạng, vốn đe dọa tới sự riêng tư, các thông tin bí mật và các mối quan hệ cá nhân trên mạng. \n\nHướng dẫn này sẽ giúp bạn thiết lập Orbot và Tor trên thiết bị của bạn.
+
+ Cảnh báo
+ Chỉ đơn thuần cài đặt Orbot sẽ không tự động ẩn danh các kết nối mạng di động của bạn.\n\nBạn bắt buộc phải thiết lập Orbot đúng cách, để thiết bị của bạn và các ứng dụng khác sử dụng Tor.
+
+ Quyền ứng dụng
+ Bạn có thể tuỳ ý cho phép Orbot có truy cập root để kích hoạt những tính năng nâng cao, như dùng proxy trong suốt chẳng hạn.
+ Nếu bạn không muốn làm điều này, xin hãy dùng những ứng dụng được tạo để dùng với Orbot.
+ Thiết bị của bạn hình như chưa root hoặc đã cấp quyền root hoặc truy cập root.\n\nVui lòng chọn chế độ \"VPN\" trên màn hình chính để thay thế.
+
+ Các ứng dụng đã được áp dụng Orbot
+ ChatSecure: ứng dụng chat an toàn với mã hóa không-theo-dõi
+ Orfox: Trình duyệt với tính năng bảo mật nâng cao, hoạt động thông qua Tor
+ Tìm những ứng dụng của Guardian Project trên Google Play
+ Tìm những ứng dụng của Guardian Project trên F-Droid
+ Tìm những ứng dụng của Guardian Project trên https://f-droid.org
+
+ Proxy trong suốt
+ Cài đặt này cho phép các ứng dụng của bạn tự động kết nối qua mạng Tor mà không cần thiết lập.
+ (Hãy chọn ô này nếu bạn không hiểu những gì chúng tôi đang nói)
+ Không có
+ Tor Tethering
+ Kích hoạt proxy Tor trong suốt để dùng cho WiFi/USB Tethering (cần khởi động lại)
+ Yều cầu truy cập root
+ Chọn ứng dụng
+ Chọn những ứng dụng mà bạn muốn kết nối qua Tor
+ Cấu hình nút
+ Những cài đặt nâng cao này có thể giảm sự ẩn danh của bạn
+ Nút vào (Entrace Nodes)
+ Dấu theo dõi (Fingerprint), biệt hiệu, quốc gia và địa chỉ cho nút đầu tiên
+ Nhập thông tin nút vào
+ Cho phép khởi động ngầm
+ Cho phép ứng dụng bất kỳ yêu cầu Orbot khởi động Tor và các dịch vụ liên quan
+ Proxy tất cả
+ Không dùng proxy
+ Đảo ngược lựa chọn
+ Proxy mạng ngõ ra (Outbound Network) (Tùy chọn)
+ Loại proxy ngõ ra
+ Giao thức dùng cho proxy: HTTP, HTTPS, SOCKS4, SOCKS5
+ Nhập loại proxy
+ Host proxy ngõ ra
+ Hostname của proxy
+ Nhập host của proxy
+ Cổng Proxy ngõ ra
+ Cổng của proxy
+ Nhập cổng Proxy
+ Tên tài khoản proxy ngõ ra
+ Tên tài khoản proxy (tùy chọn)
+ Nhập tên tài khoản proxy
+ Mật khẩu Proxy ngõ ra
+ Mật khẩu proxy (tùy chọn)
+ Nhập mật khẩu proxy
+ Tình trạng
+ Đang cấu hình proxy trong suốt cho tất cả...
+ Đang cấu hình proxy trong suốt cho các ứng dụng được chọn...
+ Proxy trong suốt ĐƯỢC KÍCH HOẠT
+ TransProxy đã được kích hoạt để dùng cho tethering!
+ CHÚ Ý: có lỗi khi khởi động proxy trong suốt!
+ Quy tắc TransProxy đã được xóa
+ Không thể khởi động tiến trình Tor:
+ Polipo đang chạy ở cổng:
+ Đang cài đặt proxy trong suốt theo cổng
+ Lỗi bridge
+ Để dùng chức năng bridge, bạn phải nhập ít nhất một địa chỉ IP dùng cho bridge.
+ Gửi một email đến bridges@torproject.org với dòng chữ \"get bridges\" trong thư từ một tài khoản gmail.
+ Lỗi
+ Thiết lập ReachableAddresses đã gây ra một vấn đề!
+ Thiết lập relay của bạn đã gây ra một vấn đề!
+ Nút cuối (Exit Nodes)
+ Dấu theo dõi, biệt hiệu, quốc gia và địa chỉ cho nút cuối cùng
+ Nhập thông tin nút cuối
+ Loại trừ nút
+ Dấu theo dõi, biệt hiệu, quốc gia và địa chỉ để loại trừ
+ Nhập vào những nút để loại trừ
+ Nút chỉ định
+ *Chỉ* dùng những nút được liệt kê
+ Bridge
+ Dùng bridge
+ Các bridge được che giấu
+ Kích hoạt các nút vào khác để vào mạng Tor
+ Kích hoạt nếu như các bridge đã được cấu hình là bridge đã được che giấu
+ Địa chỉ IP và cổng của bridge
+ Nhập địa chỉ bridge
+ Relay
+ Chức năng relay
+ Cho phép thiết bị bạn trở thành một nút relay (không phải nút cuối)
+ Cổng cho relay
+ Cổng tiếp nhận cho việc relay
+ Nhập cổng OR
+ Biệt hiệu nút relay
+ Biệt hiệu cho nút Tor-relay của bạn
+ Nhập biệt hiệu tuỳ ý
+ Địa chỉ truy cập được (Reachable Addresses)
+ Chạy như một máy con (client) đằng sau tường lửa với các thiết lập thu hẹp
+ Cổng truy cập được
+ Cổng truy cập được đằng sau tường lửa
+ Nhập số cổng
+ Host web ẩn
+ Cho phép máy chủ được thiết lập trong thiết bị của bạn có thể truy cập được qua mạng Tor.
+ Nhập cổng localhost cho web ẩn
+ Cổng web ẩn
+ Địa chỉ hợp lệ cho web ẩn của bạn (được tự động tạo ra)
+ Kích hoạt nhật ký gỡ lỗi ở đầu ra (phải dùng adb hoặc aLogCat để xem)
+ Các trang chủ dự án:
+ https://www.torproject.org/docs/android\nhttps://guardianproject.info/apps/orbot/
+ Giấy phép của Tor
+ https://torproject.org
+ Phần mềm bên thứ 3:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.org
+ Một ứng dụng muốn mở cổng ẩn %S đến mạng Tor. Đây là điều an toàn nếu như bạn tin tưởng vào ứng dụng này.
+ tìm ra tiến trình hiện hành của Tor...
+ Có gì đó không ổn. Xin xem lại nhật ký
+ web ẩn trong:
+ không thể đọc được tên dịch vụ ẩn
+ Không thể khởi động Tor được:
+ Khởi động lại thiết bị của bạn, không thể thiết đặt lại Tor!
+ Dùng Iptables mặc định
+ dùng tập nhị phân iptables của hệ thống thay vì dùng tập nhị phân được đi kèm với Orbot
+ Tập nhị phân của Tor không thể cài hoặc nâng cấp được.
+ Luôn giữ thông báo trong thanh trạng thái khi Orbot được kết nối
+ Thông báo thường trực
+ Hiển thị thông báo mở rộng với IP và quốc gia của nút cuối (Tor exit-node)
+ Thông báo mở rộng
+ Bridge đã được kích hoạt!
+
+ Ngôn ngữ
+ Chọn ngôn ngữ cho Orbot
+ Chọn ngôn ngữ
+ Giữ cài đặt mặc định hoặc chuyển qua ngôn ngữ khác
+ được hỗ trợ bởi Tor
+ Lưu thiết lập
+ Không có kết nối Internet; Tor đang ở chế độ chờ...
+ Băng thông:
+ tải xuống
+ tải lên
+ Tự động \"ngủ\" khi không có mạng
+ Chuyển Tor sang chế độ ngủ nếu không có Internet
+ Bạn đã chuyển sang một mạch Tor mới!
+ Trình duyệt
+ Dùng ChatSecure
+ Quản lý Tor
+ Cho phép ứng dụng này điều khiển dịch vụ Tor
+ Có vẻ như bạn chưa cài Orfox. Bạn có cần giúp không, hay chỉ cần mở trình duyệt thường thôi?
+ Cài đặt ứng dụng?
+ Không có mạng. Đang chuyển Tor sang chế độ ngủ...
+ Kết nối mạng tốt. Đang \"đánh thức\" Tor...
+ đang cập nhật cài đặt dịch vụ Tor
+ Cổng SOCKS
+ Cổng để Tor đặt proxy SOCKS lên (mặc định: 9050 hoặc 0 để vô hiệu hóa)
+ Cấu hình cổng SOCKS
+ Cổng proxy trong suốt của Tor
+ Cổng để Tor đặt proxy trong suốt lên (mặc định: 9040 hoặc 0 để vô hiệu hóa)
+ Cấu hình cổng proxy trong suốt
+ Cổng DNS Tor
+ Cổng để Tor đặt DNS của nó lên (mặc định: 5400 hoặc 0 để vô hiệu hóa)
+ Cấu hình cổng DNS
+ Cấu hình tùy chỉnh cho Torrc
+ CHỈ NGƯỜI DÙNG CHUYÊN MÔN: nhập các thiết lập trực tiếp cho torrc
+ Torrc tùy chỉnh
+ Mobile Martus - Ứng dụng cung cấp các tài liệu về nhân quyền của Benetech
+ Các IP Tor công cộng của bạn là:
+ Vui lòng vô hiệu hóa ứng dụng này trong Android->Settings->Apps nếu bạn đang gặp vấn đề với Orbot:
+ Xung đột ứng dụng
+ Tự động làm mới proxy trong suốt
+ Áp dụng lại các quy tắc proxy trong suốt khi trạng thái mạng thay đổi
+ ÉP BUỘC XÓA các quy tắc proxy trong suốt
+ Chạm vào đây để xóa sạch các quy tắc proxy trong suốt NGAY BÂY GIỜ
+ Quy tắc proxy trong suốt đã được xóa!
+ Bạn không có quyền truy cập ROOT
+ Bạn có thể cần kết nối lại Orbot để các thay đổi được áp dụng
+ VPN
+ kbps
+ mbps
+ KB
+ MB
+ Bridge được cập nhật
+ Vui lòng khởi động lại Orbot để áp dụng thay đổi
+ Mã QR
+ Nếu như mạng di động của bạn chặn Tor, bạn có thể dùng bridge (cầu nối) để truy cập mạng Tor. CHỌN một trong những bridge ở trên để kích hoạt bridge.
+ Chế độ bridge
+ Email
+ Web
+ Kích hoạt
+ Chế độ ứng dụng VPN
+ Bạn có thể làm cho tất cả ứng dụng của bạn kết nối qua mạng Tor bằng cách sử dụng tính năng VPN (Mạng riêng ảo) của Android.\n\n*CHÚ Ý* Đây là một tính năng mới, đang thử nghiệm và nó có thể không tự động chạy, hoặc có thể dừng lại đột ngột. Nó KHÔNG nên được dùng cho ẩn danh, và chỉ nên dùng để vượt qua các tường lửa và bộ lọc.
+ Gửi email
+ Bạn có thể lấy một địa chỉ bridge qua email, web hoặc quét mã QR. Chọn \"Email\" hoặc \"Web\" bên dưới để yêu cầu một địa chỉ bridge.\n\nMột khi đã có địa chỉ, hãy sao chép nó vào thiết đặt \"Bridge\" trong cài đặt Orbot rồi khởi động lại phần mềm.
+ Cài đặt Orfox
+ Trình duyệt thường
+ LƯU Ý: Chỉ có bridge Tor chuẩn mới hoạt động trên các thiết bị Intel x86/Atom
+ Toàn cầu
+
diff --git a/res/values-zh-rCN/strings.xml b/app/src/main/res/values-zh-rCN/strings.xml
similarity index 99%
rename from res/values-zh-rCN/strings.xml
rename to app/src/main/res/values-zh-rCN/strings.xml
index fdfe180f..e050c23f 100644
--- a/res/values-zh-rCN/strings.xml
+++ b/app/src/main/res/values-zh-rCN/strings.xml
@@ -1,4 +1,4 @@
-
+
OrbotOrbot 是一款免费的代理应用,能够让其他应用更安全地使用互联网。通过在位于世界各地的一系列计算机之间进行跳转,Orbot 可利用 Tor 对网络通信进行加密并隐藏。Tor 是一款免费的软件,并且是一个开放的网络。它可以保护用户免受流量分析的危害,这种网络监控可对个人自由与隐私、商业机密活动和关系以及国家安全造成威胁。
diff --git a/res/values-zh-rTW/strings.xml b/app/src/main/res/values-zh-rTW/strings.xml
similarity index 59%
rename from res/values-zh-rTW/strings.xml
rename to app/src/main/res/values-zh-rTW/strings.xml
index 31b055f2..b255c75c 100644
--- a/res/values-zh-rTW/strings.xml
+++ b/app/src/main/res/values-zh-rTW/strings.xml
@@ -1,8 +1,8 @@
-
+
Orbot
- Orbot是一款強力而免費的proxy應用程式用來保護其他應用的上網安全。
-orbot使用tor
+ Orbot是一款免費的網絡代理應用程式,用來保護其他應用程式的上網安全。
+Orbot使用Tor在全球一系列的電腦間跳躍,以便隱藏網路流量並加密。Tor是個免費軟體也是個開放網路,能幫您抵禦流量分析。它是某一種網路監控,牽涉到個人的自由與隱私、商業部分的機密關係和活動、甚至國家安全。http://orbot/http://check.torproject.orghttps://check.torproject.org
@@ -10,9 +10,9 @@ orbot使用tor
開始和停止 Tortor 代理服務Orbot 正在啟動中...
- 連接至 Tor 網路
+ 已連線至 Tor 網路Orbot 已停用
- Orbot 已關閉
+ Tor服務 正在關閉啟動Tor 用戶端...完成。等待。
@@ -22,11 +22,11 @@ orbot使用tor
設定記錄檔說明
- 應用程式
+ VPN開始停止關於
- 精靈
+ 取得應用程式…下載上傳說明
@@ -35,13 +35,16 @@ orbot使用tor
清除記錄檔檢查離開
+ 掃描連接橋QR
+ 分享連接橋QR- 請長按以開始 - 通透式代理伺服器(需要 Root)通透式代理伺服器自動啟動 Tor於應用程式Tor Everything
- 所有應用程式皆通過Tor 代理伺服器
- 返回代理伺服器連接埠
+ 所有應用程式皆透過Tor 代理伺服器
+ 備用連接埠代理
+ 警告: 避免常用的埠口(80、443等等)。在「所有」或是「App」模式都失效的時候*才使用*。埠清單輸入代理埠請求 Root 存取權
@@ -52,13 +55,16 @@ orbot使用tor
關於 Orbot前進返回
+ 結束
+ 確定取消Orbot 的一些詳細資料
- 已取得許可權
- Orbot 許可權
+ Orbot是個開源的應用程式,包含了Tor,LibEvent和Polipo。它提供了本地HTTP代理 (8118)和SOCKS代理 (9050)以進入Tor網路。Orbot也能夠在已Root的裝置上,以Tor傳送所有的網路流量。
+ 已取得權限
+ Orbot 權限組態 Tor 網路
- 所有應用程式都通過 Tor 代理
+ 所有應用程式都透過 Tor 代理DuckDuckGo 搜尋引擎應用程式https://guardianproject.info/2012/05/02/orbot-your-twitter/代理伺服器設定
@@ -70,20 +76,41 @@ orbot使用tor
警告
- 許可權
+ 權限在 Google Play 尋找所有的 Guardian Project 應用程式通透式代理無選擇應用程式
+ 反向選擇狀態錯誤輸入埠專案首頁:
+ https://torproject.org
+ 第三方軟體:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.org
+ 語言選擇語言儲存設定
+ 瀏覽器
+ 管理 Tor安裝應用程式?
- 應用程式
+ Tor SOCKS
+ Tor DNS 埠
+ VPN
+ kbps
+ mbps
+ KB
+ MB
+ QR 碼
+ 寄送電子信件
+ 標準版瀏覽器
+ 世界
diff --git a/res/values/arrays.xml b/app/src/main/res/values/arrays.xml
similarity index 100%
rename from res/values/arrays.xml
rename to app/src/main/res/values/arrays.xml
diff --git a/res/values/colors.xml b/app/src/main/res/values/colors.xml
similarity index 100%
rename from res/values/colors.xml
rename to app/src/main/res/values/colors.xml
diff --git a/res/values/dimens.xml b/app/src/main/res/values/dimens.xml
similarity index 100%
rename from res/values/dimens.xml
rename to app/src/main/res/values/dimens.xml
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
new file mode 100644
index 00000000..bef8abe7
--- /dev/null
+++ b/app/src/main/res/values/strings.xml
@@ -0,0 +1,339 @@
+
+
+ Orbot
+ Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.
+ http://orbot/
+ http://check.torproject.org
+ https://check.torproject.org
+ https://check.torproject.org/?TorButton=true
+ start and stop Tor
+ torproxyservice
+ Orbot is starting…
+ Connected to the Tor network
+ Orbot is deactivated
+ TorService is shutting down
+ Starting Tor client…
+ complete.
+ waiting.
+ WARNING: Your traffic is not anonymous yet! Please configure your applications to use HTTP proxy 127.0.0.1:8118 or SOCKS4A or SOCKS5 proxy 127.0.0.1:9050
+ Home
+ Browse
+ Settings
+ Log
+ Help
+ VPN
+ Start
+ Stop
+ About
+ Get apps…
+ Download
+ Upload
+ Help
+ Close
+ About
+ Clear Log
+ Check
+ Exit
+ Scan BridgeQR
+ Share BridgeQR
+ - long press to start -
+ Transparent Proxying (Requires Root)
+ Transparent Proxying
+ Automatic Torifying of Apps
+ Tor Everything
+ Proxy traffic for all apps through Tor
+ Port Proxy Fallback
+ WARNING: Circumvents common ports (80, 443, etc). *USE ONLY* if \'All\' or \'App\' mode doesn\'t work.
+ Port List
+ List of ports to proxy. *USE ONLY* if \'All\' or \'App\' mode doesn\'t work
+ Enter ports to proxy
+ Request Root Access
+ Request root access for transparent proxying
+ Tor binaries successfully installed!
+ The Tor binary files were unable to be installed. Please check the log and notify tor-assistants@torproject.org
+ Application Error
+ Orbot
+ About Orbot
+ Next
+ Back
+ Finish
+ Okay
+ Cancel
+
+ Some Orbot Details
+ Orbot is an open-source application that contains Tor, LibEvent and Polipo. It provides a local HTTP proxy (8118) and a SOCKS proxy (9050) into the Tor network. Orbot also has the ability, on rooted device, to send all internet traffic through Tor.
+ Permission Granted
+ Orbot Permissions
+ Excellent! We\'ve detected that you have root permissions enabled for Orbot. We will use this power wisely.
+ While it is not required, Orbot can become a more powerful tool if your device has root access. Use the button below to grant Orbot superpowers!
+ If you don\'t have root access or have no idea what we\'re talking about, just be sure to use apps made to work with Orbot.
+ I understand and would like to continue without Superuser
+ Grant Root for Orbot
+ Configure Torification
+ Orbot gives you the option to route all application traffic through Tor OR to choose your applications individually.
+ Proxy All Apps Through Tor
+ Select Individual Apps for Tor
+ Orbot-enabled Apps
+ The apps below were developed to work with Orbot. Click each button to install now, or you can find them later on Google Play, at GuardianProject.info website or via F-Droid.org.
+ ChatSecure - Secure instant messaging client for Android
+ Proxy Settings - Learn how to configure apps to work with Orbot
+ DuckDuckGo Search Engine app
+ Set Twitter proxy to host \"localhost\" and port 8118
+ StoryMaker - Make a story and leave it to tor for security!
+ https://guardianproject.info/2012/05/02/orbot-your-twitter/
+ Proxy Settings
+ If the Android app you are using can support the use of an HTTP or SOCKS proxy, then you can configure it to connect to Orbot and use Tor.\n\n\n The host settings is 127.0.0.1 or \"localhost\". For HTTP, the port setting is 8118. For SOCKS, the proxy is 9050. You should use SOCKS4A or SOCKS5 if possible.\n \n\n\n You can learn more about proxying on Android via the FAQ at: http://tinyurl.com/proxyandroid\n
+ Orbot is ready!
+ Millions of people around the world use Tor for a wide variety of reasons.\n\nJournalists and bloggers, human rights defenders, law enforcement officers, soldiers, corporations, citizens of repressive regimes, and just ordinary citizens… and now you are ready to, as well!
+ Please configure Orbot before you can start using it!
+
+ You\'ve successfully connected to the Tor network - but this does NOT mean your device is secure. You can use the \'Browser\' button to test your connection. \n\nVisit us at https://guardianproject.info/apps/orbot or send an email to help@guardianproject.info to learn more.
+ This will open your web browser to https://check.torproject.org in order to see if Orbot is probably configured and you are connected to Tor.
+ Hidden Service Hosting
+ General
+ Start Orbot on Boot
+ Automatically start Orbot and connect Tor when your Android device boots
+
+
+ Orbot brings Tor to Android!\n\nTor helps you defend against content filtering, traffic analysis and network surveillance that threatens privacy, confidential information and personal relationships.\n\nThis wizard will help you configure Orbot and Tor on your device.
+
+ Warning
+ Simply installing Orbot will not automatically anonymize your mobile traffic.\n\nYou must properly configure Orbot, your device and other apps to successfully use Tor.
+
+ Permissions
+ You can optionally grant Orbot \'Superuser\' access to enable advanced features, such as Transparent Proxying.
+ If you do not want to do this, please make sure to use apps made to work with Orbot
+ Your device does not appear to be rooted or provide root or \'Superuser\' access.\n\nPlease try the \'Apps\' mode on the main screen instead.
+
+ Orbot-Enabled Apps
+ ChatSecure: Secure chat app with Off-the-Record Encryption
+ Orfox: Privacy-enhanced browser that works through Tor
+ Find all Guardian Project apps on Google Play
+ Find all Guardian Project apps on F-Droid
+ Find all Guardian Project apps on https://f-droid.org
+
+ Transparent Proxying
+ This allows your apps to automatically run through the Tor network without any configuration.
+ (Check this box if you have no idea what we are talking about)
+ None
+ Tor Tethering
+ Enable Tor Transparent Proxying for Wifi and USB Tethered Devices (requires restart)
+ Request Superuser Access
+ Select Apps
+ Choose Apps to Route Through Tor
+ Node Configuration
+ These are advanced settings that can reduce your anonymity
+ Entrance Nodes
+ Fingerprints, nicks, countries and addresses for the first hop
+ Enter Entrance Nodes
+ Allow Background Starts
+ Let any app tell Orbot to start Tor and related services
+
+ Proxy All
+ Proxy None
+ Invert Selection
+
+ Outbound Network Proxy (Optional)
+
+ Outbound Proxy Type
+ Protocol to use for proxy server: HTTP, HTTPS, Socks4, Socks5
+ Enter Proxy Type
+
+ Outbound Proxy Host
+ Proxy Server hostname
+ Enter Proxy Host
+
+ Outbound Proxy Port
+ Proxy Server port
+ Enter Proxy port
+
+ Outbound Proxy Username
+ Proxy Username (Optional)
+ Enter Proxy Username
+
+ Outbound Proxy Password
+ Proxy Password (Optional)
+ Enter Proxy Password
+
+
+
+ Status
+ Setting up full transparent proxying…
+ Setting up app-based transparent proxying…
+ Transparent proxying ENABLED
+ TransProxy enabled for Tethering!
+ WARNING: error starting transparent proxying!
+ TransProxy rules cleared
+ Couldn\'t start Tor process:
+ Polipo is running on port:
+ Setting up port-based transparent proxying…
+ Bridge Error
+ In order to use the bridge feature, you must enter at least one bridge IP address.
+ Send an email to bridges@torproject.org with the line \"get bridges\" by itself in the body of the mail from a gmail account.
+ Error
+ Your ReachableAddresses settings caused an exception!
+ Your relay settings caused an exception!
+ Exit Nodes
+ Fingerprints, nicks, countries and addresses for the last hop
+ Enter Exit Nodes
+ Exclude Nodes
+ Fingerprints, nicks, countries and addresses to exclude
+ Enter Exclude Nodes
+ Strict Nodes
+ Use *only* these specified nodes
+ Bridges
+ Use Bridges
+ Obfuscated Bridges
+ Enable alternate entrance nodes into the Tor Network
+ Enable if configured bridges are obfuscated bridges
+ IP address and port of bridges
+ Enter Bridge Addresses
+ Relays
+ Relaying
+ Enable your device to be a non-exit relay
+ Relay Port
+ Listening port for your Tor relay
+ Enter OR port
+ Relay nickname
+ The nickname for your Tor relay
+ Enter a custom relay nickname
+ Reachable Addresses
+ Run as a client behind a firewall with restrictive policies
+ Reachable ports
+ Ports reachable behind a restrictive firewall
+ Enter ports
+ Hidden Service Hosting
+ allow on-device server to be accessible via the Tor network
+ enter localhost ports for hidden services
+ Hidden Service Ports
+ the addressable name for your hidden service (generated automatically)
+ enable debug log to output (must use adb or aLogCat to view)
+ Project Home(s):
+ https://www.torproject.org/docs/android\nhttps://guardianproject.info/apps/orbot/
+ The Tor License
+ https://torproject.org
+ 3rd-Party-Software:
+ Tor: https://www.torproject.org
+ LibEvent v2.0.21: http://www.monkey.org/~provos/libevent/
+ Polipo v1.1.9: https://github.com/jech/polipo
+ IPtables v1.4.21: http://www.netfilter.org
+ OpenSSL v1.0.1q: http://www.openssl.org
+ An app wants to open hidden server port %S to the Tor network. This is safe if you trust the app.
+ found existing Tor process…
+ Something bad happened. Check the log
+ hidden service on:
+ unable to read hidden service name
+ Unable to start Tor:
+ Reboot your device, unable to reset Tor!
+ Use Default Iptables
+ use the built-in iptables binary instead of the one bundled with Orbot
+
+ The Tor binaries were not able to be installed or upgraded.
+
+ Always keep the icon in toolbar when Orbot is connected
+ Always-On Notifications
+
+ Show expanded notification with Tor exit country and IP
+ Expanded Notifications
+
+ Bridges enabled!
+
+ Language
+ Choose the locale and language for Orbot
+ Choose Language
+ Leave default or switch the current language
+ powered by Tor
+ Save Settings
+ No internet connection; Tor is on standby…
+ Bandwidth:
+ down
+ up
+ No Network Auto-Sleep
+ Put Tor to sleep when there is no internet available
+ You\'ve switched to a new Tor identity!
+
+ Browser
+ Use ChatSecure
+
+ Manage Tor
+ Enable this app to control the Tor service
+ It doesn\'t seem like you have Orfox installed. Want help with that, or should we just open the browser?
+ Install apps?
+ No network connectivity. Putting Tor to sleep…
+ Network connectivity is good. Waking Tor up…
+ updating settings in Tor service
+
+ Tor SOCKS
+ Port that Tor offers its SOCKS proxy on (default: 9050 or 0 to disable)
+ SOCKS Port Config
+
+ Tor TransProxy Port
+ Port that Tor offers its Transparent Proxy on (default: 9040 or 0 to disable)
+ TransProxy Port Config
+
+
+ Tor DNS Port
+ Port that Tor offers its DNS on (default: 5400 or 0 to disable)
+ DNS Port Config
+
+
+ Torrc Custom Config
+ EXPERTS ONLY: enter direct torrc config lines
+ Custom Torrc
+
+ Mobile Martus - Benetech Human Rights Documentation App
+ Your Tor Public IPs:
+ "Please disable this app in Android->Settings->Apps if you are having problems with Orbot: "
+ App Conflict
+
+
+ Transproxy Auto-Refresh
+ Re-apply Transproxy rules when the network state changes
+
+ Transproxy FORCE REMOVE
+ Tap here to flush all transproxy network rules NOW
+ Transparent proxy rules flushed!
+ You do not have ROOT access enabled
+ You may need to stop and start Orbot for settings change to be enabled.
+
+ Apps
+
+ kbps
+
+ mbps
+
+ KB
+
+ MB
+
+ Bridges Updated
+
+ Please restart Orbot to enable the changes
+
+ QR Codes
+
+ If your mobile network actively blocks Tor, you can use a Bridge to access the network. SELECT one of the bridge types above to enable bridges.
+
+ Bridge Mode
+
+ Email
+ Web
+
+ Activate
+
+ Apps VPN Mode
+
+ You can enable all apps on your device to run through the Tor network using the VPN feature of Android.\n\n*WARNING* This is a new, experimental feature and in some cases may not start automatically, or may stop. It should NOT be used for anonymity, and ONLY used for getting through firewalls and filters.
+
+ Send Email
+
+ You can get a bridge address through email, the web or by scanning a bridge QR code. Select \'Email\' or \'Web\' below to request a bridge address.\n\nOnce you have an address, copy & paste it into the \"Bridges\" preference in Orbot\'s setting and restart.
+
+ Install Orfox
+
+ Standard Browser
+
+ NOTE: Only standard Tor bridges work on Intel X86/ATOM devices
+
+ World
+
diff --git a/res/values/styles.xml b/app/src/main/res/values/styles.xml
similarity index 100%
rename from res/values/styles.xml
rename to app/src/main/res/values/styles.xml
diff --git a/res/values/theme.xml b/app/src/main/res/values/theme.xml
similarity index 100%
rename from res/values/theme.xml
rename to app/src/main/res/values/theme.xml
diff --git a/res/xml/preferences.xml b/app/src/main/res/xml/preferences.xml
similarity index 100%
rename from res/xml/preferences.xml
rename to app/src/main/res/xml/preferences.xml
diff --git a/build.gradle b/build.gradle
new file mode 100644
index 00000000..856d3d7f
--- /dev/null
+++ b/build.gradle
@@ -0,0 +1,15 @@
+// Top-level build file where you can add configuration options common to all sub-projects/modules.
+buildscript {
+ repositories {
+ jcenter()
+ }
+ dependencies {
+ classpath 'com.android.tools.build:gradle:2.1.0'
+ }
+}
+
+allprojects {
+ repositories {
+ jcenter()
+ }
+}
diff --git a/description/bs.xlf b/description/bs.xlf
new file mode 100644
index 00000000..49f6f0de
--- /dev/null
+++ b/description/bs.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/cs.xlf b/description/cs.xlf
new file mode 100644
index 00000000..768e94a5
--- /dev/null
+++ b/description/cs.xlf
@@ -0,0 +1,86 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ Orbot
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/de.xlf b/description/de.xlf
index e4080626..917f8018 100644
--- a/description/de.xlf
+++ b/description/de.xlf
@@ -11,16 +11,16 @@
- Schützen Sie Ihre Privatsphäre mit diesem Proxys mit Tor
+ Schützen Sie Ihre Privatsphäre mit diesem Proxy ins Tor-NetzwerkThis is limited by Google to 80 characters
- Orbot ist eine freie Proxy-Anwendung, mithilfe derer andere Anwendung das Internet sicherer nutzen können. Orbot nutzt Tor, um Ihren Internetverkehr zu verschlüsseln und zu verstecken, indem er über eine Reihe weltweit verteilter Computer geleitet wird. Tor ist ein freies Programm und ein offenes Netzwerk, dass Ihnen dabei hilft, sich vor Angriffen auf die persönliche Freiheit, die Privatsphäre und vertraulichen Geschäftsbeziehungen sowie vor staatlicher Datenverkehrsanalyse des Internetverkehrs zu schützen.
+ Orbot ist eine kostenlose Proxy-Anwendung, mit deren Hilfe andere Anwendungen das Internet sicherer nutzen können. Orbot verwendet Tor, um Ihren Internetverkehr zu verschlüsseln und ihn dann zu verbergen, indem er über eine Reihe weltweit verteilter Computer geleitet wird. Tor ist ein freies Programm und ein offenes Netzwerk, das Ihnen dabei hilft, sich vor jeder Form der Datenüberwachung zu schützen, die Ihre persönliche Freiheit, Privatsphäre oder vertrauliche Geschäftsbeziehungen bedrohen, sowie sich gegen die Datenauswertung aus Staatssicherheitsgründen zu wehren.
- Orbot ist die einzige Anwendung, die eine wirklich vertrauliche Internetverbindung herstellt. Die New York Times schreibt dazu: »Wenn Verbindungen über Tor eintreffen, weiss man nie von wem oder woher sie kommt.« Tor erhielt 2012 den Electronic Frontier Foundation (EFF) Pioneer Award.
+ Orbot ist die einzige Anwendung, die eine wirklich vertrauliche Internetverbindung herstellt. Die New York Times schreibt dazu: »Wenn eine Kommunikation über Tor eintrifft, weiß man nie von wem oder woher sie stammen.« Tor erhielt 2012 den Electronic Frontier Foundation (EFF) Pioneer Award.
@@ -71,7 +71,7 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
- ★ ÜBER UNS: Guardian Project ist eine Entwickler-Gruppe, die sichere, mobile Anwendung und quelloffenen Code für eine bessere Zukunft erstellen
+ ★ ÜBER UNS: Guardian Project ist eine Gruppe von Entwicklern, die sichere, mobile Anwendungen und quelloffenen Code für eine bessere Zukunft erstellen
diff --git a/description/el.xlf b/description/el.xlf
new file mode 100644
index 00000000..409befe7
--- /dev/null
+++ b/description/el.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/en-rGB.xlf b/description/en-rGB.xlf
new file mode 100644
index 00000000..4106a7da
--- /dev/null
+++ b/description/en-rGB.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/fr.xlf b/description/fr.xlf
index 85f9e67e..ff23457d 100644
--- a/description/fr.xlf
+++ b/description/fr.xlf
@@ -6,17 +6,21 @@
+ OrbotThis is limited by Google to 30 characters
+ Protégez votre vie privée avec ce proxy avec TorThis is limited by Google to 80 characters
+ Orbot est une application proxy gratuite qui améliore l'utilisation plus sécurisée des applications. Orbot utilise Tor pour crypter votre trafic internet et le cacher en passant par une série d'ordinateur partout dans le monde. Tor est un logiciel gratuit et un réseau ouvert qui vous aide à vous défendre contre les surveillances de réseau qui font peur à la liberté personnelle et la vie privée, les activités confidentielles des entreprises et des relations, et l'état de la sécurité connu sous le nom d'analyse de trafic.
+ Orbot est la seule application qui crée une connexion à Internet réellement privée. Pour citer le New York Times : "Quand une communication arrive par Tor, on ne peut jamais savoir d'où, ou de qui elle vient." Tor a gagné le Pioneer Award 2012 de l'Electronic Frontier Foundation (EFF).
@@ -37,48 +41,62 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
+ ***Mode Root Expert***
+ MODE UNIVERSEL : Orbot peut être configuré pour faire passer tout votre trafic Internet de manière transparente par Tor. Vous pouvez également choisir quelles applications en particulier vous voulez faire transiter par Tor.
+ ★ NOUS PARLONS VOTRE LANGUE : Orbot est disponible pour les amis qui parlent :
+ العربية, azərbaycanca, български, català, Čeština, dansk, Deutsch, Ελληνικά, English, español, eesti, euskara, فارسی, suomi, français, galego, hrvatski, magyar, עברית, íslenska, italiano, 日本語, 한국어, lietuvių, latviešu, Македонци, Bahasa Melayu, Nederlands, norsk, polski, português, Русский, slovenčina, slovenščina, српски, svenska, Türkçe, українська, Tagalog, Tiếng Việt, 中文(简体), 中文(台灣)Do not translate the names of the languages, leave them just like this.
+ Vous ne voyez pas votre langue ? Rejoignez nous et aidez nous à traduire cette application :
+ https://www.transifex.com/projects/p/orbotDo not translate this.
+ ***En savoir plus***
+ ★ A PROPOS DE NOUS : Guardian Project est un groupe de développeurs qui créé des applications mobile sécursées et des codes open-source pour un futur meilleur
+ ★ NOTRE SITE WEB : https://GuardianProject.info
+ ★ A PROPOS DE TOR : https://TorProject.org
+ ★ SUR TWITTER : https://twitter.com/guardianproject
+ ★ LOGICIEL GRATUIT : Orbot est un logiciel gratuit. Regardez le our code source, ou rejoignez la communauté pour le rendre meilleur :
+ https://gitweb.torproject.org/orbot.gitDo not translate this.
+ ★ CONTACTEZ NOUS : Est-ce que votre fonctionnalité favorite manque ? Vous avez trouvé un bug ennuyant ? Veuillez nous le dire ! Nous adorerions vous entendre. Envoyez nous un email : support@guardianproject.info ou trouvez nous dans notre salle de discussion : https://guardianproject.info/contact
diff --git a/description/gl.xlf b/description/gl.xlf
index f073c57b..e71949a3 100644
--- a/description/gl.xlf
+++ b/description/gl.xlf
@@ -10,10 +10,12 @@
+ Protexe a túa privacidade con iste proxy con TorThis is limited by Google to 80 characters
+ Orbot é unha aplicación de proxy libre que permite a outras aplicacións usar a internet dun xeito máis seguro. Orbot usa Tor para encriptar o teu tráfico de internet ocultando e rebotándoo a través dunha serie de ordenadores ao redor do mundo. Tor é software libre e unha rede aberta que axuda a defenderte contra unha forma de vixiancia na rede que ameaza a liberdade e privacidade persoal, actividades confidenciáis de negocios e relacións, e estado de seguridade coñecido como análise de tráfico.
diff --git a/description/gu-rIN.xlf b/description/gu-rIN.xlf
new file mode 100644
index 00000000..47382298
--- /dev/null
+++ b/description/gu-rIN.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/gu.xlf b/description/gu.xlf
new file mode 100644
index 00000000..c64b8bbd
--- /dev/null
+++ b/description/gu.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/hi.xlf b/description/hi.xlf
index 41449e40..3d09cf6e 100644
--- a/description/hi.xlf
+++ b/description/hi.xlf
@@ -6,14 +6,17 @@
+ OrbotThis is limited by Google to 30 characters
+ टौर प्रॉक्सी के साथ अपनीक एकांत की रक्षा करो.This is limited by Google to 80 characters
+ औरबौट एक मुफ्त अैप
diff --git a/description/hr-rHR.xlf b/description/hr-rHR.xlf
new file mode 100644
index 00000000..10c6923a
--- /dev/null
+++ b/description/hr-rHR.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/in.xlf b/description/in.xlf
index b01b029f..43587ce5 100644
--- a/description/in.xlf
+++ b/description/in.xlf
@@ -6,6 +6,7 @@
+ OrbotThis is limited by Google to 30 characters
@@ -14,6 +15,7 @@
+ Orbot adalah aplikasi proxy gratis yang membuat aplikasi-aplikasi lainnya dapat terkoneksi dengan internet secara aman. Orbot menggunakan Tor untuk mengenkripsi hubungan internet anda dan menyalurkannya melewati berbagai komputer di seluruh dunia. Tor adalah software gratis dan suatu network terbuka, yang membantu anda menghindari pengawasan network yang mengancam kebebasan pribadi dan privasi, aktivitas bisnis rahasia dan relasi, serta keamanan negara yang dikenal dengan analisa traffic.
diff --git a/description/ky.xlf b/description/ky.xlf
new file mode 100644
index 00000000..995b3433
--- /dev/null
+++ b/description/ky.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/ms.xlf b/description/ms.xlf
new file mode 100644
index 00000000..4bc1143b
--- /dev/null
+++ b/description/ms.xlf
@@ -0,0 +1,86 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ Orbot
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/pa.xlf b/description/pa.xlf
new file mode 100644
index 00000000..96cd401e
--- /dev/null
+++ b/description/pa.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/pt-rBR.xlf b/description/pt-rBR.xlf
index e5e7f2e0..4bc421ab 100644
--- a/description/pt-rBR.xlf
+++ b/description/pt-rBR.xlf
@@ -11,6 +11,7 @@
+ Proteja sua privacidade com este Tor proxyThis is limited by Google to 80 characters
@@ -19,6 +20,7 @@
+ Orbot é o único aplicativo que cria uma conexão verdadeiramente privada com a internet. Como o New York Times descreveu: "Quando uma comunicação chega a partir da rede Tor, você pode nunca saber de onde ou de quem veio." Tor ganhou em 2012 o prêmio Electronic Frontier Foundation (EFF) Pioneer Award.
@@ -39,6 +41,7 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
+ ***Modo Especialista Root***
diff --git a/description/ru.xlf b/description/ru.xlf
index 75c11949..71d5547d 100644
--- a/description/ru.xlf
+++ b/description/ru.xlf
@@ -11,16 +11,16 @@
- Защитите вашу частную жизнь с этой прокси Tor
+ Защитите вашу частную жизнь с Tor-проксиThis is limited by Google to 80 characters
- Orbot это бесплатное прокси приложение, которое позволяет другим приложениям безопаснее пользоваться Интернетом. Orbot использует Tor для шифрования вашего интернет-трафика, а затем прячет его перенаправливая через многочисленные компьютеры по всему миру. Тор является свободным программным обеспечением и открытой сетью, которая помогает вам защититься от сетевого надзора, угрожющий персональной свободе и приватности, конфиденциальности бизнес контактов и связей, а также общегосударственной безопасности, известный как анализ трафика.
+ Orbot — это бесплатное прокси-приложение, которое позволяет другим приложениям безопаснее пользоваться интернетом. Orbot использует Tor для шифрования вашего интернет-трафика, а затем прячет его, перенаправляя через многочисленные компьютеры по всему миру. Тор является свободным программным обеспечением и открытой сетью, которая помогает вам защититься от сетевого надзора, угрожающего персональной свободе и приватности, конфиденциальности бизнес-контактов и связей, а также общегосударственной безопасности, известной как анализ трафика.
- Orbot это единственное приложение, которое по-настоящему создает личное подключение к интернету. Как пишет New York Times, "когда сообщение поступает от Tor, вы никогда не можете знать, где и от кого оно." Тор выиграл 2012 Electronic Frontier Foundation (EFF) Pioneer премию.
+ Orbot — это единственное приложение, которое по настоящему создаёт приватное подключение к интернету. Как пишет New York Times, "когда сообщение поступает от Tor, вы никогда не можете знать, где и от кого оно." Tor получил премию 2012 Electronic Frontier Foundation (EFF) Pioneer.
@@ -41,15 +41,15 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
- *** Режим Эксперт Рутинг***
+ *** Root-режим для экспертов***
- УГИВЕРСАЛЬНЫЙ РЕЖИМ: Orbot может быть сконфигурирован для прозрачной прокси на весь ваш интернет-трафика через Tor. Вы также можете выбрать, какие конкретные приложения вы хотите использовать через Tor.
+ УНИВЕРСАЛЬНЫЙ РЕЖИМ: Orbot может быть настроен для прозрачного перенаправления всего вашего интернет-трафика через Tor. Вы также можете выбрать, какие конкретные приложения вы хотите направлять через Tor.
- ★ МЫ ГОВОРОИМ НА ВАШЕМ ЯЗЫКЕ: Orbot доступен для друзей, которые говорят на:
+ ★ МЫ ГОВОРИМ НА ВАШЕМ ЯЗЫКЕ: Orbot доступен для друзей, которые говорят на:
@@ -67,11 +67,11 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
- ***Узнать Больше***
+ ***Узнать больше***
- ★ О НАС: Guardian Project это группа разработчиков, которые создают безопасные мобильные приложения и открытый исходный код для лучшего будущего
+ ★ О НАС: Guardian Project — это группа разработчиков, которые создают безопасные мобильные приложения и открытый исходный код для лучшего будущего
@@ -83,11 +83,11 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
- ★ В Твиттере: https://twitter.com/guardianproject
+ ★ В TWITTER: https://twitter.com/guardianproject
- ★БЕСПЛАТНОЕ ПРОГРАММНОЕ ОБЕСПЕЧЕНИЕ: Orbot это свободное программное обеспечение. Взгляните на наш исходный код или присоединиться к сообществу, чтобы его улучщить:
+ ★БЕСПЛАТНОЕ ПРОГРАММНОЕ ОБЕСПЕЧЕНИЕ: Orbot — это свободное программное обеспечение. Взгляните на наш исходный код или присоединиться к сообществу, чтобы его улучшить:
@@ -96,7 +96,7 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
- ★ПИШИТЕ НАМ: У нас нет вашей любимой функции? Обнаружили ошибку? Пожалуйста сообщите нам! Мы хотим от вас услышать. Отправите письмо: support@guardianproject.info или найдите нас в чате https://guardianproject.info/contact
+ ★ ПИШИТЕ НАМ: У нас нет вашей любимой функции? Обнаружили ошибку? Пожалуйста, сообщите нам! Мы хотим вас услышать. Отправите письмо: support@guardianproject.info или найдите нас в чате https://guardianproject.info/contact
diff --git a/description/sk-rSK.xlf b/description/sk-rSK.xlf
new file mode 100644
index 00000000..ec4faeca
--- /dev/null
+++ b/description/sk-rSK.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/sr.xlf b/description/sr.xlf
index 794cb411..c85906b3 100644
--- a/description/sr.xlf
+++ b/description/sr.xlf
@@ -6,18 +6,21 @@
+ ОрботThis is limited by Google to 30 characters
- Zaštitite svoju privatnost ovim proksijem sa Tor-om
+ Заштитите вашу приватност овим проксијем помоћу ТораThis is limited by Google to 80 characters
+ Орбот је бесплатна прокси апликација која даје моћ другим апликацијама да безбедније користе интернет. Орбот користи Тор за шифровање вашег интернет саобраћаја и онда га скрива слањем кроз низ рачунара широм света. Тор је слободан софтвер и отворена мрежа која помаже да се одбраните од разних облика надзора мрежа који угрожавају личну слободу и приватност, поверљиве пословне активности и личне односе и државне безбедности познате као анализа саобраћаја.
+ Орбот је једина апликација која прави истински приватну везу са интернетом. Како Нјујорк Тајмс магазин пише: „када комуникација дође са Тор мреже, никада не можете да будете сигурни одакле или од кога је.“ Тор је добио пионир награду Електронске граничне фондације (ЕFF) 2012. године.
@@ -38,55 +41,62 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
+ ***Корени режим за стручњаке***
+ УНИВЕРЗАЛНИ РЕЖИМ: Орбот може да се подеси да транспарентно шаље кроз прокси сав ваш интернет саобраћај. Можете и да изаберете одређене апликације које желите да користите кроз Тор мрежу.
- MI GOVORIMO TVOJIM JEZIKOM: Orbot je dostupan prijateljima koji govore:
+ ★ МИ ГОВОРИМО ВАШИМ ЈЕЗИКОМ: Орбот је доступан за пријатеље који говоре:
+ العربية, azərbaycanca, български, català, Čeština, dansk, Deutsch, Ελληνικά, English, español, eesti, euskara, فارسی, suomi, français, galego, hrvatski, magyar, עברית, íslenska, italiano, 日本語, 한국어, lietuvių, latviešu, Македонци, Bahasa Melayu, Nederlands, norsk, polski, português, Русский, slovenčina, slovenščina, српски, svenska, Türkçe, українська, Tagalog, Tiếng Việt, 中文(简体), 中文(台灣)Do not translate the names of the languages, leave them just like this.
- Ne vidiš svoj jezik na listi? Pridruzi nam se i pomozi da prevedemo aplikaciju:
+ Не видите ваш језик на списку? Придружите нам се помозите да преведемо апликацију:
+ https://www.transifex.com/projects/p/orbotDo not translate this.
- *** Nauči više ***
+ *** Сазнајте више ***
+ ★ О НАМА: Гардијан пројекат (Guardian Project) је група програмера који праве безбедне мобилне апликације отвореног кôда за боље сутра
- NAŠ VEB SAJT: https://GuardianProject.info
+ ★ НАШ ВЕБСАЈТ: https://GuardianProject.info
- INFORMACIJE O TORU: https://TorProject.org
+ ★ О ТОРУ: https://TorProject.org
- NAŠ TWITTER: https://twitter.com/guardianproject
+ ★ НА ТВИТЕРУ: https://twitter.com/guardianproject
+ ★ СЛОБОДАН СОФТВЕР: Орбот је слободан софтвер. Погледајте изворни кôд, или се придружите заједници да је учините још бољом:
+ https://gitweb.torproject.org/orbot.gitDo not translate this.
- KONTAKTIRAJTE NAS: Da li smo propustili vaš omiljeni sadržaj? Naišli ste smetnje? Molim vas recite nam! Voleli bismo da čujemo vaše mišljenje. Pošaljite nam e-mail: support@guardianproject.info ili nas pronađite u čet sobi https://guardianproject.info/contact
+ ★ ПОШАЉИТЕ НАМ ПОРУКУ: Фали нам ваша омиљена функционалност? Пронашли сте иритирајућу грешку? Волели бисмо да чујемо ваше мишљење! Пошаљите нам е-пошту на support@guardianproject.info или нас пронађите у нашој соби за ћаскање https://guardianproject.info/contact
diff --git a/description/ur.xlf b/description/ur.xlf
new file mode 100644
index 00000000..383935a2
--- /dev/null
+++ b/description/ur.xlf
@@ -0,0 +1,85 @@
+
+
+
+ Google places strick character limits on the various text fields in Google Play. The title is 30 characters, the short description is 80 characters, and the rest of the strings, which all go together in the description, are limited to 4000 characters.
+
+
+
+
+ This is limited by Google to 30 characters
+
+
+
+ This is limited by Google to 80 characters
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate the names of the languages, leave them just like this.
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Do not translate this.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/description/vi.xlf b/description/vi.xlf
index 58a2c0d4..ad16e543 100644
--- a/description/vi.xlf
+++ b/description/vi.xlf
@@ -6,17 +6,21 @@
+ OrbotThis is limited by Google to 30 characters
+ Bảo vệ sự riêng tư của bạn với proxy sử dụng TorThis is limited by Google to 80 characters
+ Orbot là một ứng dụng proxy miễn phí, được thiết kế để làm cho các ứng dụng khác kết nối với Internet một cách an toàn. Orbot sử dụng Tor để mã hóa các kết nối Internet rồi ẩn danh nó thông qua một loạt các nút trong mạng Tor. Tor là phần mềm miễn phí và là một mạng lưới mở giúp bạn chống lại sự giám sát mạng, vốn đe dọa riêng tư trực tuyến, hay các hoạt động bí mật...
+ Chỉ có Orbot là ứng dụng duy nhất tạo ra một kết nối Internet thật sự riêng tư. Như tờ New York Times viết, "khi mà nhận được thông tin truyền qua mạng Tor, bạn sẽ không bao giờ biết nó từ đâu tới, hay ai tạo ra nó." Tor đã được trao giải 2012 EFF Pioneer Award.
@@ -37,48 +41,62 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
+ ***Chế độ root cho chuyên gia***
+ CHẾ ĐỘ KẾT NỐI TẤT CẢ: Orbot có thể được thiết lập để áp dụng proxy trong suốt cho tất cả các kết nối mạng để cho chúng đi qua mạng Tor. Bạn cũng có thể chọn riêng từng ứng dụng mà bạn muốn sử dụng với Tor.
+ ★ CHÚNG TÔI CÓ NGÔN NGỮ CỦA BẠN: Orbot khả dụng cho những ai hiểu ngôn ngữ:
+ العربية, azərbaycanca, български, català, Čeština, dansk, Deutsch, Ελληνικά, English, español, eesti, euskara, فارسی, suomi, français, galego, hrvatski, magyar, עברית, íslenska, italiano, 日本語, 한국어, lietuvių, latviešu, Македонци, Bahasa Melayu, Nederlands, norsk, polski, português, Русский, slovenčina, slovenščina, српски, svenska, Türkçe, українська, Tagalog, Tiếng Việt, 中文(简体), 中文(台灣)Do not translate the names of the languages, leave them just like this.
+ Không tìm thấy ngôn ngữ của bạn? Hãy tham gia phiên dịch cùng chúng tôi:
+ https://www.transifex.com/projects/p/orbotDo not translate this.
+ ***Tìm hiểu thêm***
+ ★ VỀ CHÚNG TÔI: Guardian Project ("Dự án Người Bảo Vệ") là một nhóm những nhà phát triển, làm ra những ứng dụng di động an toàn, bảo mật và mã nguồn mở, nhằm xây dựng một tương lai tốt đẹp hơn
+ ★ WEBSITE CỦA CHÚNG TÔI: https://GuardianProject.info
+ ★ VỀ TOR: https://TorProject.org
+ ★ TWITTER: https://twitter.com/guardianproject
+ ★ PHẦN MỀM MIỄN PHÍ: Orbot là phần mềm miễn phí. Bạn có thể khám phá mã nguồn của nó, hoặc tham gia với chúng tôi để làm cho nó trở nên tốt hơn:
+ https://gitweb.torproject.org/orbot.gitDo not translate this.
+ ★ LIÊN HỆ VỚI CHÚNG TÔI: Chúng tôi chưa phát triển tính năng bạn thích? Tìm thấy lỗi gây khó chịu? Báo cho chúng tôi! Chúng tôi mong muốn được nghe ý kiến từ bạn. Gửi email cho chúng tôi: support@guardianproject.info hoặc tìm chúng tôi ở phòng chat https://guardianproject.info/contact
diff --git a/description/zh-rTW.xlf b/description/zh-rTW.xlf
index 129c5c08..3d28b52c 100644
--- a/description/zh-rTW.xlf
+++ b/description/zh-rTW.xlf
@@ -11,16 +11,17 @@
- 使用tor的proxy來保護你的個人隱私
+ 使用Tor的proxy來保護你的個人隱私This is limited by Google to 80 characters
- Orbot是一款強力而免費的proxy應用程式用來保護其他應用的上網安全。
-orbot使用tor
+ Orbot是一款免費的網路代理應用程式,用來保護其他應用的上網安全。
+Orbot使用Tor在一系列全球的電腦間跳躍,用以加密並隱藏您的網路流量。Tor是個免費軟體也是個開放網路,能幫您抵禦某一種網路監控,也就是流量分析。該監控威脅了個人的自由和隱私、商業的機密關係和活動、甚至國家安全。
+ Orbot是唯一能建立真正私人網路連接的應用程式。如紐約時報寫道,「當一則資訊從Tor抵達時,您永遠也無法知道它從誰或從哪裡而來。」Tor贏得了2012電子前哨基金會(EFF)的先鋒獎。
@@ -41,48 +42,63 @@ IT’S OFFICIAL: This is the official version of the Tor onion routing service f
+ ***專家Root模式***
+ 廣用模式: 設置過的Orbot可以透過Tor將所有網路流量透明代理。您也可以選擇特定的應用程式來使用Tor。
+ ★我們使用你的語言: Orbot 適用於朋友們使用的語言:
+ 中文(台灣), العربية, azərbaycanca, български, català, Čeština, dansk, Deutsch, Ελληνικά, English, español, eesti, euskara, فارسی, suomi, français, galego, hrvatski, magyar, עברית, íslenska, italiano, 日本語, 한국어, lietuvių, latviešu, Македонци, Bahasa Melayu, Nederlands, norsk, polski, português, Русский, slovenčina, slovenščina, српски, svenska, Türkçe, українська, Tagalog, Tiếng Việt, 中文(简体)Do not translate the names of the languages, leave them just like this.
+ 還沒看見您的語言嗎? 請加入我們,並幫助我們翻譯這個應用程式:
+ https://www.transifex.com/projects/p/orbotDo not translate this.
+ ***了解更多***
+ ★關於我們: 保護者計畫是一個開發者組成的團體,製作安全的手機應用程式和開源碼,都是為了更美好的未來
+ ★我們的網站: https://GuardianProject.info
+ ★ 關於 Tor: https://TorProject.org
+ ★ Twitter: https://twitter.com/guardianproject
+ ★自由軟體: Orbot是自由軟體。請看看我們的開源碼,或是加入討論社區以把它改善:
+ https://gitweb.torproject.org/orbot.gitDo not translate this.
+ ★通知我們: 我們是否漏掉了您喜愛的特點呢? 發現了煩人的小錯誤嗎? 請和我們說!
+我們很想聽您說。請寄信給我們: support@guardianproject.info或在我們的聊天室找我們https://guardianproject.info/contact
diff --git a/external/0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch b/external/0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch
new file mode 100644
index 00000000..51dce9be
--- /dev/null
+++ b/external/0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch
@@ -0,0 +1,28 @@
+From 74ef555267f83e6e0e365112749dd8b743ee2b87 Mon Sep 17 00:00:00 2001
+From: n8fr8
+Date: Mon, 19 Sep 2016 16:04:04 -0400
+Subject: [PATCH 1/1] add limits.h to support MAX_SIZE on Android
+
+---
+ src/ext/trunnel/trunnel.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/ext/trunnel/trunnel.c b/src/ext/trunnel/trunnel.c
+index 0ed75aa..dbb9476 100644
+--- a/src/ext/trunnel/trunnel.c
++++ b/src/ext/trunnel/trunnel.c
+@@ -13,6 +13,11 @@
+ #include
+ #include
+ #include "trunnel-impl.h"
++ /* Get SIZE_MAX. */
++#ifdef __BIONIC__
++#include
++#endif
++
+
+ #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+ __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+--
+1.9.1
+
diff --git a/external/Makefile b/external/Makefile
index 211df769..850e92cc 100644
--- a/external/Makefile
+++ b/external/Makefile
@@ -27,6 +27,7 @@ NDK_PLATFORM_LEVEL ?= 16
NDK_TOOLCHAIN_VERSION=4.8
APP_ABI ?= armeabi
NDK_ABI ?= $(APP_ABI)
+PIE_MODE ?= pie
ifneq ($(filter arm%, $(APP_ABI)),)
NDK_ABI := arm
endif
@@ -72,6 +73,10 @@ STRIP := $(NDK_TOOLCHAIN_BASE)/bin/$(HOST)-strip \
# PIEFLAGS for SDK 16/Android L must be set to -fPIE -pie, but can override for earlier targets
PIEFLAGS ?= -fPIE -pie
+ifeq ($(PIEMODE),nopie)
+ PIEFLAGS =
+endif
+
CFLAGS = -DANDROID $(TARGET_CFLAGS) $(PIEFLAGS)
LDFLAGS = -llog $(TARGET_LDFLAGS) $(PIEFLAGS)
@@ -225,9 +230,12 @@ tor/configure:
./autogen.sh
tor/Makefile: tor/configure
- cp fix_android_0.2.6.4rc_build.patch tor
+ cp 0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch tor
cd tor && \
- git apply fix_android_0.2.6.4rc_build.patch
+ git apply 0001-add-limits.h-to-support-MAX_SIZE-on-Android.patch
+# cp fix_android_0.2.6.4rc_build.patch tor
+# cd tor && \
+# git apply fix_android_0.2.6.4rc_build.patch
cp config.sub tor
cp config.guess tor
cd tor && \
@@ -297,26 +305,26 @@ pluto-clean:
#this is related to a bug in compression of assets and resources > 1MB
assets: tor polipo iptables pluto
- install -d ../libs
- install -d ../assets/$(APP_ABI)
+ install -d ../orbotservice/src/main/assets/$(APP_ABI)
-$(STRIP) bin/polipo
- -zip ../assets/$(APP_ABI)/polipo.mp3 bin/polipo
+ -zip ../orbotservice/src/main/assets/$(APP_ABI)/polipo.mp3 bin/polipo
-$(STRIP) bin/tor
- -zip ../assets/$(APP_ABI)/tor.mp3 bin/tor
+ -zip ../orbotservice/src/main/assets/$(APP_ABI)/tor.mp3 bin/tor
-$(STRIP) bin/xtables
- -zip ../assets/$(APP_ABI)/xtables.mp3 bin/xtables
+ -zip ../orbotservice/src/main/assets/$(APP_ABI)/xtables.mp3 bin/xtables
-$(STRIP) bin/obfs4proxy
- -zip ../assets/$(APP_ABI)/obfs4proxy.mp3 bin/obfs4proxy
- -$(STRIP) ../libs/$(APP_ABI)/pdnsd
- -zip ../assets/$(APP_ABI)/pdnsd.mp3 ../libs/$(APP_ABI)/pdnsd
- -rm ../libs/$(APP_ABI)/pdnsd
+ -zip ../orbotservice/src/main/assets/$(APP_ABI)/obfs4proxy.mp3 bin/obfs4proxy
+ -$(STRIP) ../orbotservice/src/main/libs/$(APP_ABI)/pdnsd
+ -zip ../orbotservice/src/main/assets/$(APP_ABI)/pdnsd.mp3 ../orbotservice/src/main/libs/$(APP_ABI)/pdnsd
+ -rm ../orbotservice/src/main/libs/$(APP_ABI)/pdnsd
assets-clean:
- -rm ../assets/$(APP_ABI)/polipo.mp3
- -rm ../assets/$(APP_ABI)/tor.mp3
- -rm ../assets/$(APP_ABI)/xtables.mp3
- -rm ../assets/$(APP_ABI)/obfs4proxy.mp3
- -rm ../assets/$(APP_ABI)/pdnsd.mp3
+ -rm ../orbotservice/src/main/assets/$(APP_ABI)/polipo.mp3
+ -rm ../orbotservice/src/main/assets/$(APP_ABI)/tor.mp3
+ -rm ../orbotservice/src/main/assets/$(APP_ABI)/xtables.mp3
+ -rm ../orbotservice/src/main/assets/$(APP_ABI)/obfs4proxy.mp3
+ -rm ../orbotservice/src/main/assets/$(APP_ABI)/pdnsd.mp3
+
#------------------------------------------------------------------------------#
# cleanup, cleanup, put the toys away
diff --git a/patches/UDP-block.patch b/external/patches/UDP-block.patch
similarity index 100%
rename from patches/UDP-block.patch
rename to external/patches/UDP-block.patch
diff --git a/patches/orbot-patch-sporkbomb-20110501/Part 1.4 b/external/patches/orbot-patch-sporkbomb-20110501/Part 1.4
similarity index 100%
rename from patches/orbot-patch-sporkbomb-20110501/Part 1.4
rename to external/patches/orbot-patch-sporkbomb-20110501/Part 1.4
diff --git a/patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch b/external/patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch
similarity index 100%
rename from patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch
rename to external/patches/orbot-patch-sporkbomb-20110501/orbot-real_transproxy_all-use_only_new_iptables.patch
diff --git a/patches/orbot-patch-sporkbomb-20110501/orbot_leak_report b/external/patches/orbot-patch-sporkbomb-20110501/orbot_leak_report
similarity index 100%
rename from patches/orbot-patch-sporkbomb-20110501/orbot_leak_report
rename to external/patches/orbot-patch-sporkbomb-20110501/orbot_leak_report
diff --git a/patches/transproxy.patch b/external/patches/transproxy.patch
similarity index 100%
rename from patches/transproxy.patch
rename to external/patches/transproxy.patch
diff --git a/patches/udptransproxyfinal.patch b/external/patches/udptransproxyfinal.patch
similarity index 100%
rename from patches/udptransproxyfinal.patch
rename to external/patches/udptransproxyfinal.patch
diff --git a/patches/update_GibberBot_info/ic_launcher_gibberbot.png b/external/patches/update_GibberBot_info/ic_launcher_gibberbot.png
similarity index 100%
rename from patches/update_GibberBot_info/ic_launcher_gibberbot.png
rename to external/patches/update_GibberBot_info/ic_launcher_gibberbot.png
diff --git a/patches/update_GibberBot_info/update_GibberBot_info.diff b/external/patches/update_GibberBot_info/update_GibberBot_info.diff
similarity index 100%
rename from patches/update_GibberBot_info/update_GibberBot_info.diff
rename to external/patches/update_GibberBot_info/update_GibberBot_info.diff
diff --git a/external/tor b/external/tor
index 7a489a63..26308863 160000
--- a/external/tor
+++ b/external/tor
@@ -1 +1 @@
-Subproject commit 7a489a638911012069981702065b952a5809d249
+Subproject commit 263088633a63982a8d6ddffd3ed3e3d85cffd6f1
diff --git a/gradle.properties b/gradle.properties
new file mode 100644
index 00000000..f6a934d9
--- /dev/null
+++ b/gradle.properties
@@ -0,0 +1,16 @@
+## Project-wide Gradle settings.
+#
+# For more details on how to configure your build environment visit
+# http://www.gradle.org/docs/current/userguide/build_environment.html
+#
+# Specifies the JVM arguments used for the daemon process.
+# The setting is particularly useful for tweaking memory settings.
+# Default value: -Xmx10248m -XX:MaxPermSize=256m
+# org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
+#
+# When configured, Gradle will run in incubating parallel mode.
+# This option should only be used with decoupled projects. More details, visit
+# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
+# org.gradle.parallel=true
+#Mon Jun 20 21:44:59 EDT 2016
+android.useDeprecatedNdk=true
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 00000000..13372aef
Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 00000000..122a0dca
--- /dev/null
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,6 @@
+#Mon Dec 28 10:00:20 PST 2015
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.10-all.zip
diff --git a/gradlew b/gradlew
new file mode 100755
index 00000000..9d82f789
--- /dev/null
+++ b/gradlew
@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+
+##############################################################################
+##
+## Gradle start up script for UN*X
+##
+##############################################################################
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn ( ) {
+ echo "$*"
+}
+
+die ( ) {
+ echo
+ echo "$*"
+ echo
+ exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+case "`uname`" in
+ CYGWIN* )
+ cygwin=true
+ ;;
+ Darwin* )
+ darwin=true
+ ;;
+ MINGW* )
+ msys=true
+ ;;
+esac
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG=`dirname "$PRG"`"/$link"
+ fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ if [ ! -x "$JAVACMD" ] ; then
+ die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+ fi
+else
+ JAVACMD="java"
+ which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
+ MAX_FD_LIMIT=`ulimit -H -n`
+ if [ $? -eq 0 ] ; then
+ if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+ MAX_FD="$MAX_FD_LIMIT"
+ fi
+ ulimit -n $MAX_FD
+ if [ $? -ne 0 ] ; then
+ warn "Could not set maximum file descriptor limit: $MAX_FD"
+ fi
+ else
+ warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+ fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+ GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin ; then
+ APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+ CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+ JAVACMD=`cygpath --unix "$JAVACMD"`
+
+ # We build the pattern for arguments to be converted via cygpath
+ ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+ SEP=""
+ for dir in $ROOTDIRSRAW ; do
+ ROOTDIRS="$ROOTDIRS$SEP$dir"
+ SEP="|"
+ done
+ OURCYGPATTERN="(^($ROOTDIRS))"
+ # Add a user-defined pattern to the cygpath arguments
+ if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+ OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+ fi
+ # Now convert the arguments - kludge to limit ourselves to /bin/sh
+ i=0
+ for arg in "$@" ; do
+ CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+ CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
+
+ if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
+ eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+ else
+ eval `echo args$i`="\"$arg\""
+ fi
+ i=$((i+1))
+ done
+ case $i in
+ (0) set -- ;;
+ (1) set -- "$args0" ;;
+ (2) set -- "$args0" "$args1" ;;
+ (3) set -- "$args0" "$args1" "$args2" ;;
+ (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+ (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+ (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+ (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+ (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+ (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+ esac
+fi
+
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+ JVM_OPTS=("$@")
+}
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
diff --git a/gradlew.bat b/gradlew.bat
new file mode 100644
index 00000000..aec99730
--- /dev/null
+++ b/gradlew.bat
@@ -0,0 +1,90 @@
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto init
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto init
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:init
+@rem Get command-line arguments, handling Windowz variants
+
+if not "%OS%" == "Windows_NT" goto win9xME_args
+if "%@eval[2+2]" == "4" goto 4NT_args
+
+:win9xME_args
+@rem Slurp the command line arguments.
+set CMD_LINE_ARGS=
+set _SKIP=2
+
+:win9xME_args_slurp
+if "x%~1" == "x" goto execute
+
+set CMD_LINE_ARGS=%*
+goto execute
+
+:4NT_args
+@rem Get arguments from the 4NT Shell from JP Software
+set CMD_LINE_ARGS=%$
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/jni/pdnsd/doc/Makefile.am b/jni/pdnsd/doc/Makefile.am
deleted file mode 100644
index b3e21984..00000000
--- a/jni/pdnsd/doc/Makefile.am
+++ /dev/null
@@ -1,28 +0,0 @@
-
-man_MANS = pdnsd.8 pdnsd-ctl.8 pdnsd.conf.5
-
-# Note: pdnsd-ctl.8, pdnsd.conf.5.in, dl.html and the txt docs are handled by dist-hook rule.
-EXTRA_DIST = pdnsd.conf.in pdnsd.8.in \
- html/dl.html.in html/doc.html html/faq.html html/index.html \
- doc_makefile html/doc_makefile txt/doc_makefile \
- html2confman.pl html/htmlsubst.pl
-
-# XXX: Do not insist to set the config file owner to root to avoid breaking RPM
-# builds
-install-data-hook:
- $(mkinstalldirs) "$(DESTDIR)$(sysconfdir)"
- if test `whoami` = "root"; then \
- $(INSTALL) -o 0 -g 0 -m 644 pdnsd.conf "$(DESTDIR)$(sysconfdir)/pdnsd.conf.sample" ; \
- else \
- $(INSTALL) -m 644 pdnsd.conf "$(DESTDIR)$(sysconfdir)/pdnsd.conf.sample" ; \
- fi
-
-dist-hook: doc_makefile
- @$(MAKE) -f doc_makefile doc
- cp -p --parents pdnsd-ctl.8 pdnsd.conf.5.in \
- html/dl.html txt/faq.txt txt/intro.txt txt/manual.txt \
- $(distdir)
-
-distclean-local: doc_makefile
- @$(MAKE) -f doc_makefile clean
-
diff --git a/jni/pdnsd/doc/Makefile.in b/jni/pdnsd/doc/Makefile.in
deleted file mode 100644
index 7f07fe69..00000000
--- a/jni/pdnsd/doc/Makefile.in
+++ /dev/null
@@ -1,483 +0,0 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
-# Inc.
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-VPATH = @srcdir@
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-subdir = doc
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
- $(srcdir)/pdnsd.8.in $(srcdir)/pdnsd.conf.5.in \
- $(srcdir)/pdnsd.conf.in
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/configure.in
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = pdnsd.8 pdnsd.conf.5 pdnsd.conf
-CONFIG_CLEAN_VPATH_FILES =
-SOURCES =
-DIST_SOURCES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-man5dir = $(mandir)/man5
-am__installdirs = "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(man_MANS)
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LDFLAGS = @LDFLAGS@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LTLIBOBJS = @LTLIBOBJS@
-MAKEINFO = @MAKEINFO@
-MKDIR_P = @MKDIR_P@
-OBJEXT = @OBJEXT@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-RANLIB = @RANLIB@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRIP = @STRIP@
-VERSION = @VERSION@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_CC = @ac_ct_CC@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build_alias = @build_alias@
-builddir = @builddir@
-cachedir = @cachedir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-def_id = @def_id@
-distribution = @distribution@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fullversion = @fullversion@
-host_alias = @host_alias@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-packagerelease = @packagerelease@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-specbuild = @specbuild@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-thread_CFLAGS = @thread_CFLAGS@
-threadlib = @threadlib@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-man_MANS = pdnsd.8 pdnsd-ctl.8 pdnsd.conf.5
-
-# Note: pdnsd-ctl.8, pdnsd.conf.5.in, dl.html and the txt docs are handled by dist-hook rule.
-EXTRA_DIST = pdnsd.conf.in pdnsd.8.in \
- html/dl.html.in html/doc.html html/faq.html html/index.html \
- doc_makefile html/doc_makefile txt/doc_makefile \
- html2confman.pl html/htmlsubst.pl
-
-all: all-am
-
-.SUFFIXES:
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu doc/Makefile
-.PRECIOUS: Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-pdnsd.8: $(top_builddir)/config.status $(srcdir)/pdnsd.8.in
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-pdnsd.conf.5: $(top_builddir)/config.status $(srcdir)/pdnsd.conf.5.in
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-pdnsd.conf: $(top_builddir)/config.status $(srcdir)/pdnsd.conf.in
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
-install-man5: $(man_MANS)
- @$(NORMAL_INSTALL)
- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)"
- @list=''; test -n "$(man5dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.5[a-z]*$$/p'; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
- done; }
-
-uninstall-man5:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man5dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.5[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; }
-install-man8: $(man_MANS)
- @$(NORMAL_INSTALL)
- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)"
- @list=''; test -n "$(man8dir)" || exit 0; \
- { for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- test -z "$$files" || { \
- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; }
-tags: TAGS
-TAGS:
-
-ctags: CTAGS
-CTAGS:
-
-
-distdir: $(DISTFILES)
- @list='$(MANS)'; if test -n "$$list"; then \
- list=`for p in $$list; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
- if test -n "$$list" && \
- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
- echo " typically \`make maintainer-clean' will remove them" >&2; \
- exit 1; \
- else :; fi; \
- else :; fi
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
- $(MAKE) $(AM_MAKEFLAGS) \
- top_distdir="$(top_distdir)" distdir="$(distdir)" \
- dist-hook
-check-am: all-am
-check: check-am
-all-am: Makefile $(MANS)
-installdirs:
- for dir in "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- `test -z '$(STRIP)' || \
- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic mostlyclean-am
-
-distclean: distclean-am
- -rm -f Makefile
-distclean-am: clean-am distclean-generic distclean-local
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man
- @$(NORMAL_INSTALL)
- $(MAKE) $(AM_MAKEFLAGS) install-data-hook
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man5 install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-generic
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man
-
-uninstall-man: uninstall-man5 uninstall-man8
-
-.MAKE: install-am install-data-am install-strip
-
-.PHONY: all all-am check check-am clean clean-generic dist-hook \
- distclean distclean-generic distclean-local distdir dvi dvi-am \
- html html-am info info-am install install-am install-data \
- install-data-am install-data-hook install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man5 \
- install-man8 install-pdf install-pdf-am install-ps \
- install-ps-am install-strip installcheck installcheck-am \
- installdirs maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic pdf pdf-am ps ps-am uninstall \
- uninstall-am uninstall-man uninstall-man5 uninstall-man8
-
-
-# XXX: Do not insist to set the config file owner to root to avoid breaking RPM
-# builds
-install-data-hook:
- $(mkinstalldirs) "$(DESTDIR)$(sysconfdir)"
- if test `whoami` = "root"; then \
- $(INSTALL) -o 0 -g 0 -m 644 pdnsd.conf "$(DESTDIR)$(sysconfdir)/pdnsd.conf.sample" ; \
- else \
- $(INSTALL) -m 644 pdnsd.conf "$(DESTDIR)$(sysconfdir)/pdnsd.conf.sample" ; \
- fi
-
-dist-hook: doc_makefile
- @$(MAKE) -f doc_makefile doc
- cp -p --parents pdnsd-ctl.8 pdnsd.conf.5.in \
- html/dl.html txt/faq.txt txt/intro.txt txt/manual.txt \
- $(distdir)
-
-distclean-local: doc_makefile
- @$(MAKE) -f doc_makefile clean
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/jni/pdnsd/doc/doc_makefile b/jni/pdnsd/doc/doc_makefile
deleted file mode 100644
index f5e8f86d..00000000
--- a/jni/pdnsd/doc/doc_makefile
+++ /dev/null
@@ -1,38 +0,0 @@
-# This file was written by Paul Rombouts.
-# Because pdnsd currently has a very idiosyncratic method of building documentation
-# I prefer to keep the actual build rules outside of the Makefiles an ordinary user
-# would use to compile pdnsd and therefore I have put them into separate 'doc_makefile's.
-#
-# To rebuild pdnsd docs after you have modified something that other files depend on,
-# run 'make -f doc_makefile doc' in the doc/ directory.
-# This makefile is also invoked when you build a pdnsd distribution tarball
-# using 'make dist' in the toplevel pdnsd source directory.
-#
-# If anyone thinks there is a much more elegant method for building the pdnsd docs
-# using a conventional autoconf/automake process, please let me know.
-
-versionfile = ../version
-
-doc: pdnsd-ctl.8 pdnsd.conf.5.in html txt
-.PHONY: pdnsd-ctl.8 doc html txt clean
-
-pdnsd-ctl.8:
- @pver=`cat $(versionfile)` && \
- mver=`perl -e 'while(<>) {if(/^\s*\.TH(?:\s+(?:"[^"]*"|[^"\s]+)){3}\s+"pdnsd\s+([^"]*)"/) {print "$$1\n";exit 0}} \
- die "Cannot find version in $$ARGV\n"' $@` && { \
- test "$$mver" = "$$pver" || { \
- perl -p -i.makesave -e 's/^(\s*\.TH(?:\s+(?:"[^"]*"|[^"\s]+)){3}\s+"pdnsd\s+)[^"]*(")/$${1}'"$$pver"'$${2}/' $@ && \
- echo "Updated version in $@: $$mver -> $$pver"; \
- }; \
- }
-
-pdnsd.conf.5.in: html/doc.html html2confman.pl
- perl html2confman.pl $< > $@
-
-html txt:
- @cd $@ && $(MAKE) -f doc_makefile
-
-clean:
- @rm -fv pdnsd.conf.5.in
- @cd html && $(MAKE) -f doc_makefile clean
- @cd txt && $(MAKE) -f doc_makefile clean
diff --git a/jni/pdnsd/doc/html/dl.html b/jni/pdnsd/doc/html/dl.html
deleted file mode 100644
index 3f9c6140..00000000
--- a/jni/pdnsd/doc/html/dl.html
+++ /dev/null
@@ -1,96 +0,0 @@
-
-
-
- pdnsd Download Page
-
-
-
-
-
-
The original author of pdnsd is Thomas Moestl,
- but since 2003, he no longer maintains pdnsd.
- However, Paul A. Rombouts has extensively revised the code and maintains
- a version with many fixes and improvements at
- http://members.home.nl/p.a.rombouts/pdnsd.html.
- He has pre-patched tarballs and RPM packages available for download at this site.
-
-
- If you are interested in the very latest code or if you want to participate in
- pdnsd development, checkout the pdnsd git repository
- at gitorious.org.
-
x86_64 binary built on a Scientific Linux 6.2 system.
-
-
-
- If you want to check the signatures on these packages you will need a copy of my GPG key
- which you can get here
- or from a public key server.
-
- There are also Debian,
- Ubuntu,
- Gentoo,
- Mandriva
- and FreeBSD
- packages, but these may not include the latest version.
- If you are looking for other versions released by Paul Rombouts, visit this
- download directory.
-
The original author of pdnsd is Thomas Moestl,
- but since 2003, he no longer maintains pdnsd.
- However, Paul A. Rombouts has extensively revised the code and maintains
- a version with many fixes and improvements at
- http://members.home.nl/p.a.rombouts/pdnsd.html.
- He has pre-patched tarballs and RPM packages available for download at this site.
-
-
- If you are interested in the very latest code or if you want to participate in
- pdnsd development, checkout the pdnsd git repository
- at gitorious.org.
-
- If you want to check the signatures on these packages you will need a copy of my GPG key
- which you can get here
- or from a public key server.
-
- There are also Debian,
- Ubuntu,
- Gentoo,
- Mandriva
- and FreeBSD
- packages, but these may not include the latest version.
- If you are looking for other versions released by Paul Rombouts, visit this
- download directory.
-
- This is the "official" pdnsd documentation and reference written by
- Thomas Moestl with revisions by
- Paul A. Rombouts.
- This manual is a part of the pdnsd package, and may be distributed in
- original or modified form under terms of the GNU General Public
- License, as published by the Free Software Foundation; either version
- 3, or (at your option) any later version.
- You can find a copy of the GNU GPL in the file COPYING in the source or documentation directory.
- This manual is up-to-date for version 1.2.9b. For older documentation, please refer to the doc
- directory of the respective pdnsd package.
- If you want a quicker introduction to pdnsd, you can try some of the
- HOWTOs available on the web.
- For Apple Mac users, Brian Wells has published a good HOWTO at
- http://web.mac.com/brianwells/main/pdnsd.html.
-
-
-
0. Installation
-
0.1 Installing binary RPM's
- To install a binary RPM, just do
-
rpm -i pdnsd-<version>.rpm
- This should install pretty much everything automatically. The only thing left
- for you to do is adapt your configuration file (stored in /etc/pdnsd.conf)
- according to your needs (see below).
- In the Red Hat and SuSE RPMs, a start script is also installed; read the section
- 0.4, Start at Boot Time about that.
-
-
-
0.2 Building RPM's
- It is possible to build a binary RPM from a source package using the command
-
rpmbuild --rebuild pdnsd-<version>.src.rpm
- or alternatively from a tarball using the command
-
rpmbuild -tb pdnsd-<version>.tar.gz
- You can do this as root, but it is safer to build a binary package first as a normal user,
- and then, when all has gone well, install the resulting binary package as root as in the previous section.
- How to build an RPM package without being root is described at
-
- http://www.ibm.com/developerworks/linux/library/l-rpm1/.
- Several pdnsd-specific options are available when building RPM packages:
-
-
-
- --with isdn
-
-
- Has the same effect as --enable-isdn (see below).
-
-
-
-
- --without poll
-
-
- Has the same effect as --disable-poll (see below).
-
-
-
-
- --without nptl
-
-
- Has the same effect as --with-thread-lib=linuxthreads (see below).
-
-
-
-
- --with ipv6
-
-
- Has the same effect as --enable-ipv6 (see below).
-
-
-
-
- --without tcpqueries
-
-
- Has the same effect as --disable-tcp-queries (see below).
-
-
-
-
- --without debug
-
-
- Has the same effect as --with-debug=0 (see below).
-
-
-
-
- --define "distro <distro>"
-
-
- Has the same effect as --with-distribution=<distro> (see below).
-
-
-
-
- --define "run_as_user <user>"
-
-
- Has the same effect as --with-default-id=<user> (see below).
- For RPMs the default <user> is "pdnsd".
-
-
-
-
- --define "run_as_uid <uid>"
-
-
- If the user defined by the previous option does not exist when the RPM is installed,
- the pre-install script will try to create a new user with numerical id <uid>.
- The default is to let the system choose the numerical id at install time.
-
-
-
-
- --define "cachedir <dir>"
-
-
- Has the same effect as --with-cachedir=<dir> (see below).
-
-
-
- You can also configure which compiler flags will be used by setting the environment variable
- CFLAGS.
- Using a bash shell, you can do that on the command line like this:
- CFLAGS="-O1 -Wall" rpmbuild ...
- This is useful if you prefer a different level of optimization, for instance.
-
-
-
0.3 Installing from pure sources (tar archives or git repositories)
-
0.3.1 Setting up the source code tree
- Source code is available in the form of snapshots (tarballs) or a git repository
- with the very latest development code and a (nearly) complete history of all the revisions.
- Cloning a git repository is useful if you need a recent fix or feature
- that is not yet contained in a main release or you want to participate in pdnsd development.
- Otherwise you will probably find the tarballs more convenient because they are much more compact.
-
0.3.1.1 Unpacking a tar archive
- The pdsnsd snapshot releases come in the form of a gzip'ed tar archive.
- To decompress it (using a modern tar) do
-
tar -xzf pdnsd-<version>.tar.gz
- If your tar doesn't do this, use:
-
gzip -dc pdnsd-<version>.tar.gz | tar -xf -
-
0.3.1.2 Cloning a git repository
- To clone a git repository you need to install, if not already installed,
- the git version control system, which is available as a package in most modern Linux distributions.
- Then run the command:
-
- In rare cases, if you are behind some kind of firewall, the special git protocol can't be used
- and you will need to fall back to the http protocol.
- See the gitorious.org website or git documentation for more information.
-
-
0.3.2 Configuring the source
- Change into the pdnsd source directory and run configure. It takes the following command line
- options (if you do not specify an option, defaults will be used):
-
-
-
- --prefix=dir
-
-
- Specify the prefix directory. The pdnsd files are installed in subdirectories
- of the prefix, the pdnsd and pdnsd-ctl executables are for example installed
- in the sbin subdirectory of the prefix. The default for this is /usr/local;
- you might want to set this to /usr (using --prefix=/usr).
-
-
-
-
- --sysconfdir=dir
-
-
- Specify the config directory. pdnsd expects its pdnsd.conf file to reside
- there if the -c option is not given at startup.
- The default for this is the etc subdirectory of your prefix, e.g. /usr/local/etc
- if you did not specify a prefix. To set this e.g. to /etc, use --sysconfdir=/etc.
-
- Specify target distribution (default=Generic; others: RedHat, SuSE, Debian)
- See below for the effect of these settings.
-
-
-
-
- --with-target=platform
-
-
- Change compilation target platform (default: autodetect; others: Linux, BSD, Cygwin).
- autodetect will attempt to detect whether you are using Linux, *BSD or Cygwin and
- should normally be sufficient. If this does not work, try specifying
- your system manually (for the Darwin platform (Apple Mac OS X) specify BSD here).
-
- Default directory for pdnsd cache (default=/var/cache/pdnsd)
- This setting can be changed via config file settings when pdnsd has been built.
-
-
-
-
- --with-hash-buckets=num
-
-
- Number of hash buckets to use (default=1024). The default should be
- sufficient for most purposes, but if you want to store a large number of names
- in the cache, cache lookups may be faster if the number of hash buckets
- is comparable to the number of names stored in the cache.
- The number actually used is the smallest power of two
- greater or equal to the number specified here.
-
- Enable ISDN support
- This option will work only on Linux and may cause problems with 2.0.x or
- old 2.2.x kernels. You will need it for a proper if uptest
- under Linux for ISDN ppp devices.
-
-
-
-
- --disable-ipv4
-
-
- Disable IPv4 networking support (default=enabled)
-
- Enable IPv6 networking support.
- If your OS does support IPv6 properly, you should be able to serve also
- IPv4 queries using this. Normally, this is disabled and you won't need
- it.
-
-
-
-
- --disable-ipv4-startup
-
-
- Disable IPv4 on pdnsd startup by default (default=enabled)
-
-
-
-
- --enable-ipv6-startup
-
-
- Enable IPV6 on pdnsd startup by default (default=IPv4).
- These options are only defaults, you can specify on
- the command line or in the config files which IP version
- will really be used.
- Normally, you won't need to change these.
-
-
-
-
- --disable-udp-queries
-
-
- Disable UDP as query method. You shouldn't need to change
- this.
-
- Disable TCP as query method. This only effects the querying of
- name servers by pdnsd, not the ability of pdnsd to answer
- TCP queries from clients.
- TCP queries are slower than UDP queries, but can be more secure
- against certain types of attacks and are able to handle large answers.
- For normal use this can be disabled.
- (Note that the default has changed: TCP-query support
- is now compiled in by default, but it still depends on the run-time
- options whether it is actually used.)
-
-
-
-
- --with-query-method=qm
-
-
- Specify the query method (default=udponly, others: tcponly, tcpudp, udptcp).
- If you have enabled both UDP and TCP queries, this lets you control
- which query method pdnsd will use by default. tcpudp will try TCP
- first and fall back to UDP if TCP is not supported by the server;
- udptcp will try UDP first and, if the answer was truncated, will repeat
- the query using TCP.
- udponly and tcponly should be clear. Note that this only effects
- the compiled-in default; the query method can still be changed using
- command-line options or options in the configuration file.
-
-
-
-
- --disable-tcp-server
-
-
- Disable the TCP server.
- In this case pdnsd will not be able to respond to TCP queries from clients.
- This may cause problems with very large answers.
-
-
-
-
- --disable-src-addr-disc
-
-
- Disable the UDP source address discovery.
- You need this only if you have trouble with messages saying
- "could not discover udp source address".
- For the Cygwin target, this option is disabled by default.
-
- Disable poll(2) and use select(2) (default=enabled)
- You will normally not need this.
-
-
-
-
- --disable-new-rrs
-
-
- Since version 1.2.9 this option is obsolete and ignored.
- It is now possible to configure for each RR type separately whether it is
- cacheable by pdnsd by editing the file src/rr_types.in.
- The comments in this file explain how to do this.
-
-
-
-
- --enable-strict-rfc2181
-
-
- Enforce strict RFC 2181 compliance.
- This will cause pdnsd to reject DNS answers with incorrect
- timestamp settings (multiple RRs of the same type and for the same domain with
- different TTLs). Normally not needed.
-
- This option is obsolete. Since version 1.2, pdnsd places no restrictions
- on the types of characters in domain names (there are still a few restrictions
- for locally defined names, though).
-
-
-
-
- --with-random-device=device
-
-
- Specify random device; default: C Library random() PRNG
- pdnsd uses (pseudo-) random numbers as query IDs for security reasons
- (this makes forging DNS answers more difficult). This option
- controls where pdnsd gets these from. The default is the C library
- random() function, which is relatively weak.
- You can specify a device like /dev/urandom here if you like; pdnsd will read
- random numbers from it 16-bit-wise. /dev/urandom is present under Linux and
- most BSD derivates. You should not use /dev/random - it is more secure, but
- may block and delay pdnsd's answers for a long time.
- You can specify arc4random to use the BSD arc4random()
- library function (default for FreeBSD target), which is considered safe.
- You can also specify random as device to use the C Library
- random() function (described above).
-
- Specify default user for pdnsd (default=nobody).
- This is the user that will be entered for the run_as
- option in the config file (see below) that will be installed during make install.
- You can change this any time in your config file.
-
- Specify debugging level. Normally you can safely switch debugging off
- by setting the level to 0. This will increase speed (although only
- marginally) and save space in the executable (only about 12kB).
- However, more significant may be the savings in stack space, especially
- if pdnsd is put under heavy load and there are many simultaneous
- running threads.
- Presently the only defined debug levels are in the range 0 - 9.
- Setting the level to 9 enables hex dumps of the queries and replies
- pdnsd receives and should normally not be needed. Debug output will only
- be generated if you turn on special switches; it might be useful for
- debugging your config files, so I recommend using the default (1).
- However, if you use pdnsd under heavy load, a better strategy may be
- to compile one version of pdnsd without debug support (configured with
- --with-debug=0) for production use, and one version with
- with debug support (e.g. --with-debug=9)
- for diagnostic purposes.
-
-
-
-
- --with-verbosity=level
-
-
- Specify default message verbosity. The default should be ok.
-
-
-
-
- --enable-rcsids
-
-
- Enable RCS IDs in executables (default=disabled).
- For personal use, there is no need to do this. If you build rpm's, it
- might have advantages.
-
-
-
-
- --enable-tcp-subseq
-
-
- Enable subsequent tcp queries. The DNS protocol standard
- requires that servers must be capable of answering multiple
- subsequent queries that are sent over the same tcp connection, and that
- the server may only close the connection by himself after a certain
- timeout. This feature is rarely used, but may make denial-of-service
- attacks easier, as it allows for an attacker to hold a connection open
- a long time (although the attacker's IP is most likely revealed then).
- For full standard compliance, you should use this option.
- If you do not use --enable-tcp-server, is option is not honored.
-
-
-
-
- --with-tcp-qtimeout=secs
-
-
- Specify default tcp query timeout after which the connection is closed
- if no full query has been received. The default is 30s.
- You can also change this option at run time using the tcp_qtimeout
- config file option.
- If you do not use --enable-tcp-server, is option is not honored.
-
-
-
-
- --with-par-queries=num
-
-
- Specify the default number of queries that can be executed in parallel.
- You can also change this option at run time using the par_queries
- config file option. See the description of that option for an explanation
- of what it really does.
- The default for this option is 2.
-
-
-
-
- --with-max-nameserver-ips=num
-
-
- New in version 1.2.9b:
- Specify the maximum number of IP addresses that can be used per nameserver obtained
- from NS records (when resolving names recursively).
- Just one IP address per nameserver is sufficient in the vast majority of cases
- (and this was the strategy used by pdnsd in previous versions),
- but in rare cases this will cause unnecessary resolve failures if the address chosen
- for each nameserver happens to be unreachable while the other addresses would lead to
- successful resolution.
- The default for this option is 3.
-
- Added by Paul Rombouts: Use this option if you experience problems with
- signal handling under Linux. The usual symptom is that pdnsd fails to save
- the cache to disk, and /var/cache/pdnsd/pdnsd.cache remains empty.
- If you experience this kind of trouble, try reconfiguring with different values
- for the --with-thread-lib option. The allowable values are
- linuxthreads (or lt for short), linuxthreads2
- (or lt2 for short), and nptl.
- By default the configure script tries to detect automatically whether
- linuxthreads or nptl is more appropriate for your system,
- but the method used is not foolproof. Look for the line:
- checking if this is an NPTL-based system...
- If the automatic test mistakenly indentifies the thread library on your system as
- NPTL based, you should reconfigure with --with-thread-lib=lt and recompile.
- If the result of the automatic test is "no" or if
- --with-thread-lib=lt does not have the desired effect, try again using
- --with-thread-lib=lt2 .
-
-
-
- Normally, you will need only --prefix, --sysconfdir and
- --with-distribution.
- If you specify your distribution using --with-distribution, this has the
- following effects:
-
-
An rc script is copied in the appropriate localtion, which enables pdnsd to start
- at machine boot time (see 0.4)
-
Distribution-specific portions might be included in the generated pdnsd.spec
- file (only important if you want to build rpm archives yourself).
-
- If you choose Generic, no rc script is installed, and a generic spec
- file is generated.
-
- Further instructions are in the INSTALL document in the pdnsd source directory.
- ./configure --help will give you a list of all supported command line
- options.
- Note added by Paul Rombouts: Some people may want change the compiler optimization flag.
- I use the -O2 flag, but it might be safer to use a lower level of
- optimization or no optimization at all. In that case prefix the
- configure command with the desired compiler flags like this
- (assuming you're using a bash shell):
-
CFLAGS="-O1 -Wall" ./configure ...
-
-
-
-
0.3.3 Building & installing
- Type make in the source directory. Should work by now.
- To install, type make install or do the installation by hand (see 0.3.4).
- make install will do the following ($prefix is the prefix directory; see above):
-
-
copies pdnsd to $(prefix)/sbin/
-
copies pdnsd-ctl to $(prefix)/sbin/
-
copies docs/pdnsd.conf.sample (a sample configuration) to the pdnsd config directory.
-
creates your cache directory if it is not there.
- After installation, you should check the file permissions and create or edit
- /etc/pdnsd.conf to fit your needs (see below).
- If you use the run_as option, please make sure that your
- cache directory is owned by the user you specified with this option!
-
- You must be root for this installation!
- Security notes:never make the pdnsd cache directory
- writeable for untrusted users, or you will get several security holes:
- the users might modify the cache contents, or plant dangerous links.
- If you use a pidfile, you should be aware that you introduce security
- problems if you place the pidfile in a directory in a NFS filesystem that
- is writeable for untrusted users. Generally, the pidfile directory
- (typically /var/run) should not be writeable for untrusted users.
-
-
0.3.4 Manual installation
- For a manual installation, you need to do the following steps:
-
-
Copy pdnsd and pdnsd-ctl from your build directory to an appropriate location (e.g. /usr/sbin).
-
Copy docs/pdnsd.conf into the directory you want it to reside (/etc by default,
- and change it according to your needs (see below).
-
Create your caching directory; default is /var/cache/pdnsd (you may change this
- in your pdnsd.conf); Permissions should be at max rwxr-xr-x (if you want to
- protect your cache and status socket, make it rwx------).
-
- Thats it!
-
-
-
0.4 Start at boot time
- In the src/rc folder of the pdnsd distribution are start scripts
- for pdnsd designed for different Linux distros. There are scripts
- for SuSE, Redhat, Debian, Arch Linux and Slackware now.
- The start scripts are automatically installed during RPM install, and also during make install
- if you specified your distro.
- For Slackware Linux there is a start-up script contributed by Nikola Kotur, but presently
- it must be installed manually.
- See src/rc/README and src/rc/Slackware/rc.pdnsd for details.
-
-
0.4.1 SuSE Linux startup
- rc/SuSE/pdnsd is a start script for SuSE Linux. It was tested for 6.? but should run on some
- versions below. You can do make install as root in the rc/SuSE
- directory to install it, or you can install manually:
-
-
-
- manual installation
-
-
-
-
- For manual installation, copy rc/SuSE/pdnsd into /sbin/init.d/, go to
- /sbin/init.d/rc2.d/ and create there the following two symlinks:
- S11pdnsd to ../pdnsd (do ln -s ../pdnsd S11pdnsd in that dir)
- K34pdnsd to ../pdnsd (do ln -s ../pdnsd K34pdnsd in that dir)
- The numbers dictate the order different services are started and
- might need to be modified. Then edit your /etc/rc.config file and
- add the line START_PDNSD=yes to start pdnsd at boot time.
-
-
-
-
- If you used the make install command, START_PDNSD=yes has been
- appended to your /etc/rc.config file, causing pdnsd to be started
- at boot time. If you don't want that, change the yes into no.
-
- This start script was created from /sbin/init.d/skeleton by me, so the
- most is copyrighted by SuSE. They put it under the GPL, however, so
- the license stated in COPYING also applies to this script.
- There is NO WARRANTY OF ANY KIND on these scripts.
- This is no official SuSE script, and SuSE naturally does NO support
- for it.
-
0.4.2 Red Hat Linux startup
- rc/Redhat/pdnsd is a start script for Red Hat Linux. It was contibuted by Torben
- Janssen.
- This was tested for 6.1 but should run on 5.0+. You can do make install as root in the
- rc/Redhat directory to install it, or you can install manually:
-
-
-
- manual installation
-
-
-
-
- For manual installation, copy rc/Redhat/pdnsd into /etc/rc.d/init.d/
- Then go to /etc/rc.d/rc3.d and create there the following symlink:
- S78pdnsd -> ../init.d/pdnsd
- (do ln -f -s ../init.d/pdnsd S78pdnsd in that dir)
-
- Then go to /etc/rc.d/rc0.d and create there the following symlink:
- K78pdnsd -> ../init.d/pdnsd
- (do ln -f -s ../init.d/pdnsd K78pdnsd in that dir)
-
- Then go to /etc/rc.d/rc6.d and create there the following symlink:
- K78pdnsd -> ../init.d/pdnsd
- (do ln -f -s ../init.d/pdnsd K78pdnsd in that dir)
-
-
-
- This script is also covered by license stated in COPYING.
- Again, there is NO WARRANTY OF ANY KIND on these scripts.
- This is no offical Redhat script, and Redhat naturally does NO support
- for it
-
-
0.5 Notes for FreeBSD users
- The special handling of ISDN ppp devices is only supported on Linux. It is not needed in FreeBSD, the normal
- device handling also works fine with isdn4bsd devices.
- When compiled for FreeBSD, pdnsd as a small RFC compatability issue: RFC2181 demands answers on dns querys
- to be sent with the same source address the query packet went to. In seldom cases, this will not be the case,
- because the kernel selects the source address depending on the interface that was used for sending the answer.
- Setting the source address currently does not work for IPv4. I have written a kernel patch that will provide an easy way
- to program this. We'll see if or when it gets commited.
-
-
-
1 Invocation
- When invoking pdnsd, you can specify various options at the command line. Command line options
- always override config file options. The various --noX options are present to override
- config file options.
-
- pdnsd --help (or -h) gives you an overview of the pdnsd command line options.
-
-
- pdnsd --version (or -V for short) prints licence and version information.
-
-
- To start pdnsd as background daemon, specifiy --daemon (or -d for short) on
- the command line. Diagnostic and error messages after the actual daemon start
- will be printed to the syslog instead of the console. --nodaemon will disable this.
-
-
- When starting pdnsd as a daemon, the -p option may be helpful: It writes the pid
- of the server process to the file of the name given as argument to this option.
- Example: pdnsd -d -p /var/run/pdnsd.pid
-
-
- If you want to specify a configuration file other than /etc/pdnsd.conf, specify
- -c or --config-file on the command line, followed by a filename.
-
-
- If pdnsd was compiled with debugging support, you may specify -g or
- --debug on the command line. This will cause extra diagnostic messages to be
- printed. When pdnsd runs in daemon mode, the messages will be written to the pdnsd.debug
- file in your cache directory. --nodebug disables debugging.
-
-
- pdnsd -vn sets the verbosity level of pdnsd. n is normally a digit from 0 to 3,
- where 0 means normal operation, while 3 will most verbose.
- Level 9 can be used in combination with the --debug option for very
- extensive debug information.
- Note: The current implementation mostly ignores the verbosity level,
- so you may not notice much difference between the various levels.
-
-
- The option -s or --status enables the status control socket. This is a named socket in
- the cache directory called pdnsd.status. This socket allows run-time configuration of pdnsd
- using the utility pdnsd-ctl. See below for more details about pdnsd-ctl.
- --nostatus disables status control.
- See also the configuration option status_ctl in the global section.
-
-
- The option --notcp disables the seldom needed TCP server thread, which may
- save you some resources. -t or --tcp will enable it.
- See also the tcp_server configuration option.
-
-
- Using the -m option, you can select the method pdnsd uses to query other name servers.
- Following methods are supported (see also the query_method
- configuration option):
- -muo: pdnsd will use UDP only. This is the fastest method, and should be supported by all name servers
- on the Internet.
- -mto: pdnsd will use TCP only. TCP queries usually take longer time than UDP queries, but are more secure
- against certain attacks, where an attacker tries to guess your query id and to send forged answers. TCP queries
- are not supported by some name servers.
- -mtu: pdnsd will try to use TCP, and will fall back to UDP if its connection is refused or times out.
- -mut: New in version 1.2.5: pdnsd will try to use UDP, and will repeat the query using TCP if the UDP reply was truncated
- (i.e. the tc bit is set). This is the behaviour recommended by the DNS standards.
-
-
- The -4 option switches to IPv4 mode, providing pdnsd was compiled with IPv4 support.
- The -6 option switches to IPv6 mode, providing pdnsd was compiled with IPv6 support.
- The -a option is only available when pdnsd was compiled with both IPv4 and IPv6 support.
- With this option, pdnsd will try to detect automatically if a system supports IPv6, and fall back to IPv4 otherwise.
-
-
- With -iprefix or --ipv4_6_prefix=prefix you can set the prefix pdnsd uses (when running in IPv6
- mode) to map IPv4 addresses in the configuration file to IPv6 addresses.
- There is also a corresponding option for the config file, see below.
- Must be a valid IPv6 address.
- The default is ::ffff:0.0.0.0
-
-
-
2 The configuration file
- This section describes the layout of the configuration file and the available
- configuration options.
- The default location of the file is /etc/pdnsd.conf. This may be changed
- with the -c command line option.
- An example pdnsd.conf comes with the pdnsd distribution in the docs directory
- and will be installed to /etc/ by make install.
-
-
-
2.1 Layout
- The configuration file is divided into sections. Each section is prefixed with
- the section name and opening curlies ({) and closed with closing curlies (}).
- In each section, configuration options can be given in the form
-
- option_name=option_value;
-
- Option value may be a string literal, a number, a time specification or a constant.
- In previous versions of pdnsd strings had to be enclosed
- in quotes ("), but since version 1.1.10 this is no longer necessary, unless
- a string contains a special character such as whitespace, a token that normally starts
- a comment, or one of ",;{}\".
- Since version 1.2.9 a backslash (\) inside a string is interpreted as an escape character,
- so it is possible to include special characters in strings (both quoted or unquoted)
- by preceding them with a backslash. Some escape sequences are in interpreted as in the C
- programming language, e.g. \t becomes a tab,
- \n becomes a new-line control char.
- A time specification consists a sequence of digits followed by a one-letter suffix.
- The following suffixes are recognized:
- s (seconds), m (minutes), h (hours),
- d (days) and w (weeks).
- If the suffix is missing, seconds are assumed.
- If several time specifications are concatenated, their values are added together;
- e.g. 2h30m is interpreted as 2*60*60 + 30*60 = 9000 seconds.
- Some options take more than one value; in this case, the values are separated with commas.
- If you may supply one of a set of possible values to an option, this is noted
- in the documentation as
- (option1|option2|option3|...)
- The constants true|false and yes|no
- are accepted as synonyms for the constants on|off.
- Comments may be enclosed in /* and */, nested comments are possible. If the
- # sign or two slashes (//) appear in the configuration file, everything from
- these signs to the end of the current line is regarded as a comment and ignored.
- There are examples for nearly all options in the sample config file.
-
-
- The global section specifies parameters that affect the overall behaviour of the
- server. If you specify multiple global sections, the settings of those later in
- the file will overwrite the earlier given values.
- These are the possible options:
-
-
-
- perm_cache=(number|off);
- Switch the disk cache off or supply a maximum cache size in kB. If the disk
- cache is switched off, 8 bytes will still be written to disk.
- The memory cache is always 10kB larger than the file cache.
- This value is 2048 (2 MB) by default.
-
-
-
-
- cache_dir=string;
- Set the directory you want to keep the cache in.
- The default is "/var/cache/pdnsd"
- (unless pdnsd was compiled with a different default).
-
-
-
-
- server_port=number;
- Set the server port. This is especially useful when you want to start the
- server and are not root. Note that you may also not specify uptest=ping in
- the server section as non-root.
- The default port is 53, the RFC-standard one. Note that you should only use
- non-standard ports when you only need clients on your machine to communicate
- with the server; others will probably fail if the try to contact the server
- on the basis of an NS record, since the A record that supplies the address for
- (among others) name servers does not have a port number specification.
-
-
-
-
- server_ip=string;
- or
- interface=string;
- Set the IP address pdnsd listens on for requests. This can be useful
- when the host has several interfaces and you want pdnsd not to listen on
- all interfaces. For example, it is possible to bind pdnsd to listen on
- 127.0.0.2 to allow pdnsd to be a forwarder for BIND.
- The default setting for this option is server_ip=any, which means that
- pdnsd will listen on all of your local interfaces.
- Presently you can only specify one address here; if you want pdnsd to listen on multiple
- interfaces but not all you will have to specify server_ip=any
- and use firewall rules to restrict access.
- The IP address used to need quotation marks around it, but since version 1.1.10
- this is no longer necessary.
- If pdnsd has been compiled with both IPv4 and IPv6 support, and you want to
- specify an IPv6 address here, then unless pdnsd was compiled to start up in IPv6 mode
- by default, you will need to use the -6 command-line option or
- set run_ipv4=off first (see below) in order to ensure that the
- IPv6 address is parsed correctly.
- If pdnsd is running in IPv6 mode and you specify an IPv4 address here,
- it will automatically be mapped to an IPv6 address.
- New in version 1.2: You may also give the name of an interface
- such as "lo" or "eth0" here, instead of an IP address
- (this has been tested on Linux, and may or may not work on other platforms).
- pdnsd will not bind to the interface name, but will look up the address of the
- interface at start-up and listen on that address. If the address of the interface
- changes while pdnsd is running, pdnsd will not notice that. You will need to
- restart pdnsd in that case.
-
-
-
-
- outgoing_ip=string;
- or
- outside_interface=string;
- New in version 1.2.9:
- Set the IP address of the interface used by pdnsd for outgoing queries.
- This can be useful when the host has several interfaces and you want pdnsd
- to send outgoing queries via only one of them.
- For example, if pdnsd is running on a host with one interface with IP address
- 192.168.1.1 connected to the local network, and another with IP address 123.xxx.yyy.zzz
- connected to the internet, you may specify server_ip=192.168.1.1
- and outgoing_ip=123.xxx.yyy.zzz to enforce that pdnsd only responds
- to queries received from the local network, and only sends outgoing queries via
- the interface connected to the internet.
- The default setting for this option is any, which means that
- the kernel is free to decide which interface to use.
- Like with the server_ip option, you may also give the name of an
- interface here, instead of an IP address.
-
-
-
-
- linkdown_kluge=(on|off);
- This option enables a kluge that some people might need: when all servers are
- marked down, with this option set the cache is not even used when a query is
- received, and a DNS error is returned in any case. The only exception from this
- is that local records (as specified in rr and source
- sections are still served normally.
- In general, you probably want to get cached entries even when the network is down,
- so this defaults to off.
-
-
-
-
- max_ttl=timespec;
- This option sets the maximum time a record is held in cache. All dns
- resource records have a time to live field that says for what period of time the
- record may be cached before it needs to be requeried. If this is more than the
- value given with max_ttl, this time to live value is set to max_ttl.
- This is done to prevent records from being cached an inappropriate long period of time, because
- that is almost never a good thing to do. Default is 604800s (one week).
-
-
-
-
- min_ttl=timespec;
- This option sets the minimum time a record is held in cache. All dns
- resource records have a time to live field that says for what period of time the
- record may be cached before it needs to be requeried. If this is less than the
- value given with min_ttl, this time to live value is set to min_ttl.
- Default is 120 seconds.
-
-
-
-
- neg_ttl=timespec;
- This option sets the time that negatively cached records will remain valid in the
- cache if no time to live can be determined. This is always the case when whole
- domains are being cached negatively, and additionally when record types are cached
- negatively for a domain for which no SOA record is known to pdnsd. If a SOA is present,
- the ttl of the SOA is taken.
-
-
-
-
- neg_rrs_pol=(on|off|auth|default);
- This sets the RR set policy for negative caching; this tells pdnsd under which circumstances
- it should cache a record type negatively for a certain domain. off will
- turn the negative caching of record types off, on will always add a negative
- cache entry when a name server did not return a record type we asked it for, and auth
- will only add such entries if the answer came from an authoritative name server for that
- domain.
- New in version 1.2.8: The default setting will add a negatively cached record
- if either the answer was authoritive or the answer indicated the name server had "recursion available"
- while the query explicitly requested such recursion.
- The preset is "default" (used to be auth).
-
-
-
-
- neg_domain_pol=(on|off|auth);
- This is analogue to neg_rrs_pol for whole domain negative caching. It should be safe
- to set this on, because I have not seen a caching server that will falsely claim that a
- domain does not exist.
- The default is auth.
-
-
-
-
- run_as=string;
- This option allows you to let pdnsd change its user and group id after operations that needed
- privileges have been done. This helps minimize security risks and is therefore recommended. The
- supplied string gives a user name whose user id and primary group id are taken.
- A little more details: after reading the config file, becoming a daemon (if specified) and starting
- the server status thread, the main thread changes its gid and uid, as do all newly created threads
- thereafter. By taking another uid and gid, those threads run with the privileges of the
- specified user.
- Under Linux and FreeBSD, the server status thread runs with the original privileges only when the strict_setuid option
- is set to off (see below, on by default), because these may be needed
- for exec uptests. The manager thread also retains its original privileges in this case.
- You should take care that the user you specify has write permissions on your cache file and
- status pipe (if you need a status pipe). You should look out for error messages like "permission denied"
- and "operation not permitted" to discover permission problems.
-
-
-
-
- strict_setuid=(on|off);
- When used together with the run_as option, this option lets you specify that all threads of the
- program will run with the privileges of the run_as user. This provides higher security than
- the normal run_as
- option, but is not always possible. See the run_as option for further discussion.
- This option is on by default.
- Note that this option has no effect on Non-Linux systems.
-
-
-
-
- paranoid=(on|off);
- Normally, pdnsd queries all servers in recursive mode (i.e. instructs servers to query other servers themselves
- if possible,
- and to give back answers for domains that may not be in its authority), and accepts additional records with information
- for servers that are not in the authority of the queried server. This opens the possibility of so-called cache poisoning:
- a malicious attacker might set up a dns server that, when queried, returns forged additional records. This way, he might
- replace trusted servers with his own ones by making your dns server return bad IP addresses. This option protects
- you from cache poisoning by rejecting additional records
- that do not describe domains in the queried servers authority space and not doing recursive queries any more.
- An exception
- to this rule are the servers you specify in your config file, which are trusted.
- The penalty is a possible performance decrease, in particular, more queries might be necessary for the same
- operation.
- You should also notice that there may be other similar security problems, which are essentially problems of
- the DNS, i.e.
- any "traditional" server has them (the DNS security extensions solve these problems, but are not widely
- supported).
- One of this vulnerabilities is that an attacker may bombard you with forged answers in hopes that one may match a
- query
- you have done. If you have done such a query, one in 65536 forged packets will be succesful (i.e. an average packet
- count of 32768 is needed for that attack). pdnsd can use TCP for queries,
- which has a slightly higher overhead, but is much less vulnerable to such attacks on sane operating systems. Also, pdnsd
- chooses random query ids, so that an attacker cannot take a shortcut. If the attacker is able to listen to your network
- traffic, this attack is relatively easy, though.
- This vulnerability is not pdnsd's fault, and is possible using any conventional
- name server (pdnsd is perhaps a little more secured against this type of attacks if you make it use TCP).
- The paranoid option is off by default.
-
-
-
-
- ignore_cd=(on|off);
- New in version 1.2.8: This option lets you specify that the CD bit of a DNS query will be ignored.
- Otherwise pdnsd will reply FORMERR to clients that set this bit in a query.
- It is safe to enable this option, as the CD bit refers to 'Checking Disabled'
- which means that the client will accept non-authenticated data.
- This option is on by default. Turn it off if you want the old behaviour (before version 1.2.8).
-
-
-
-
- scheme_file=string;
- In addition to normal uptests, you may specify that some servers shall only be queried when a certain
- pcmcia-cs scheme is active (only under linux). For that, pdnsd needs to know where the file resides that
- holds the pcmcia scheme information. Normally, this is either /var/lib/pcmcia/scheme or
- /var/state/pcmcia/scheme.
-
-
-
-
- status_ctl=(on|off);
- This has the same effect as the -s command line option: the status control is enabled when
- on is specified.
- Added by Paul Rombouts: Note that pdnsd-ctl allows run-time configuration of pdnsd,
- even the IP addesses of the name servers can be changed. If you're not using pdnsd-ctl and
- you want maximum security, you should not enable this option. It is disabled by default.
-
-
-
-
- daemon=(on|off);
- This has the same effect as the -d command line option: the daemon mode is enabled when
- on is specified.
- Default is off.
-
-
-
-
- tcp_server=(on|off);
- tcp_server=on has the same effect as the -t or --tcp
- command-line option: it enables TCP serving.
- Similarly, tcp_server=off is like the --notcp command-line option.
- Default is on.
-
-
-
-
- pid_file=string;
- This has the same effect as the -p command line option: you can specify a file that pdnsd
- will write its pid into when it starts in daemon mode.
-
-
-
-
- verbosity=number;
- This has the same effect as the -v command line option: you can set the verbosity of pdnsd's
- messages with it. The argument is a number between 0 (few messages) to 3 (most messages).
-
-
-
-
- query_method=(tcp_only|udp_only|tcp_udp|udp_tcp);
- This has the same effect as the -m command line option.
- Read the documentation for the command line option on this.
- tcp_only corresponds to the to, udp_only to the uo,
- tcp_udp to the tu and udp_tcp to the ut
- argument of the command line option.
- If you use query_method=tcp_udp, it is recommended that you also set the global timeout option to at least twice the longest server timeout.
-
-
-
-
- run_ipv4=(on|off);
- This has the same effect as the -4 or -6 command line option:
- if on is specified, IPv4 support is enabled, and IPv6 support is disabled (if available).
- If off is specified, IPv4 will be disabled and IPv6 will be enabled.
- For this option to be meaningful, pdnsd needs to be compiled with support for the protocol you choose.
- If pdnsd was compiled with both IPv4 and IPv6 support, and you want to include IPv6 addresses
- in the configuration file, you will probably need to specify run_ipv4=off first to
- ensure that the IPv6 addresses are parsed correctly.
-
-
-
-
- debug=(on|off);
- This has the same effect as the -g command line option: the debugging messages are enabled when
- on is specified.
-
-
-
-
- ctl_perms=number;
- This option allows you to set the file permissions that the pdnsd status control socket will have. These
- are the same as file permissions. The owner of the file will be the run_as user, or, if none is specified,
- the user who started pdnsd. If you want to specify the permissions in octal (as usual), don't forget
- the leading zero (0600 instead of 600!). To use the status control, write access is needed. The default
- is 0600 (only the owner may read or write).
- Please note that the socket is kept in the cache directory, and that the cache directory permissions
- might also need to be adjusted. Please ensure that the cache directory is not writeable for untrusted
- users.
-
-
-
-
- proc_limit=number;
- With this option, you can set a limit on the pdnsd threads that will be active simultaneously. If
- this number is exceeded, queries are queued and may be delayed some time.
- See also the procq_limit option.
- The default for this option is 40.
-
-
-
-
- procq_limit=number;
- When the query thread limit proc_limit is exceeded, connection attempts to pdnsd will be queued.
- With this option, you can set the maximum queue length.
- If this length is also exceeded, the incoming queries will be dropped.
- That means that tcp connections will be closed and udp queries will just be dropped, which
- will probably cause the querying resolver to wait for an answer until it times out.
- See also the proc_limit option. A maximum of proc_limit+procq_limit
- query threads will exist at any one time (plus 3 to 6 threads that will always
- be present depending on your configuration).
- The default for this option is 60.
-
-
-
-
- tcp_qtimeout=timespec;
- This option sets a timeout for tcp queries. If no full query has been received on a tcp connection
- after that time has passed, the connection will be closed. The default is set using the
- --with-tcp-qtimeout option to configure.
-
-
-
-
- par_queries=number;
- This option used to set the maximum number of remote servers that would be queried simultaneously,
- for every query that pdnsd receives.
- Since version 1.1.11, the meaning of this option has changed slightly.
- It is now the increment with which the number of parallel queries is
- increased when the previous set of servers has timed out.
- For example, if we have a list server1, server2, server3, etc. of available servers
- and par_queries=2, then pdnsd will first send queries to server1 and server2,
- and listen for responses from these servers.
- If these servers do not send a reply within their timeout period, pdnsd will send additional
- queries to server3 and server4, and listen for responses from
- server1, server2, server3 and server4, and so on until a useful reply is
- received or the list is exhausted.
- In the worst case there will be pending queries to all the servers in the list of available servers.
- We may be using more system resources this way (but only if the first servers in the list
- are slow or unresponsive), but the advantage is that we have a greater chance of catching a reply.
- After all, if we wait longer anyway, why not for more servers.
- See also the explanation of the global timeout option below.
- 1 or 2 are good values for this option.
- The default is set at compile time using the --with-par-queries option to configure.
-
-
-
-
- timeout=timespec;
- This is the global timeout parameter for dns queries.
- This specifies the minimum period of time pdnsd will wait after sending the
- first query to a remote server before giving up without having
- received a reply. The timeout options in the configuration file are
- now only minimum timeout intervals. Setting the global timeout option
- makes it possible to specify quite short timeout intervals in the
- server sections (see below). This will have the effect that pdnsd will start
- querying additional servers fairly quickly if the first servers are
- slow to respond (but will still continue to listen for responses from
- the first ones). This may allow pdnsd to get an answer more quickly in
- certain situations.
- If you use query_method=tcp_udp it is recommended that
- you make the global timeout at least twice as large as the largest
- server timeout, otherwise pdnsd may not have time to try a UDP query
- if a TCP connection times out.
- Default value is 0.
-
-
-
-
- randomize_recs=(on|off);
- If this option is turned on, pdnsd will randomly reorder the cached records of one type
- when creating an answer. This supports round-robin DNS schemes and increases fail
- safety for hosts with multiple IP addresses, so this is usually a good idea.
- On by default.
-
-
-
-
- query_port_start=(number|none);
- If a number is given, this defines the start of the port range used for queries of pdnsd. The
- value given must be >= 1024. The purpose of this option is to aid certain firewall
- configurations that are based on the source port. Please keep in mind that another application
- may bind a port in that range, so a stateful firewall using target port and/or process uid may
- be more effective. In case a query start port is given pdnsd uses this port as the first port of a
- specified port range (see query_port_end) used for queries.
- pdnsd will try to randomly select a free port from this range as local port for the query.
- To ensure that there are enough ports for pdnsd to use, the range between query_port_start and
- query_port_end should be adjusted to at least (par_queries * proc_limit).
- A larger range is highly recommended for security reasons, and also because other applications may
- allocate ports in that range. If possible, this range should be kept out of the space
- that other applications usually use.
- The default for this option is 1024. Together with the default value of query_port_end,
- this makes it the hardest for an attacker to guess the source port used by the pdnsd resolver.
- If you specify none here, pdnsd will let the kernel choose the source port, but
- this may leave pdnsd more vulnerable to an attack.
-
-
-
-
- query_port_end=number;
- Used if query_port_start is not none. Defines the last port of the range started by query_port_start
- used for querys by pdnsd. The default is 65535, which is also the maximum legal value for this option.
- For details see the description of query_port_start.
-
-
-
-
- delegation_only=string;
- Added by Paul Rombouts: This option specifies a "delegation-only" zone.
- This means that if pdnsd receives a query for a name that is in a
- subdomain of a "delegation-only" zone but the remote name server
- returns an answer with an authority section lacking any NS RRs for
- subdomains of that zone, pdnsd will answer NXDOMAIN (unknown domain).
- This feature can be used for undoing the undesired effects of DNS
- "wildcards". Several "delegation-only" zones may be specified together.
- If you specify root servers in a server section it is
- important that you set root_server=on in such a section.
- Example:
-
delegation_only="com","net";
- This feature is off by default. It is recommended that you only use
- this feature if you actually need it, because there is a risk that
- some legitimate names will be blocked, especially if the remote
- name servers queried by pdnsd return answers with empty authority
- sections.
-
-
-
-
- ipv4_6_prefix=string;
- This option has the same effect as the -i command-line option.
- When pdnsd runs in IPv6 mode, this option specifies the prefix pdnsd uses to convert IPv4 addresses in
- the configuration file (or addresses specified with pdnsd-ctl)
- to IPv6-mapped addresses.
- The string must be a valid IPv6 address. Only the first 96 bits are used.
- Note that this only effects the parsing of IPv4 addresses listed after this option.
- The default is "::ffff.0.0.0.0".
-
-
-
-
- use_nss=(on|off);
- If this option is turned on, pdnsd will call initgroups() to set up the group access list,
- whenever pdnsd changes its user and group id (see run_as option).
- There is a possible snag, though, if initgroups() uses NSS (Name Service Switch) and
- NSS in turn uses DNS. In such a case you may experience lengthy timeouts and stalls.
- By setting use_nss=off, you can disable the initgroups() call
- (only possible in versions 1.2.5 and later).
- This option was contributed by Jan-Marek Glogowski.
- On by default.
-
-
-
-
- udpbufsize=number;
- New in version 1.2.9:
- This option sets the upper limit on the size of UDP DNS messages. The default is 1024.
- See also the edns_query server option below.
-
- Each server section specifies a set of name servers that pdnsd should try to get
- resource records or authoritative name server information from. The servers are
- queried in the order of their appearance (or parallel to a limited extend).
- If one fails, the next one is taken and so on.
- You probably want to specify the dns server in your LAN, the caching dns servers
- of your internet provider or even a list of root servers in one or more server sections.
- The supported options in this section are:
-
-
-
-
- label=string;
- Specify a label for the server section. This can be used to refer to this section
- when using pdnsd-ctl, the pdnsd control utility.
- You can give several server sections the same label, but if you want to change the addresses
- of a server section (see ip option below) during run-time with
- "pdnsd-ctl server label up dns1,dns2,...",
- the label must be unique.
-
-
-
-
- ip=string;
- Give the IP (the address, not the host name) of the server.
- Multiple IP addresses can be given per server section.
- This can be done by entering multiple lines of the form ip=string;
- or a single line like this:
-
ip=string,string,string;
- IP addresses do not have to be specified in the configuration file.
- A server section without IP addresses will remain inactive until it is assigned
- one or more addresses with pdnsd-ctl,
- the pdnsd control utility.
- If pdnsd has been compiled with both IPv4 and IPv6 support, any IPv6 addresses you specify
- here will be skipped with a warning message, unless pdnsd is running in IPv6 mode.
- Thus, unless pdnsd was compiled to startup in IPv6 mode by default, you need to use the
- command-line option -6 or set run_ipv4=off
- first (see global section) in order to ensure
- that IPv6 addresses are parsed correctly.
- If pdnsd is running in IPv6 mode and you specify an IPv4 address here,
- it will automatically be mapped to an IPv6 address.
-
-
-
-
- file=string;
- New in version 1.2: This option allows you to give the name of a resolv.conf-style file.
- Of the lines beginning with the nameserver keyword, the second field will be parsed as an
- IP address, as if it were specified with the ip= option. The remaining lines will be ignored.
- If the contents of the file changes while pdnsd is running, you can make pdnsd aware of the changes through the
- use of pdnsd-ctl, the pdnsd control utility.
- This is usually most conveniently done by placing the command "pdnsd-ctl config" in a script
- that is automatically run whenever the DNS configuration changes.
- For example, suppose you have a ppp client that writes the DNS configuration for your ISP to the file
- /etc/ppp/resolv.conf and runs the script /etc/ppp/ip-up when a new
- connection is established. One way of ensuring that pdnsd is automatically reconfigured is to
- add a server section in the config file with file=/etc/ppp/resolv.conf and to
- add the command "pdnsd-ctl config" to /etc/ppp/ip-up.
-
-
-
-
- port=number;
- Give the port the remote name server listens on. Default is 53 (the official
- dns port)
-
-
-
-
- uptest=(ping|none|if|dev|diald|exec|query);
- Determine the method to check whether the server is available. Currently
- defined methods are:
-
-
-
ping: Send an ICMP_ECHO request to the server. If it doesn't respond
- within the timeout, it is regarded to be unavailable until the next probe.
-
none: The availability status is not changed, only the time stamp is updated.
-
if: Check whether the interface (specified in the interface= option) is
- existent, up and running. This currently works for all "ordinary"
- network interfaces, interfaces that disappear when down (e.g. ppp?),
- and additionally for Linux isdn interfaces (as of kernel 2.2). Note that
- you need a /dev/isdninfo device file (major#45, minor#255), or the
- isdn uptest will always fail.
-
dev and diald: Perform an if uptest, and, if that
- was succesful, additionally check whether a program is running that
- has locked a given (modem-) device. The needed parameters are an interface (specified as for the if
- uptest, e.g. "ppp0") and a device relative to /dev (e.g.
- "modem" for /dev/modem specified using the device= option.
- pdnsd will then look for a pid file for the given interface in /var/lock (e.g.
- /var/run/ppp0.pid) and for a lockfile for the given device (e.g. /var/lock/LCK..modem),
- and then test whether the locking process is the process that created the pid file and this process is still
- alive. If this is the case, the normal if uptest is executed for the given interface.
- The dev option is for pppd dial-on-demand, diald is the same for diald users.
-
exec: Executes a given command in the /bin/sh shell
- (as /bin/sh -c <command>)
- and evaluates the result (the return code of the last command) in the shell's way of handling return codes,
- i.e. 0 indicates success, all other indicate failure. The shell's process name will be
- uptest_sh. The command is given with the uptest_cmd option (see below).
- For secuity issues, also see that entry.
-
query: New in version 1.2:
- This works like the ping test, except it sends an (empty) DNS query to the remote server.
- If the server sends a well-formed response back within the timeout period (except SERVFAIL),
- it will be regarded as available.
- This test is useful if a remote server does not respond to ICMP_ECHO requests at all,
- which unfortunately is quite common these days.
- It can also happen that a remote server is online but ignores empty DNS queries.
- Then you will need the set the query_test_name option (see below).
- In many cases this test will be a more reliable indicator of availability
- than the ones mentioned before.
-
-
- The default value is none.
-
- NOTE: If you use on-demand dialing, use none, if,
- dev, diald or exec,
- since ping or query will send packets
- in the specified interval and the interface will thus frequently dial!
-
-
-
-
- ping_timeout=number;
- Sets the timeout for the ping test in tenths of seconds
- (this unit is used for legacy reasons; actually the current implementation is
- only accurate to a second).
- The default is 600 (one minute).
-
-
-
-
- ping_ip=string;
- The IP address for the ping test. The default is the IP of the name server.
-
-
-
-
- query_test_name=string;
- New in version 1.2.9:
- Sets the name to be queried when using uptest=query availability test.
- If the string is the unquoted constant none,
- an empty query is used (this the default), otherwise a query of type A will be
- sent for the domain name specified here. It is not necessary for the domain name
- to exist or have a record of type A in order for the uptest to succeed.
- If the the remote server ignores empty queries, you will probably want to set
- query_test_name="." (the root domain).
-
-
-
-
- uptest_cmd=string,string;
- or
- uptest_cmd=string;
- Sets the command for the uptest=exec function to the first string.
- If the second string is given, it specifies a user with whose user
- id and primary group id the command is executed.
- This is especially useful if you are executing the server as root,
- but do not want the uptest to be performed with root privileges.
- In fact, you should never execute the uptest as root if you can help
- it.
- If the server is running setuid or setgid, the privileges thus gained
- are attempted to be dropped even before changing identity to the
- specified user to prevent setuid/gid security holes (otherwise, any
- user might execute commands as root if you setuid the executable).
- Note that this is not always possible, and that pdnsd should never
- be installed as setuid or setgid.
- The command is executed using /bin/sh, so you should be able to use
- shell builtin commands.
-
-
-
-
- interval=(timespec|onquery|ontimeout);
- Sets the interval for the server up-test. The default is 900 seconds;
- however, a test is forced when a query times out and the timestamp is reset then.
- If you specify onquery instead of a timeout, the interface will be
- tested before every query. This is to prevent automatically dialing
- interfaces (diald/pppd or ippp) to dial on dns queries. It is intended to be
- used in connection with an interface-testing uptest ;-)
- Note that using uptest=exec, you might run into performance problems
- on slow machines when you use that option.
- DON'T use onquery with uptest=ping or
- uptest=query, as it may cause delays if the server does not answer
- (btw, it doesn't make sense anyway).
- Note also that using onquery is no guarantee that the interface
- will not be used. When another (reachable) dns server tells pdnsd
- to query a third dns server for data, pdnsd will do that and has
- no means of checking whether this will dial up the interface or not.
- This however should be a rare situation.
- New in version 1.2.3:
- A third possibility is to specify interval=ontimeout.
- In this case the server is not tested at startup/reconfiguration, nor at regular intervals,
- but only after a DNS query to a server times out. Certain types of network problems
- such as a refused connection will also cause the server to be considered unavailable.
- However, once a server is declared dead it is never considered again unless it is revived using a
- pdnsd-ctl config or server command.
- The idea behind this option is to minimize uptests by assuming all
- servers are available until there is reason to believe otherwise.
-
-
-
-
- interface=string;
- The network interface (or network device, e.g. "eth0") for the uptest=if option.
- Must be specified if uptest=if is given.
-
-
-
-
- device=string;
- The (modem-) device that is used for the dev uptest. If you use this for a dial-on-demand
- ppp uptest (together with uptest=dev), you need to enter the device you are using for your
- pppd here, e.g. modem for /dev/modem.
- Must be specified if uptest=dev is given.
-
-
-
-
- timeout=timespec;
- Set the timeout for the dns query. The default is 120 seconds. You probably want to set this lower.
- Timeouts specified in the configuration file are only treated as the
- minimum period of time to wait for a reply. A queries to a remote
- server are not canceled until a useful reply has been received, or all
- the other queries have timed out or failed.
- If you have also set the global timeout option, you may consider setting a fairly small value here.
- See the explanation of the timeout option in the global
- section for what that means.
-
-
-
-
- purge_cache=(on|off);
- In every fetched dns record, there is a cache timeout given, which
- specifies how long the fetched data may be cached until it needs to be
- reloaded. If purge_cache is set to off, the stale records are not purged
- (unless the cache size would be exceeded, in this case the oldest records are purged).
- Instead, they are still served if they cannot succesfully be
- updated (e.g. because all servers are down).
- Default is off.
-
-
-
-
- caching=(on|off);
- Specifies if caching shall be performed for this server at all. Default is
- on.
-
-
-
-
- lean_query=(on|off);
- Specifies whether to use the "lean" query mode. In this mode, only the
- information actually queried from pdnsd is resolved and cached. This has
- the advantage that usually less cache space is used and the query is
- usually faster. In 90% of the cases, only address (A) records are needed
- anyway. If switched off, pdnsd will always cache all data about a host
- it can find and will specifically ask for all available records
- (well, at least it is a good approximation for what it really does ;-)
- This will of course increase the answer packet sizes.
- Some buggy name servers may not deliver CNAME records when not asked for
- all records. I do not know if such servers are around, but if you have
- trouble resolving certain host names, try turning this option off.
- A last note: If you use multiple pdnsd's that access each other, turning
- this option on is probably a big win.
- This on by default.
-
-
-
-
- edns_query=(on|off);
- New in version 1.2.9:
- Specifies whether to use EDNS (Extension mechanisms for DNS) for outgoing queries.
- Currently this is only useful for allowing UDP message sizes larger than 512 bytes.
- Note that setting this option on can give problems in combination with some legacy
- systems or software, including, embarrassingly enough, previous versions of pdnsd.
- The default is off, but if your network can handle UDP payloads
- significantly larger than 512 bytes, the recommended value is on.
- Note that this option only effects outgoing queries. If pdnsd receives a query using
- EDNS, it will reply using EDNS regardless of the value of this option.
-
- See also the udpbufsize option above.
-
-
-
-
- scheme=string;
- You can specify a pcmcia-cs scheme that is used in addition to the uptests. If you specify
- a scheme here, the server this section is for will only be queries if the given scheme
- is active. Shell wildcards (* and ?) are allowed in the string under their special
- meanings. You need to use the scheme_file option on the global
- section to make this option work.
-
-
-
-
- preset=(on|off);
- This allows you to specify the initial state of a server before any uptest is performed.
- on specifies that the server is regarded available. The default is on.
- This is especially useful when you set uptest=none; and want to change
- the status of a server only via pdnsd-ctl.
-
-
-
-
- proxy_only=(on|off);
- When this option is set to on, answers given by the servers are always accepted, and no
- other servers (as, for example, specified in the NS records of the query domain) are
- queried. If you do not turn this option on, pdnsd will do such queries in some cases
- (in particular when processing ANY queries).
- This option is useful when you do not want pdnsd to make connections to outside servers
- for some reasons (e.g. when a firewall is blocking such queries).
- I recommend that you turn on lean_query when using this option.
- Default is off.
-
-
-
-
- root_server=(on|off|discover);
- Set this option to on if the servers specified in a section are root servers.
- A root server will typically only give the name servers for the top-level domain in its reply.
- Setting root_server=on will cause pdnsd to try to use cached information about
- top-level domains to reduce to number of queries to root servers, making the resolving of
- new names more efficient.
- You can get a list of available root servers by running the command
- "dig . ns".
- This option is also necessary if you use the delegation_only option.
- New in version 1.2.8: This option may also be set to "discover".
- This will cause pdnsd to query the servers provided with the ip= option
- to obtain the full list of root servers. The root-server addresses will replace the addresses
- specified with the ip= option.
- This will only be done once on startup, or after a "pdnsd-ctl config" command.
- In this case the name servers specified with the ip= option don't have to be
- root servers, they just have to know the names and addresses of the root servers.
- After root-server discovery pdnsd will behave just as if root_server=on
- had been specified.
- Default is off.
-
-
-
-
- randomize_servers=(on|off);
- New in version 1.2.6: Set this option to on to give each name server
- in this section an equal chance of being queried. If this option is off, the name servers
- are always queried starting with the first one specified. Even with this option on, the
- query order is not truly random. Only the first server is selected randomly; the following
- ones are queried in consecutive order, wrapping around to the beginning of the list when
- the end is reached. Note that this option only effects the order within a section. The
- servers in the first (active) section are always queried before those in the second one,
- etc. The default is off, but if you are resolving from root servers setting this
- option on is highly recommended. If root_server=on this option also effects
- the query order of the name servers for the top-level domains.
-
-
-
-
- reject=string;
- New in version 1.2.6: This option can be used to make pdnsd reject replies that
- contain certain IP addresses. You can specify a single IP address, which will be matched
- exactly, or a range of addresses using an address/mask pair.
- The mask can be specified as a simple integer, indicating the number of initial 1 bits in
- the mask, or in the usual IP address notation. IP addresses may be either IPv4 or IPv6
- (provided there is sufficient support in the C libraries and support for AAAA records was
- not disabled).
- When addresses in the reject list are compared with those in a reply, only the bits
- corresponding to those set in the netmask are significant, the rest are ignored.
- Multiple addresses or address/mask pairs may be specified; this can be done by entering
- multiple lines of the form reject=string;
- or a single line like this:
-
reject=string,string,string;
- How pdnsd reacts when an address in the reply matches one in the reject list,
- depends on the reject_policy option, see below.
-
-
-
-
- reject_policy=(fail|negate);
- New in version 1.2.6:
- This option determines what pdnsd does when an address in the reply from a name server
- matches the reject list (see above). If this option is set to
- fail, pdnsd will try another server, or, if there no more servers to try,
- return the answer SERVFAIL. If this option is set to negate, pdnsd will
- immediately return the answer NXDOMAIN (unknown domain) without querying additional
- servers. The fail setting is useful if you don't always trust the servers in
- this section, but do trust the servers in the following section. The negate
- setting can be used to completely censor certain IP addresses. In this case you should put
- the same reject list in every server section, and also set the
- reject_recursively option (see below) to true.
- The default is fail.
-
-
-
-
- reject_recursively=(on|off);
- New in version 1.2.6: Normally pdnsd checks for addresses in the
- reject list (see above) only when the reply comes directly from a name server
- listed in the configuration file. With this option set to on, pdnsd will
- also do this check for name servers that where obtained from NS records in the authority
- section of a previous reply (which was incomplete and non-authoritative).
- Default is off.
-
-
-
-
- policy=(included|excluded|simple_only|fqdn_only);
- pdnsd supports inclusion/exclusion lists for server sections: with include=
- and exclude= (see below) you can specify domain names for which this server
- will be used or will not be used. The first match counts (i.e., the first include or
- exclude rule in a server section that matches a domain name is applied, and the
- search for other rules is terminated). If no rule matched a given domain name,
- the policy= option determines whether this server is used for the
- lookup for that domain name; when included is given, the server will
- be asked, and when excluded is given, it will not.
- If simple_only is given the server will be used if the name to lookup
- is a simple (single-label) domain name, on the other hand if fqdn_only
- is given the server will be used only for names consisting of two or more labels
- (i.e. the name has at least one dot in-between).
- If no server is available for a queried domain, pdnsd will return an error message
- to the client that usually will stop the client's attempts to resolve a specific
- domain from this server (the libc resolver will e.g. return an error to the application that
- tried to resolve the domain if no other servers are available in the resolv.conf).
- This may be of use sometimes.
- Note: the simple_only and fqdn_only constants
- were added by Paul Rombouts.
- They are useful for controlling which name servers (if any) will be used by
- pdnsd for resolving simple (single-label) host names.
- fqdn_only used to stand for "fully qualified domain name only", but this is
- actually a misnomer. The names in queries received by pdnsd are always considered to be
- fully qualified. If you do not exactly understand what the options simple_only and
- fqdn_only are good for, you are probably better off not using them.
- The default for this option is included.
-
-
-
-
- include=string;
- This option adds an entry to the exclusion/inclusion list. If a domain matches
- the name given as string, the server is queried if this was the first matching rule
- (see also the entry for policy).
- If the given name starts with a dot, the whole subdomain
- of the given name including the one of that name is matched, e.g. ".foo.bar."
- will match the domain names a.foo.bar., a.b.c.foo.bar. and foo.bar.
- If it does not start in a dot, only exactly the given name (ignoring the case, of course)
- will be matched (hint: if you want to include all subdomains, but not the domain of the given
- name itself, place an exact-match exclude rule before the include rule, e.g:
- exclude="foo.bar."; include=".foo.bar.";
- Previous versions of pdnsd
- required that names given with this and the next option ended in a dot, but since
- version 1.1.8b1-par8, pdnsd automatically adds a dot at the end if it
- is missing.
- pdnsd now also accepts a more compact notation for adding several "include" entries in
- one line, e.g.:
-
include=".foo",".bar",".my.dom";
-
-
-
-
- exclude=string;
- This option adds an entry to the exclusion/inclusion list. If a domain matches
- the name given as string, the server is not queried if this was the first matching rule
- (see also the entry for policy).
- If the given name starts with a dot, the whole subdomain
- of the given name including the one of that name is matched, e.g. ".foo.bar."
- will match the domain names a.foo.bar., a.b.c.foo.bar. and foo.bar.
- If it does not start in a dot, only exactly the given name (ignoring the case, of course)
- will be matched (hint: if you want to exclude all subdomains, but not the domain of the given
- name itself, place an exact-match include rule before the exclude rule, e.g:
- include="foo.bar."; exclude=".foo.bar.";
- pdnsd now also accepts a more compact notation for adding several "exclude" entries in
- one line, e.g.:
-
- Every rr section specifies a dns resource record that is stored locally. It
- allows you to specify own dns records that are served by pdnsd in a limited way.
- Only A, PTR, CNAME, MX, NS and SOA records are implemented.
- This option is intended to allow you to define RRs for 1.0.0.127.in-addr.arpa.
- and localhost. (and perhaps even one or two hosts) without having to start an
- extra named if your cached name servers do not serve those records.
- It is NOT intended and not capable to work as a full-featured name server.
-
-
-
-
- name=string;
- Specifies the name of the resource records, i.e. the domain name of
- the resource the record describes. This option must be specified
- before any a, ptr, cname,
- mx, ns or soa records.
- Names are interpreted as absolute domain names
- (i.e. pdnsd assumes they end in the root domain).
- For this and all following arguments that take domain names, you need to
- specify domain names in dotted notation (example venera.isi.edu.).
- Previous versions of pdnsd
- required that domain names given in the configuration file ended in a
- dot, but since version 1.1.8b1-par8, pdnsd automatically assumes a
- dot at the end if it is missing.
- New in version 1.2: It is also possible to specify a name starting
- with the label *. Such a name is called a wildcard. The * in a wildcard
- can match one or more labels in a queried name, but only whole labels.
- Any other * characters in a wildcard, apart from the leading one,
- will only match a literal *.
- For example, *.mydomain will match a.mydomain or www.a.mydomain, but not
- mydomain. *.a*.mydomain will match www.a*.mydomain, but not www.ab.mydomain.
- *a.mydomain will only match itself.
- Before you can specify an rr section with name=*.mydomain
- you must define some records for mydomain, typically NS and/or SOA records.
- Example:
-
- rr {
- name = mydomain;
- ns = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
- rr {
- name = *.mydomain;
- a = 192.168.1.10;
- }
- In this example, www.mydomain and ftp.mydomain will resolve to the numeric
- address 192.168.1.10 (unless you add rr sections explicitly
- specifying different addresses for www.mydomain or ftp.mydomain).
- If you want mydomain also to resolve to a numeric address,
- add an A record to the first rr section.
-
-
-
-
- ttl=timespec;
- Specifies the ttl (time to live) for all resource records in this section after this entry.
- This may be redefined. The default is 86400 seconds (=1 day).
-
-
-
-
- authrec=(on|off);
- If this is turned on, pdnsd will create authoritative local records for this rr section.
- This means that pdnsd flags the domain record so that records of this domain that are not
- present in the cache are treated as non-existent, i.e. no other servers are queried for
- that record type, and an response containing none of those records is returned. This is
- most time what people want: if you add an A record for a host, and it has no AAAA record
- (thus no IPv6 address), you normally don't want other name servers to be queried for it.
- This is on by default.
- Please note that this only has an effect if it precedes the name option!
-
-
-
-
- reverse=(on|off);
- New in version 1.2: If you want a locally defined name to resolve to a numeric address
- and vice versa, you can achieve this by setting reverse=on before defining the A record
- (see below). The alternative is to define a separate PTR record, but you will
- probably find this option much more convenient.
- The default is off.
-
-
-
-
- a=string;
- Defines an A (host address) record. The argument is an IPv4 address in dotted notation.
- pdnsd will serve this address for the host name given in the name option.
- Provided there is sufficient support in the C libraries and support for AAAA records was not
- disabled, the argument string may also be an IPv6 address, in which case an AAAA record
- will be defined.
- This option be may used multiple times within an rr section, causing
- multiple addresses to be defined for the name. However, if you put the different addresses
- in different rr sections for the same name, the definition in the last
- rr section will cancel the definitions in the previous ones.
-
-
-
-
- ptr=string;
- Defines a PTR (domain name pointer) record. The argument is a host name in
- dotted notation (see name). The ptr record is for resolving adresses into names. For example, if
- you want the adress 127.0.0.1 to resolve into localhost, and localhost into 127.0.0.1, you need something
- like the following sections:
-
- The second section is for reverse resolving and uses the ptr option.
- Note that you can get the same effect by specifying only the first rr section
- with reverse=on.
- There is something special about the name in the second section:
- when a resolver wants to get a host name from an internet address,
- it composes an address that is built of the IP address in reverse byte order
- (1.0.0.127 instead of 127.0.0.1) where each byte of the adress written
- as number constitutes a sub-domain under the domain in-addr.arpa.
- So, if you want to compose an adress for reverse resolving, take your ip in dotted notation (e.g. 1.2.3.4),
- reverse the byte order (4.3.2.1) and append in-addr.arpa. (4.3.2.1.in-addr.arpa.)
- Then, define an rr section giving this address as name and the domain name corresponding to
- that ip in the ptr option.
-
-
-
-
- cname=string;
- Defines a CNAME (canonical name) record.
- The argument should be a fully-qualified host name in dotted notation (see name).
- A CNAME is the DNS equivalent of an alias or symbolic link.
- A useful application for CNAMEs is giving short, easy to remember nicknames to hosts with complicated names.
- For example, you might want the name "news" to refer to your ISP's news server "nntp2.myisp.com".
- Instead of adding an A record for "news" with the same address as "nntp2.myisp.com", you could
- put in a CNAME pointing to "nntp2.myisp.com", so that if the IP address of the news server changes,
- there is no need to update the record for "news".
- To implement this with pdnsd, you could add the following section to your configuration file:
-
- mx=string,number;
- Defines an MX (mail exchange) record. The string is the host name of the mail server in dotted notation (see name).
- The number specifies the preference level.
- When you send mail to someone, your mail typically goes from your E-mail client to an SMTP server.
- The SMTP server then checks for the MX record of the domain in the E-mail address.
- For example, with joe@example.com, it would look for the MX record for example.com and find
- that the name of mail server for that domain is, say, mail.example.com.
- The SMTP server then gets the A record for mail.example.com, and connects to the mail server.
- If there are multiple MX records, the SMTP server will pick one based on the preference level
- (starting with the lowest preference number, working its way up).
- Don't define MX records with pdnsd unless you know what you're doing.
-
-
-
-
- owner=string;
- or
- ns=string;
- Defines an NS (name server) record. Specifies the name of the host which should be authoritative for the records
- you defined in the rr section. This is typically the host pdnsd runs on.
- Note: In previous versions of pdnsd this option had to be specified before
- any a, ptr, cname, mx or soa entries.
- In version 1.2, the restrictions on this option are same as the options just mentioned,
- and it must listed after the name= option.
- This can be a pain if you want to use an old config file which specifies owner=
- before name= (sorry about that).
- Apart from greater consistency, the advantage is that you can now specify as many NS records as you like (including zero).
-
-
-
-
- soa=string,string,number,timespec,timespec,timespec,timespec;
- This defines a soa (start of authority) record. The first string is the
- domain name of the server and should be equal to the name you specified as
- owner.
- The second string specifies the email address of the maintainer of the name
- server. It is also specified as a domain name, so you will have to replace the
- @ sign in the name with a dot (.) to get the name you have to specify here.
- The next parameter (the first number) is the serial number of the record. You
- should increment this number if you change the record.
- The 4th parameter is the refresh timeout. It specifies after what amount
- of time a caching server should attempt to refresh the cached record.
- The 5th parameter specifies a time after which a caching server should attempt
- to refresh the record after a refresh failure.
- The 6th parameter defines the timeout after which a cached record expires if it
- has not been refreshed.
- The 7th parameter is the ttl that is specified in every rr and should be the
- same as given with the ttl option (if you do not specify a ttl, use the default 86400).
-
-
-
-
- txt=string,...,string;
- New in version 1.2.9:
- Defines an TXT record. You can specify one or more strings here.
-
- Every neg section specifies a dns resource record or a dns domain that should be
- cached negatively locally. Queries for negatively cached records are always answered
- immediatley with an error or an empty answer without querying other hosts as long
- as the record is valid. The records defined with neg sections remain
- valid until they are explicitely invalidated or deleted by the user using
- pdnsd-ctl.
- This is useful if a certain application asks periodically for nonexisting hosts or
- RR types and you do not want a query to go out every time the cached record has
- timed out. Example: Netscape Communicator will ask for the servers news and mail
- on startup if unconfigured. If you do not have a dns search list for your network,
- you can inhibit outgoing queries for these by specifying
-
- in your config file. If you have a search list, you have to repeat that for any
- entry in your search list in addition to the entries given above!
- In versions 1.1.11 and later, if you negate whole domains this way, all subdomains
- will be negated as well. Thus if you specify
- neg {name=example.com; types=domain;} in the
- config file, this will also negate www.example.com, xxx.adserver.example.com, etc.
-
-
-
-
- name=string;
- Specifies the name of the domain for which negative cache entries are created.
- This option must be specified before the types option.
- Names are interpreted as absolute domain names (i.e. pdnsd
- assumes they end in the root domain).
- You need to specify domain names in dotted notation (example venera.isi.edu.).
- Previous versions of pdnsd
- required that domain names given in the configuration file ended in a
- dot, but since version 1.1.8b1-par8, pdnsd automatically assumes a
- dot at the end if it is missing.
-
-
-
-
- ttl=timespec;
- Specifies the ttl (time to live) for all resource records in this section after this entry.
- This may be redefined. The default is 86400 seconds (=1 day).
-
-
-
-
- types=(domain|rr_type[,rr_type[,rr_type[,...]]]);
- Specifies what is to be cached negatively: domain will cache the whole
- domain negatively; alternatively, you can specify a comma-separated list of RR types
- which are to be cached negatively. You may specify multiple types options, but
- domain and the RR types are mutually exclusive.
- The RR types are specified using their official names from the RFC's in capitals,
- e.g. A, CNAME, NS, PTR, MX,
- AAAA, ...
- The command pdnsd-ctl list-rrtypes will give you a complete list
- of those types. pdnsd-ctl is built along with pdnsd
- and will be installed in the same directory as the pdnsd binary during make install.
-
- Every source section allows you to let pdnsd read the records from a file in an
- /etc/hosts-like format. pdnsd will generate records to resolve the entries
- address from its host name and vice versa for every entry in the file. This is
- normally easier than defining an rr for every of your addresses, since localhost
- and your other FQDNs are normally given in /etc/hosts.
- The accepted format is as follows: The #-sign initiates a comment, the rest of
- the line from the first occurence of this character on is ignored. Empty lines
- are tolerated.
- The first entry on a line (predeceded by an arbitrary number of tabs and spaces)
- is the IP in dotted notation, the second entry on one line (separated by the
- first by an arbitrary number of tabs and spaces) is the FQDN (fully qualified
- domain name) for that ip. The rest of the line is ignored by default (in the original
- /etc/hosts, it may contain information not needed by pdnsd).
-
-
-
-
- owner=string;
- Specifies the name of the host pdnsd runs on and that are specified in dns
- answers (specifically, nameserver records).
- Must be specified before any file entries.
- Names are interpreted as absolute domain names (i.e. pdnsd
- assumes they end in the root domain).
- You need to specify domain names in dotted notation (example venera.isi.edu.).
- Previous versions of pdnsd
- required that domain names given in the configuration file ended in a
- dot, but since version 1.1.8b1-par8, pdnsd automatically assumes a
- dot at the end if it is missing.
-
-
-
-
- ttl=timespec;
- Specifies the ttl (time to live) for all resource records in this section after
- this entry. This may be redefined. The default is 86400 seconds (=1 day).
-
-
-
-
- file=string;
- The string specifies a file name. For every file entry in a source section,
- pdnsd will try to load the given file as described above. Failure is indicated
- only when the file cannot be opened, malformed entries will be ignored.
-
-
-
-
- serve_aliases=(on|off);
- If this is turned on pdnsd will serve the aliases given in a hosts-style file.
- These are the third entry in a line of a hosts-style file, which usually give a "short name" for the host.
- This may be used to support broken clients without a proper domain-search option.
- If no aliases are given in a line of the file, pdnsd behaves as without this option for this line.
- This feature was suggested by Bert Frederiks.
- It is off by default.
-
-
-
-
- authrec=(on|off);
- If this is turned on, pdnsd will create authoritative local records with the data from the hosts file.
- Please see the description of the option of the same name in the rr section for a closer description of
- what this means. Please note that this only has an effect for files sourced with file options
- subsequent to this option.
- This is on by default.
-
- A configuration file may include other configuration files.
- However, only the top-level configuration file may contain global
- and server sections,
- thus include files are effectively limited to sections that add local definitions to the cache.
- Include sections currently only have one type of option, which may be given multiple times within a single section.
-
-
-
-
- file=string;
- The string specifies a file name. For every file option in an include section,
- pdnsd will parse the given file as described above. The file may contain include sections itself,
- but as a precaution pdnsd checks that a certain maximum depth is not exceeded to guard against
- the possibility of infinite recursion.
-
- pdnsd-ctl allows you to configure pdnsd at run time. To make this work, you have to start pdnsd with the -s
- option (or use the status_ctl option in the config file). You also should make sure that you
- have appropriate permissions on the control socket (use the ctl_perms option to make this sure) and of your pdnsd
- cache directory (pdnsd keeps its socket there). Please make sure the pdnsd cache directory is not writeable for untrusted users!
-
- pdnsd-ctl accepts two command-line options starting with a dash.
- -c may be used to specify the cache directory (and takes this as argument).
- The default for this setting is the pdnsd default cache directory (specified at compile time).
- The cache directory for pdnsd-ctl must be the same pdnsd uses!
- -q can be used to make the output of pdnsd-ctl less verbose.
-
- The following table lists the commands that pdnsd-ctl supports. The command must always be
- the first command-line option (not starting with a dash), the arguments to the command must follow in the given order.
- In the following table, keywords are in a normal font, while placeholders are in italics.
- Alternatives are specified like (alt1|alt2|alt3).
- Optional arguments are placed between square brackets [].
-
-
-
Command
-
Arguments
-
Description
-
-
-
help
-
-
Print a command summary.
-
-
-
version
-
-
Print version and license info.
-
-
-
status
-
-
- Print a description of pdnsd's cache status, thread status and configuration.
- Also shows which remote name servers are assumed to be available.
-
- Set the status of the server with the given index or label (where the given label
- matches the one given with the label option in the respective server section in the config file)
- to up or down, or force a retest. The index is assigned in the order of definition in
- pdnsd.conf starting with 0. Use the status command to view the indices and labels.
- You can specify all instead of an index or label to perform the action for all
- servers registered with pdnsd. Example:
- pdnsd-ctl server 0 retest
- An optional third argument consisting of a list of IP addresses (separated by commas or
- white-space characters) can be given.
- This list will replace the previous list of addresses of name servers used by pdnsd in the
- specified section of the config file.
- For example in the /etc/ppp/ip-up script called by pppd you could
- place the following line:
- pdnsd-ctl server isplabel up $DNS1,$DNS2
- If white space is used to separate addresses the list will have to be quoted.
- Spurious commas and white-space characters are ignored.
- The last argument may also be an empty string, in which case the existing IP addresses are
- removed and the corresponding server section becomes inactive.
-
-
-
-
record
-
name (delete|invalidate)
-
- Delete or invalidate the records of the given domain name if it is in the
- cache. Invalidation means that the records are marked as timed out, and
- will be reloaded if possible (if purge_cache is set to on, they will
- be deleted in any case).
- For local records (i.e., records that were given in the config file
- using a rr section, records read from a hosts-style file
- and records added using pdnsd-ctl), invalidation has no effect. Deletion
- will work, though. Example:
- pdnsd-ctl record localhost. delete
-
-
-
-
source
-
fnowner [ttl] [(on|off)] [noauth]
-
- Load a hosts-style file. Works like using the pdnsd
- source configuration section.
- owner and ttl are used as in the source section. ttl has a default
- of 900 (it does not need to be specified). The next to last argument corresponds
- to the serve_aliases option, and is off by default (i.e. if it is not specified).
- noauth is used to make the domains non-authoritative - please see
- the description of the authrec config file options for a description of what
- that means.
- fn is the filename. The file must be readable by pdnsd! Example:
- pdnsd-ctl source /etc/hosts localhost. 900 off
-
-
-
-
add
-
a addrname [ttl] [noauth]
-
- Add a record of the given type to the pdnsd cache, replacing existing
- records for the same name and type. The 2nd argument corresponds
- to the value of the option in the rr section that is named like
- the first argument: a is a record for hostname-to-address mapping,
- aaaa is the same thing for IPv6 addresses, and ptr is for address-to-hostname
- mapping. See the documentation for the rr section for more details.
- In case of A and AAAA records, the addr argument may be a list of IP addresses,
- separated by commas or white space, causing multiple addresses to be defined
- for the same name.
- The ttl is optional, the default is 900 seconds.
- noauth is used to make the domains non-authoritative - please see
- the description of the authrec config file options for a description of what
- that means.
- If you want no other record than the newly added in the cache, do
- pdnsd-ctl record name delete
- before adding records. This is also better when overwriting local records. Example:
- pdnsd-ctl add a 127.0.0.1 localhost. 900
-
-
-
-
add
-
aaaa addrname [ttl] [noauth]
-
-
-
add
-
ptr hostname [ttl] [noauth]
-
-
-
add
-
cname hostname [ttl] [noauth]
-
-
-
add
-
mx hostnamepref [ttl] [noauth]
-
-
-
add
-
ns hostname [ttl] [noauth]
-
-
-
neg
-
name [type] [ttl]
-
- Add a negatively cached record to pdnsd's cache, replacing existing
- records for the same name and type. If no type is given, the whole
- domain is cached negatively. For negatively cached records, errors are
- immediately returned on a query, without querying other servers first.
- The ttl is optional, the default is 900 seconds.
- You can get a list of all types you can pass to this command using
- pdnsd-ctl list-rrtypes. The type is treated case-sensitive!
- Example:
- pdnsd-ctl neg foo.bar A 900
- pdnsd-ctl neg foo.baz 900
-
-
-
-
config
-
[filename]
-
- Reload pdnsd's configuration file.
- The config file must be owned by the uid that pdnsd had when it was
- started, and be readable by pdnsd's run_as uid. If no file name is
- specified, the config file used at start-up is reloaded.
- Note that some configuration changes, like the port or IP address pdnsd listens on,
- cannot be made this way and you will receive an error message.
- In these cases, you will have to restart pdnsd instead.
-
-
-
-
include
-
filename
-
- Parse the given file as an include file, see the documentation on
- include sections for a description
- what this file may contain.
- This command is useful for adding definitions to the cache without reconfiguring pdnsd.
-
-
-
-
eval
-
string
-
- Parse the given string as if it were part of pdnsd's configuration file.
- The string should hold one or more complete configuration sections.
- However, global and
- server sections are not allowed,
- just as in include files.
- If multiple strings are given, they will be joined using newline chars
- and parsed together.
- This command is useful for adding records interactively to the cache
- that cannot be defined using the "pdnsd-ctl add" command,
- (e.g. soa records).
-
-
-
-
empty-cache
-
[[+|-]name ...]
-
- If no arguments are provided, the cache will be completely emptied,
- freeing all existing entries.
- Note that this also removes local records, as defined by the config file.
- To restore local records, run "pdnsd-ctl config" or
- "pdnsd-ctl include filename" immediately afterwards.
- The "pdnsd-ctl empty-cache" command now accepts additional arguments;
- these are interpreted as include/exclude names. If an argument starts with a '+'
- the name will be included. If an argument starts with a '-' it will be
- excluded. If an argument does not begin with '+' or '-', a '+' is
- assumed. If the domain name of a cache entry ends in one of the names in
- the list, the first match will determine what happens. If the matching
- name is to be included, the cache entry is deleted, otherwise not.
- If there are no matches, the default action is not to delete.
- Note that if you want to delete exactly one name and no others, you should
- use "pdnsd-ctl record name delete",
- this is also much more efficient.
- Examples:
- pdnsd-ctl empty-cache
- This command will remove all cache entries.
-
- pdnsd-ctl empty-cache microsoft.com msft.net
- This will remove all entries ending in microsoft.com or msft.net.
-
- pdnsd-ctl empty-cache -localdomain -168.192.in-addr.arpa .
- This will remove all entries except those ending in localdomain or
- 168.192.in-addr.arpa. Note that '.' is the root domain which matches any
- domain name.
-
-
-
-
dump
-
[name]
-
- Print information stored in the cache about name.
- If name begins with a dot and is not the root domain, information about
- the names in the cache ending in name (including name without
- the leading dot) will be printed.
- If name is not specified, information about all the names in the cache will
- be printed.
- For each RR record the time and date that this record has been added to the cache
- will be printed in the form mm/dd HH:MM:SS (locally defined records are printed without a time stamp).
- After that the type of record is printed with the data. For the more common types
- of RR records the data will be printed in human readable form, the remaining ones in a
- hexadecimal representation.
- This command is mainly useful for diagnostic purposes.
- Note that if you pipe the output of this command through an application that
- reads only part of the output and then blocks (such as more or less),
- pdnsd will not be able to add new entries to the cache until the pipe is closed.
- It is preferable to capture the output in a file in such a case.
-
-
-
-
list-rrtypes
-
-
- List available rr types for the neg command.
- Note that those are only used for the neg command, not for add!
-
-
-
-
-
-
4 contrib/
- The contrib directory in the pdnsd distribution contains useful user-contributed scripts.
- So far, there are scripts contributed by Marko Stolle and Paul Rombouts that make pdnsd
- usable in a DHCP setup.
- Please take a look into the README file in the contrib directory for further information.
-
-
-
5 Problems...
- If you have problems with configuring or running pdnsd, be sure to read the FAQ.
- If this does not help you, pdnsd crashes or you find bugs, please mail one of the authors.
- Note added by Paul A. Rombouts:
- Thomas Moestl no longer maintains the code. I have revised the code and added new features.
- See README.par and the
- ChangeLog in the source directory
- (or /usr/share/doc/pdnsd-<version> if you have installed a binary package)
- for more details.
- If you have questions about my modifications, you can find my email address at the end of
- README.par.
-
-
-
6 Hacking
- Here comes some information you might find useful for hacking pdnsd.
-
-
6.1 Source files
-
-
-
Makefile.am, configure.in, acconfig.h
-
- autoconf/automake/autoheader scripts. Makefile.am's are in most subdirectories.
-
-
-
-
pdnsd.spec.in
-
- A template from which configure generates a spec file for building rpm's for various
- distributions.
-
-
-
-
version
-
- Contains only the program version string. Needed for several templates.
-
-
-
-
src/rc/*
-
- rc (start-up) scripts for various linux distributions.
-
-
-
-
src/cache.c
-
- The pdnsd cache subsystem(s) as defined in src/cache.h.
- This is the "traditional" pdnsd system which keeps the cache in memory and uses hash tables for accesses.
- Sourav K. Mandal is working on a system using gdbm.
-
-
-
-
src/pdnsd-ctl/*
-
- Contains the code for pdnsd-ctl, a program that allows you to control pdnsd at run time.
-
-
-
-
src/conf-lex.l.in
-
- The lex/flex source file for the config file lexer. This is a template because there might be
- inserted "%option yylineno" for proper flex support.
- (obsolete, superseded by src/conf-parser.c)
-
-
-
-
src/conf-lex.l
-
- This is automatically generated by configure from conf-lex.l.in. It may be overwritten
- in any make, so never modify this, but conf-lex.l.in instead!
- (obsolete, superseded by src/conf-parser.c)
-
-
-
-
src/conf-parse.y
-
- The yacc/bison source of the config file parser.
- (obsolete, superseded by src/conf-parser.c)
-
- The config file parser written purely in C (versions 1.1.10-par and later).
-
-
-
-
src/conff.c, src/conff.h
-
- The configuration handler functions and their prototypes. The parser is called from here.
-
-
-
-
src/consts.h
-
- Some constants used by the parser, config file handler functions and in the server status thread,
- among others.
-
-
-
-
src/dns.c, src/dns.h
-
- Define dns message structures, constants, and some common dns data handlers. dns.h contains gcc-specific
- code (in praticular, "__attribute__((packed))").
-
-
-
-
src/dns_answer.c, src/dns_answer.h
-
- Define functions that answer incoming dns queries.
-
-
-
-
src/dns_query.c, src/dns_query.h
-
- Define functions to manage outgoing dns queries.
-
-
-
-
src/error.c, src/error.h
-
- Functions for error output to stderr or the syslog, and debug output to stderr or pdnsd.debug.
-
-
-
-
src/hash.c, src/hash.h
-
- Contains the code for storing and looking up cache entries in the hash table.
-
-
-
-
src/helpers.c, src/helpers.h
-
- Define miscellaneous helper functions.
-
-
-
-
src/icmp.c, src/icmp.h
-
- Define a function for performing a ping test. This contains OS-specific code.
-
-
-
-
src/main.c
-
- Contains main(), which holds the command line parser, performs initialisations and signal handling.
-
-
-
-
src/make_hashconvtable.c
-
- Contains the code for the executable make_hashconvtable, which is only run once, during build time, to generate the file hashconvtable.h, used by src/hash.c (versions 1.1.10-par and later).
- (obsolete since version 1.2)
-
-
-
-
src/make_rr_types_h.pl
-
- A perl script for generating src/rr_types.h,
- a C header file containing macro definitions and tables needed for handling the
- RR types known to pdnsd, from the text file src/rr_types.in.
-
-
-
-
src/rr_types.c, src/rr_types.h, src/rr_types.in
-
- These define tables and macros needed for handling the RR types known to pdnsd.
- Since version 1.2.9, rr_types.h is an automatically generated file,
- see make_rr_types_h.pl.
-
-
-
-
src/netdev.c, src/netdev.h
-
- Define functions for network device handling. OS-specific.
-
-
-
-
src/servers.c, src/servers.h
-
- Define functions for the server status thread that performs the periodical uptests.
-
-
-
-
src/status.c, src/status.h
-
- Define functions for the status control thread. This is pdnsd's interface to pdnsd-ctl.
-
-
-
-
-
-
-
- Copyright (C) 2000, 2001 Thomas Moestl
- Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2012 Paul A. Rombouts
-
-
- Last revised: 19 April 2012 by Paul A. Rombouts
-
-
-
diff --git a/jni/pdnsd/doc/html/doc_makefile b/jni/pdnsd/doc/html/doc_makefile
deleted file mode 100644
index 28fb7d50..00000000
--- a/jni/pdnsd/doc/html/doc_makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-
-versionfile = ../../version
-arch = i686
-arch2 = x86_64
-extver = _sl6
-system = Scientific Linux 6.2 system
-
-doc: dl.html
-.PHONY: doc clean
-
-# If the existing dl.html contains '???', then certain packages were missing
-# during the previous build and dl.html needs to be built again.
-ifneq ($(shell grep -F -l -e '???' dl.html),)
-.PHONY: dl.html
-endif
-
-dl.html: %.html: %.html.in htmlsubst.pl $(versionfile)
- perl htmlsubst.pl version=`cat $(versionfile)` \
- baseurl='http://members.home.nl/p.a.rombouts/pdnsd/' \
- arch=$(arch) arch2=$(arch2) extver=$(extver) system="$(system)" $< > $@
-
-clean:
- @rm -fv dl.html
diff --git a/jni/pdnsd/doc/html/faq.html b/jni/pdnsd/doc/html/faq.html
deleted file mode 100644
index eec65993..00000000
--- a/jni/pdnsd/doc/html/faq.html
+++ /dev/null
@@ -1,412 +0,0 @@
-
-
-
- The pdnsd FAQ
-
-
-
-
-
-
-
- There are complete and well-tested name servers around, such as the BIND.
- These do also perform caching. Why should I use pdnsd?
-
-
-
-
A:
-
- pdnsd does not aim to be a complete name server implementation, such as the
- BIND. It is optimized for caching, and you can only specify a small subset of all
- dns record types pdnsd knows in your local "zone" definitions.
- This of course reduces the code size drastically, and such the memory footprint.
- There are some features especially interesting for dialin networks, ordinary
- (non-server) internet hosts and computers that are often not connected to
- to their network, e.g. notebooks (I originally wrote this program for use
- with my notebook).
- These features are:
-
-
permanent disk cache (useful for frequent power-offs/reboots)
-
usually smaller memory footprint (depends on cache size) (see next question)
-
offline-detection prevents hangs (e.g. the typical hang on startup of some
- Netscape Navigator versions if not dialled in)
-
better control about timeouts (also to prevent hangs)
-
better control over the cache
-
better run-time control
-
-
-
-
-
-
-
-
-
Q:
-
- When I look at the process size with ps, top, gtop, or a similar tool, I see
- some processes with a total size well above 3.5 MB. This is much more than
- e.g. BIND named (about 1.4 MB). Why?
-
-
-
-
A:
-
- Really, it is not.
- pdnsd uses multithreading, not multiprocessing. That means that the processes
- share most of their process space. In the LinuxThreads library
- or NPTL (Native Posix Thread Libary),
- which are used by pdnsd on Linux, in fact the total process address space is shared
- (although the processes have different stacks, these are in one process
- address space). You may check this by looking at the at the process sizes of
- the pdnsd threads: all should be the same. The effective size that pdnsd
- occupies is thus the size of any of the processes, not the sum of those.
- So, pdnsd with empty cache occupies about 800 kB, and the maximum size
- should be about the cache size plus this size (in fact, ca 5-10% more).
-
-
-
-
-
-
-
-
Q:
-
- What do I need the status control (option -s) for?
-
-
-
-
A:
-
- It enables you to do some things you might or might not need. With it, you can:
-
-
query pdnsd's settings at runtime to debug configuration files and
- see which servers are regarded to be available
-
mark servers as available or unavailable, or force a status retest - very
- handy if you want to control which servers pdnsd queries, e.g for muliple
- dial-up accounts
-
delete, invalidate or add DNS records - useful e.g. when you want to build
- records for dynamically assigned IP addresses or domain names
-
reload pdnsd's configuration file without restarting pdnsd
-
print information about the contents of pdnsd's cache.
-
-
-
-
-
-
-
-
-
Q:
-
- What do I need local records (rr- and source-sections in the config file) for?
-
-
-
-
A:
-
- Some resolver programs, e.g. nslookup, want to look up the name of the
- server they are using before doing anything else. This option is for defining
- a PTR record for your IP such that those programs get an answer even if the
- name server you are caching is not available or does not offer these records.
- By extension, you may also define A and SOA records. This allows you to build
- very small zones without having to use a "big" name server. It is NOT
- intended to replace such a complete server in anything but VERY small
- networks. Alternatively, you may start a named on another host or on the
- same host on another port and cache it with pdnsd in addition to other (more
- distant) name servers.
-
- The source section allows you to let pdnsd read in your
- /etc/hosts file on startup and serve its contents. This file is used by your local
- resolver before it even tries the name servers and usually contains
- fully-qualified domain names (FQDNs) for all of the internet addresses your host has.
- If you source this file, you usually won't need any additional rr sections. Sourcing it also allows
- other hosts (eg. in your local network) to access the names defined in your
- hosts file. You can of course just add other hosts in your local network to the
- servers hosts file, thus making them known to your server's resolver
- and pdnsd (if you sourced that file).
-
- If you don't know what this answer was all about, you should just take the
- source section in the sample config file that comes with pdnsd, copy it
- into your config file and forget about it.
-
-
-
-
-
-
-
-
Q:
-
- When compiling, I get an error message like Please define __BYTE_ORDER to
- be __LITTLE_ENDIAN or __BIG_ENDIAN What's up?
-
-
-
-
A:
-
- Normally, this macros should be defined in your C library's header files.
- There are two different methods, most C libraries support both (and pdnsd
- honors both): either __BYTE_ORDER is set to __LITTLE_ENDIAN
- or __BIG_ENDIAN, or __LITTLE_ENDIAN or __BIG_ENDIAN
- are directly defined as macros.
-
- Linux glibc, for example, does set those macros correctly. Never mind. You just have to know
- whether your machine is little-endian or big-endian, this means wheter your
- machine saves the least significant byte of a word or double-word first in memory (little-endian) or
- the most significant first (big-endian).
- All intel x86 and Alpha machines are little-endian, for example, while SPARC
- and PowerPC architectures are big-endian.
- If your machine is little-endian, add the following line to your config.h:
-
- #define __BYTE_ORDER __LITTLE_ENDIAN
-
- Likewise, if your machines byte order is big-endian:
-
- #define __BYTE_ORDER __BIG_ENDIAN
-
- Pathological byte orders like pdp-endian are not yet supported really;
- However, for the place the endianess is needed, __LITTLE_ENDIAN should do
- (it deals only with 16 bits; for all other occurances, ntoh[sl]/hton[sl] is used).
-
-
-
-
-
-
-
-
Q:
-
- At startup, I get a warning saying:
-
- Uptest command [...] will implicitly be executed as root
-
- What does that mean?
-
-
-
-
A:
-
- This warning only occurs if you use the uptest=exec option in your
- configuration. It means that the uptest command is run as root
- because pdnsd is running as root, and this was not explicitely specified.
- The idea is that it may introduce security holes (in the programs being run)
- when they run as root, and so they shouldn't do that if possible.
- You can specify the user that shall run the command by appending its name
- comma-separated as string to the uptest_cmd line:
-
- uptest_cmd="<your command>","<user>";
-
- If it is correctly running as root, just append the user string "root" to
- the command and the warning will not occur again.
-
-
-
-
-
-
-
-
Q:
-
- I cannot run my uptest_cmd command as root (it says permission denied),
- although the pdnsd executable is setuid root. Why?
-
-
-
-
A:
-
- pdnsd will drop privileges gained through setuid/setgid before executing the
- uptest commands (you shouldn't set the pdnsd executable setuid/setgid anyway).
- The reason is clear: if you install the pdnsd
- executable as setuid root and this wouln't be done, any user could execute
- shellcode with root privileges using that option!
-
-
-
-
-
-
-
-
Q:
-
- At startup, I get an error saying:
-
- Bad config file permissions: the file must be only writeable by the user
-
- Why is that?
-
-
-
-
A:
-
- pdnsd has an option (uptest=exec) that allows the execution of arbitrary
- shell code (for testing whether an interface is up). This must be
- of course secured against unauthorized use. One of these
- protection is the one that produces the error message: if you routinely run
- pdnsd, e.g. at system startup, and your config file is editable for others,
- someone could change it and insert shell code that is executed in the next
- pdnsd run -- with your user privileges! To prevent this, pdnsd will exit if the config file is writeable
- by others than the owner.
- To get rid of this message, just do
-
- chmod go-w <filename>
-
- on your config
- file (for the default file: chmod go-w /etc/pdnsd.conf).
- You should also check that the ownership is set correct.
-
-
-
-
-
-
-
-
Q:
-
- serve_aliases does not seem to work.
-
-
-
-
A:
-
- Some resolvers (e.g. of the glibc 2.1) seem sometimes not to look up unmodified names, but the names with
- an entry of the search path already appended. Since pdnsd will serve short names with this
- option anyway, you can delete the search an domain options from your /etc/resolv.conf. This is reported to
- work in some cases.
-
-
-
-
-
-
-
-
Q:
-
- Some queries for domains that have many records (e.g. www.gmx.de) fail mysteriously.
-
-
-
-
A:
-
- pdnsd versions prior to 1.1.0 had the tcp server thread disabled by default. Most resolvers
- repeat their query using tcp when they receive a truncated answer (the answer is truncated
- when it exceeds a length of 512 bytes). You need to recompile pdnsd with the option
- --enable-tcp-server to fix this.
-
-
-
-
-
-
-
-
Q:
-
- I am behind some kind of firewall. In the configuration file
- I have only listed addresses of name servers on the local (ISP's) network,
- but pdnsd is slow and DNS queries frequently time out.
-
-
-
-
A:
-
- In some cases pdnsd will not consider the answer of the local name server
- authoritative enough, and will try to get answers from the name servers listed in the
- authority section of the reply message. If pdnsd is behind a firewall that blocks the
- UDP reply packets from remote name servers, pdnsd will wait in vain for a reply.
- One solution is to set proxy_only=on
- in the servers sections of the configuration file.
- This will prevent pdnsd from querying name servers that are not listed in the configuration
- file.
- Another solution that can be tried is specifying
- query_method=tcp_only
- in the global section of the configuration file, because a firewall that blocks
- UDP packets from outside might still allow outgoing TCP connections to port 53.
-
- Short answer: Yes.
- Somewhat longer answer: The problem is not so much that pdnsd's implementation is flawed
- but rather that the DNS protocol currently being used is fundamentally flawed from
- a security viewpoint. As long as a more secure protocol is not in place,
- all that the developers of pdnsd can do is to try to tweak the current implementation
- to make it as difficult as possible for an attacker to succeed.
- From version 1.2.7 onwards, the default for the query_port_start option
- is 1024, which means that the pdnsd resolver will randomly select source ports
- in the range 1024-65535. (In previous versions the default was to let the kernel select
- the source ports, which will often result in a more or less predictable sequence of ports.)
- It also helps to use a good quality source of random numbers. On platforms where this is
- supported, it is preferable to configure with --with-random-device=/dev/urandom.
- There is still more that can be done to make pdnsd less vulnerable, but this remains
- (as of this writing) a work in progress.
-
- Please note that pdnsd was designed for small (private) networks, and that it is generally
- not recommended to let untrusted users access pdnsd.
-
Version 1.2.9a-par has been released.
- Version 1.2.9a fixes a bug in the 1.2.9 release that causes a build failure when pdnsd is
- configured with --enable-strict-rfc2181.
- If you do not use this option to compile pdnsd, there is no need to upgrade from 1.2.9 to 1.2.9a.
-
-
-
-
2012-02-27
-
Version 1.2.9-par has been released.
- Version 1.2.9 supports many more RR types (including those necessary for DNSSEC) and
- EDNS (Extension mechanisms for DNS) to enable UDP messages larger than 512 bytes.
- It also has support for defining local TXT records and has several new options and bugfixes
- (including file descriptor leaks that effect FreeBSD users).
-
-
-
-
2011-05-03
-
The latest source code is available from a
- git repository.
- In response to frequent requests I have uploaded a git tree including the latest code
- and a fairly extensive history of pdnsd development to
- gitorious.org.
- Anyone who wants to participate in pdnsd development is free to create a
- clone repo on gitorious.org
- and push his modifications there.
-
-
-
-
2010-02-22
-
Version 1.2.8-par has been released.
- The main new feature of version 1.2.8 is automatic discovery of root servers.
- Furthermore, there are some additional improvements in the resolver.
-
-
-
-
2008-09-04
-
Version 1.2.7-par has been released.
- Foremost, this release fixes some security problems.
- It contains a fix for a "dangling pointer" bug that could cause pdnsd to
- crash when it received a long reply. It also addresses some of the issues
- raised in the CERT
- vulnerability note VU#800113 by making the default of
- query_port_start equal to 1024, thereby ensuring that source
- ports are randomly selected by the pdnsd resolver in the range 1024-65535.
- This release also fixes problems with compiling pdnsd for the ARM architecture
- and for the Darwin platform (Max OS X).
-
- There are a number of (minor) new features.
- pdnsd now supports "include" files, essentially configuration files that
- only contain definitions for local records.
- It is now possible to define interactively, using pdnsd-ctl,
- any local record that can be defined in a configuration file.
-
-
-
-
2007-09-04
-
Version 1.2.6-par has been released.
- pdnsd's license has been upgraded to GPL version 3.
- A bug has been fixed which which caused pdnsd to handle NXDOMAIN replies
- inefficiently when configured with neg_domain_pol=on. The
- code that implements the ping test has been fixed, which was broken for
- 64-bit systems. A new option randomize_servers can be used
- to give each server in a section of the configuration file an equal
- chance of being queried. The new options reject,
- reject_policy and reject_recursively make it
- possible to check for the presence of certain IP addresses in the
- replies of name servers and to avoid some types of unwanted replies.
- The pdnsd-ctl 'add a' and 'add aaaa' commands
- now allow multiple IP addresses to be specified for the same name.
- pdnsd's ability to resolve from root servers has been improved.
-
-
-
-
2006-09-02
-
Version 1.2.5-par has been released.
- This release introduces a new query method: udp_tcp.
- With this method a UDP query is tried first and, if the UDP answer is
- truncated, the query is repeated using TCP, which is the behaviour that
- seems to be recommended by the DNS standards. There is a new
- configuration option use_nss, which can be turned off to
- prevent lengthy timeouts and stalls in certain situations. A bug has
- been fixed which could cause pdnsd to crash if debug output was
- generated before the debug output stream was properly initialized.
-
-
-
-
2006-01-09
-
Version 1.2.4-par has been released.
- A memory leak and a minor buffer-overflow problem have been fixed.
- There is now a fix for some situations that would previously cause pdnsd to
- exit prematurely (such as ACPI S3 sleep or trying to attach strace to pdnsd).
- Time intervals specified in the configuration file can now be expressed in
- minutes, hours, days and weeks as well as seconds.
- Support for Apple Mac OS X v10.4 Tiger has been improved.
- The "pdnsd-ctl status" command now also provides some
- information about the status of the running threads.
- There are some further improvements in the debugging information provided by pdnsd.
- TCP-query support is now compiled in by default (but can still be disabled using
- the configure option --disable-tcp-queries).
-
-
-
-
2005-07-11
-
Version 1.2.3-par has been released.
- New feature in this release: the "pdnsd-ctl empty-cache" command can
- be provided with an include/exclude list, allowing the user to specify a
- selection of names to be removed, instead of emptying the cache completely.
- Additional improvements: pdnsd should now remain responsive while executing the
- "pdnsd-ctl empty-cache" command.
- With the query_method=tcp_udp option pdnsd will now also
- try a UDP query after a TCP connection times out, which should allow
- pdnsd to resolve the same names with query_method=tcp_udp
- as with query_method=udp_only, although perhaps with an
- occasional delay.
- "pdnsd-ctl config" or "pdnsd-ctl server"
- commands should now run without delays, even if pdnsd is performing
- ping or query uptests at the time.
- Some problems with resolving certain names using root servers have been fixed.
-
-
-
-
2005-04-03
-
Version 1.2.2-par has been released.
- The main emphasis of this release is improved portability.
- A bug has been fixed that prevented pdnsd from compiling successfully on some
- 64 bit architectures.
- This release has (experimental) support for the Darwin (Apple Mac OS X) platform.
- On Linux systems, the configure script will now try to detect automatically whether
- the system implements the Native POSIX Thread Library, but the method used may not
- necessarily be foolproof.
- In addition, the debug features have been improved and should make it easier to find out
- why pdnsd considers some queries or replies malformed.
-
-
-
-
2004-11-07
-
Version 1.2.1-par has been released.
- The main new feature of this release is improved support for non-Linux platforms.
- This release has (experimental) support for the Cygwin platform, and should also fix
- some compilation glitches that have been reported by FreeBSD users.
-
-
-
-
2004-10-10
-
Version 1.2-par has been released.
- pdnsd is new and improved! Most of the changes effect the internal workings
- of pdnsd, but there also a number of interesting new features (well, I think they are interesting).
- Among the bugs fixed are two rather nasty ones which involve the handling of NXT and NAPTR records
- and which can cause pdnsd to crash or abort.
- The new features include a new server availability test which can be specified with uptest=query,
- support for reading the DNS configuration from resolv.conf files,
- a new option for optimizing the use of root servers,
- a new option that makes defining local records for reverse resolving easier,
- support for defining wildcard records,
- a new pdnsd-ctl command for reloading the config file without restarting pdnsd, and
- a new pdnsd-ctl command for dumping information about the names stored in the cache.
- The documentation has also been updated: there is now a pdnsd.conf man page.
- For a more complete list of the changes I'll have to refer you to README.par and the ChangeLog.
-
-
-
-
2004-05-22
-
Version 1.1.11a-par has been released.
- This release contains a fix for FreeBSD users that bypasses a problem
- with the macro ENONET, which can cause a compilation failure when it is undefined.
- Linux users will notice no difference between 1.1.11a-par and 1.1.11-par.
-
-
-
-
2004-05-10
-
Version 1.1.11-par has been released.
- This version has a rather large number of small changes, which are rather difficult to summarize.
- Among the bugs fixed are a race condition in the cache lookup code, a
- flaw in the code that caused a busy spin when a remote server answered
- with "Not Implemented", and problems with the -4 and -6 command-line
- options. Among the improvements are an alternative sorting algorithm
- which should allow pdnsd to start up faster when reading a large cache
- file from disk, automatic mapping of IPv4 to IPv6 addresses when running
- in IPv6 mode, somewhat more efficient memory use, better compression of
- the replies and changes in the parallel querying algorithm that should
- improve the chances of catching a reply from a remote server.
-
- For a more complete list of the changes I'll have to refer you to README.par and the ChangeLog.
-
-
-
-
2004-02-10
-
Version 1.1.10-par has been released.
-
- The main new feature of this release is a new parser for configuration
- files, completely rewritten from scratch in C. The main advantages are:
- (f)lex and yacc/bison are no longer needed to build pdnsd, more
- informative error messages instead of merely "parse error",
- and string literals no longer need to be enclosed in quotes in most
- cases. Furthermore, a bug has been fixed that caused incorrect
- IPV6-type PTR records to be generated when sourcing
- /etc/hosts like files.
-
- There have been other small changes, more details can be found in the ChangeLog.
-
-
-
-
2004-01-08
-
Version 1.1.9-par has been released.
- "maintenance" release by Paul Rombouts.
-
- The change of version number is not very significant; the
- difference between 1.1.9-par and the previous 1.1.8b1-par8 is marginal.
- However, I felt the need to simplify the numbering, because it was
- becoming rather baroque.
-
- I've added some missing pieces to the documentation (the pdnsd manual and the man page for pdnsd-ctl). BTW, did you
- know that it's possible to define aliases for domain names with pdnsd? I
- had plans to implement such a feature when I discovered that pdnsd
- already supports it. It was just poorly documented. (If want to try this
- for your self, look for the new information about CNAME records under
- the rr Section in the manual.) The
- changes to the code consist mostly of optimizations, removal of some
- size limits due to fixed-size buffers, and some cleaning up. I've also
- tried to make the error responses of pdnsd-ctl more helpful.
-
- More details can be found in the ChangeLog.
-
-
-
-
2003-10-10
-
Version 1.1.8b1-par8 has been released.
- "maintenance" release by Paul Rombouts.
- This version introduces a "delegation-only" feature that may be useful
- for blocking Verisign's Sitefinder.
- The parser for the configuration file now tolerates domain names missing
- a dot at the end.
- I have provided alternative implementations for some GNU extensions that I
- used in an effort to make the code more portable. In particular, the
- code should build on FreeBSD again.
- More details can be found in the README.par file.
-
-
-
-
2003-09-19
-
Version 1.1.8b1-par7 has been released.
- "maintenance" release by Paul Rombouts. Besides fixing a number of bugs I have
- reworked some of the code for adding and removing entries in the cache in an
- effort to improve efficiency and stability.
- More details can be found in the ChangeLog.
-
-
-
-
2003-07-28
-
Version 1.1.8b1-par6 has been released.
- "maintenance" release by Paul Rombouts. In addition to some further code cleanup,
- the documentation has been revised.
-
-
-
-
2003-07-10
-
Version 1.1.8b1-par5 has been released.
- A troublesome allocation size error has been discovered in Thomas Moestl's code.
- In practice this bug only wastes memory but it could
- also potentially lead to memory corruption. Upgrading is recommended.
- More details can be found in the ChangeLog.
-
-
-
-
2003-06-30
-
Version 1.1.8b1-par4 has been released.
- Due to incompatibilities between various implementations of
- the pthread library on Linux systems, problems can occur with signal handling in
- pdnsd. The usual symptom is failure by pdnsd to save the cache to disk, and
- /var/cache/pdnsd/pdnsd.cache remaining empty. If you experience
- this kind of trouble, try reconfiguring with different values for the new
- --with-thread-lib option. The allowable values are
- described in the documentation.
-
-
-
-
2003-04-07
-
pdnsd is no longer maintained by Thomas Moestl:
- I have not had time to maintain pdnsd for quite a while now, and have been very slow to
- respond to issues, or did not respond at all. It is time that I officially announce that
- pdnsd is no longer actively maintained; I apologize to all those who reported bugs or
- asked questions without receiving any reply. However, Paul A. Rombouts has published
- a patch set against the last released version at
- http://members.home.nl/p.a.rombouts/pdnsd.html,
- which cleans up a lot of code fixes many bugs.
-
-
-
-
2002-07-19
-
Documentation update.
- Please note that pdnsd should never be installed with setuid or setgid attributes,
- as it is not always possible to give up all privileges due to operating system restrictions.
- While this was never intended and I don't think that anybody would actually do this, the
- documentation was updated to explicitely mention this to avoid misunderstandings.
-
-
-
-
2002-01-15
-
Version 1.1.7a has been released.
- This fixes a reversed test in an assertion that would cause pdnsd to termintate when the ping uptest
- was used. No other changes were made.
-
-
-
-
2002-01-15
-
Version 1.1.7 has been released.
- This fixes some problems that might be remotely exploitable to gain access as the user pdnsd runs as
- (an unprivileged user by default). To do this, an attacker needs to control a name server that is
- queried by pdnsd, and send a malicious reply to such a query.
- Upgrading is strongly recommended!
- There are also minor bug fixes and stability improvements.
-
- pdnsd is a proxy DNS server with permanent caching (the cache contents
- are written to hard disk on exit) that is designed to cope with unreachable
- or down DNS servers (for example in dial-in networking).
- Since version 1.1.0, pdnsd supports negative caching.
-
- It is licensed under the GNU General Public License (GPL,
- also available in html and
- translated into various languages.).
- This, in short, means that the sources are distributed togehter with the program, and
- that you are free to modify the sources and redistribute them as long as you
- also license them under the GPL. You do not need to pay anything for pdnsd.
- It also means that there is ABSOLUTELY NO WARRANTY for pdnsd or any part
- of it. For details, please read the GPL.
-
- pdnsd can be used with applications that do DNS lookups, e.g. on startup, and
- can't be configured to change that behaviour, to prevent the often minute-long
- hangs (or even crashes) that result from stalled DNS queries. Some Netscape Navigator
- versions for Unix, for example, expose this behaviour.
-
- pdnsd is configurable via a file and supports run-time configuration using the program pdnsd-ctl that comes
- with pdnsd. This allows you to set the status flags of servers that pdnsd knows (to influence which servers
- pdnsd will query), and the addition, deletion and invalidation of DNS records in pdnsd's cache.
-
- Parallel name server queries are supported. This is a technique that allows
- querying several servers at the same time so that very slow or unavailable
- servers will not block the answer for one timeout interval.
-
- Since version 1.0.0, pdnsd has full IPv6 support.
-
- There is also a limited support for local zone records, intended for defining
- 1.0.0.127.in-addr.arpa. and localhost. , since some clients request that
- information and it must be served even if the cached servers are not available
- or do not serve these records. pdnsd may also read your /etc/hosts file
- (this file is normally used by your local resolver and usually contains
- information for localhost as well as for your machines FQDN) and serve its
- contents.
-
- pdnsd was started on Linux, and has since been ported to FreeBSD (and Cygwin and Darwin).
- 90% of the source code should be easily portable to POSIX-
- and BSD-compatible systems, provided that those systems support the POSIX threads (pthreads).
- The rest might need OS-specific rewrites.
-
- Currently, pdnsd is only compileable by gcc. This should be easy to fix, but I just
- do not have documentation for other compilers. If you are not able or do not want
- to use gcc, I would recommend you just try to do the minor changes.
-
-
- pdnsd must be started as root in some cases (raw sockets are needed for icmp
- echoes for the option uptest=ping, and the default port is 53, this must be
- >1024 to allow non-root execution). However, pdnsd can be configured to change it's user
- and group id to those of a non-privileged user after opening the sockets needed for this.
-
- The server should support the full standard DNS queries following the rfcs 1034
- and 1035. As of version 1.0.0, the rfc compliance has been improved again, and pdnsd is now
- believed (or hoped?) to be fully rfc-compatible. It completely follows rfc 2181 (except
- for one minor issue in the FreeBSD port, see the documentation).
- It does not support the
- following features, of which most are marked optional, experimental or obsolete
- in these rfcs:
-
-
-
Inverse queries
-
Status queries
-
Completion queries
-
Namespaces other than IN (Internet)
-
AXFR and IXFR queries (whole zone transfers); since pdnsd does not maintain zones, that should not violate the standard
-
- The following record types, that are extensions to the original DNS standard, are supported for caching since version 1.2.9
- (if you do not need most of them, you can disable runtime support for the unneeded ones before compiling pdnsd and save a little cache and executable space, see the source file src/rr_types.in):
-
-
RP (responsible person, RFC 1183)
-
AFSDB (AFS database location, RFC 1183)
-
X25 (X25 address, RFC 1183)
-
ISDN (ISDN number/address, RFC 1183)
-
RT (route through, RFC 1183)
-
NSAP (Network Service Access Protocol address , RFC 1348)
-
PX (X.400/RFC822 mapping information, RFC 1995)
-
GPOS (geographic position, deprecated)
-
AAAA (IPv6 address, RFC 1886)
-
LOC (location, RFC 1876)
-
EID (Nimrod EID)
-
NIMLOC (Nimrod locator)
-
SRV (service record, RFC 2782)
-
ATMA (ATM address)
-
NAPTR (URI mapping, RFC 2168)
-
KX (key exchange, RFC 2230)
-
CERT (Certificate record, RFC 4398)
-
DS (Delegation Signer, RFC 4034)
-
RRSIG (Resource Record Signature, RFC 4034)
-
NSEC (Next Secure, RFC 4034)
-
DNSKEY (record containing the public key for a zone, RFC 4034)
-
NSEC3 (Next Secure version 3, RFC 5155)
-
NSEC3PARAM (NSEC3 parameters, RFC 5155)
-
-
- Note: This list is incomplete. For the complete list see the source filesrc/rr_types.in.
-
- There are FreeBSD and OpenBSD ports available for pdnsd (ports/net/pdnsd for both).
- Thanks go to Roman Shterenzon for the FreeBSD port Sebastian Stark for the OpenBSD one!
- Thanks to Kiyo Kelvin Lee now also runs on the Cygwin platform!
- Thanks goes to Rodney Brown for extending portability to the Darwin (Apple Mac OS X) platform!
-
- If you have questions left, you should take a look into the FAQ.
-
- Bugfixes, patches and compatability fixes for other OSs are very welcome!
-
-
Features in detail
-
- This section describes some of pdnsds features in detail. Most of the options are set
- in the config file. For more information on the configuration file, see
- the documenation page.
-
-
-
Uptests
- pdnsd provides several methods to test whether a remote DNS server should be regarded as available
- (so that pdnsd can query it), in
- addition to the obvious "none" test (the server is always regarded as available,
- or availability is set on or off using the pdnsd-ctl utility).
- These tests are:
-
-
ping: a given adress is ping'ed in a given interval. If it there is no response
- or the host is unreachable, the server is seen to be not available (for those who don't know:
- pinging is sending a certain Internet packet type to a host to which any standard-conformant
- host is required to reply).
-
if: a given network interface is tested whether it is existent, up and running. If
- it is not, the server is regarded to be not available. This is especially useful for ppp and
- similar interfaces. A special case test for Linux isdn (ippp*) interfaces is integrated, so that the uptests
- should also work for these.
-
dev: this is a variant of the if uptest for use with Linux dial-on-demand ppp interfaces. In addition
- to performing an if-style interface uptest, it also tests whether a specified program (e.g. pppd) owns
- a lock to a given (modem-) device.
-
exec: a given shell command line is executed and the exit status of the whole command line (which
- is normally the exit status of the last command) is evaluated. If it is not zero, the server is regarded
- to be not available. This is a very flexible testing method with which it should be able to perform
- virtually any needed test.
-
query:New in version 1.2:
- This works like the ping test, except it sends an (empty) DNS query to the remote server.
- If the server sends a well-formed response back within the timeout period (except SERVFAIL),
- it will be regarded as available.
- This test is useful if a remote server does not respond to ICMP_ECHO requests at all,
- which unfortunately is quite common these days.
- In many cases this test will be a more reliable indicator of availability
- than the ones mentioned above.
-
-
-
Local Records ("Zones")
- As mentioned above, there are only very basic local record types (ie the record types that you may use in record
- declarations in your local configuration for records that pdnsd shall serve in addion to the cached ones).
- They are organized roughly in zones but have not complete zone declarations, so I generally do not use the
- term "zone" for them, but rather "local records".
- These are the local record types pdnsd can understand:
-
-
SOA (information about the name server)
-
A (domain-name-to-address mapping)
-
PTR (pointer, used normally for address-to-domain-name mapping)
-
NS (name server, generated automatically by pdnsd for any local record set)
-
CNAME (canonical host name)
-
MX (mail exchange for the domain)
-
TXT (arbitrary text strings, often used for Sender Policy Framework)
-
- You can specify these records in the configuration file.
- You may "source" a file in a format like that used in the /etc/hosts file, that means
- that pdnsd reads this file, extracts addresses and domain names from it and automatically generates
- A records for name to address mapping, PTR records for address to name mapping and NS records (name
- server specifiation) for each entry in the file.
- Records can also be changed dynamically at run time.
- A script contributed by Marko Stolle makes pdnsd usable in a DHCP setup using this feature.
-
-
System requirements
- As mentioned, pdnsd currently runs under Linux, FreeBSD and Cygwin.
- Other BSD flavours may or may not work (feedback is very welcome!).
- The system and software requirements under Linux are:
-
-
Kernel version >2.2.0
-
glibc version >2.0.1 (aka libc6) with LinuxThreads (normally included)
- or NPTL (Native Posix Thread Library, recommended).
- Due to a bug, pdnsd 0.9.8 does not run with glibc2.1.1. This behaviour was
- fixed in pdnsd 0.9.9.
-
For IPv6: glibc>=2.1
-
- The system requirements under FreeBSD are:
-
-
FreeBSD versions >=2.6 (prior ones may or may not work)
-
For IPv6: FreeBSD >=4.0 is recommended (no idea if it runs on prior versions)
-
-
- The common software requirements for all supported systems are:
-
-
GCC, preferably egcs-2.* or 3.* (other compilers are currently not supported; the needed patch for another compiler
- should not be difficult, however)
-
GNU or BSD make
-
the standard commands install, grep, sed, awk, touch and which (along with the REALLY
- standard ones mv, cp, ln, rm, pwd, test, echo, cat, mkdir, chown, chmod, tar). In
- any standard Unix installation, this should be no problem.
-
for hacking and building own packages, you might also need gzip, bzip2, perl and rpmbuild
-
-
-
Download
- If you want to download pdnsd, please visit the download page.
-
-
- pdnsd was originally written by Thomas Moestl,
- but is no longer maintained by him. Paul A. Rombouts
- has revised large portions of the code and has added a number of new features.
- See README.par and the ChangeLog
- in the source directory (or /usr/share/doc/pdnsd-<version>
- if you have installed a binary package) for more details.
- If you have questions about the recent modifications, you can find
- the email address of the current maintainer
- at the end of README.par.
-
-
- Daniel Smolik has contributed RedHat RPMs (the most recent RPMs are available here).
- Torben Janssen contributed start scripts for Red Hat Linux.
- Soenke J. Peters contributed patches and suggestions for Red Hat compatability.
- Wolfgang Ocker has contributed the code and documentation for the server_ip option.
- Markus Mohr contributed a Debian rc script.
- Nikita V. Youschenko contributed extensions to the "if" uptest.
- Lyonel Vincent extended the serve_aliases option to support an arbitrary number of aliases.
- Sourav K. Mandal wrote the autoconf scripts and contributed many fixes and suggestions.
- Stephan Boettcher contributed the SCHEME= option.
- Ron Yorston contributed the uptest for Linux ppp dial-on-demand devices.
- Alexandre Nunes fixed some bugs in the autoconf files.
- Sverker Wiberg contributed fixes for IPv6.
- Carsten Block contributed configure-able rc scripts.
- Olaf Kirch contributed a security fix for the run_as code.
- Paul Wagland contributed various patches for bind9-compatability and other issues.
- Roman Shterenzon contributed patches and lots of helpful hints for FreeBSD compatability.
- Bernd Leibing has contributed spec file fixes.
- Michael Wiedmann has contributed the pdnsd-ctl.8 man page.
- Marko Stolle has contributed the contrib/pdnsd_update.pl script that makes pdnsd usable in a DHCP setup.
- P.J. Bostley has contributed patches to get pdnsd working on alpha properly.
- Christian Engstler contributed patches for SuSE compatability.
- Bjoern Fischer contributed code to make pdnsd leave the case of names in the cache unchanged.
- Marko Stolle contributed the contrib/pdnsd_update.pl script that makes pdnsd usable in a DHCP setup.
- Andrew M. Bishop contributed the support for the label server option and the pdnsd-ctl interface for using it.
- Frank Elsner contributed rc script fixes.
- Andreas Steinmetz contributed the code for query_port_start and query_port_end options.
- Mahesh T. Pai contributed the pdnsd.8 man page.
- Nikola Kotur contributed the Slackware start-up script.
- Kiyo Kelvin Lee contributed a patch for Cygwin support.
- Rodney Brown contributed a patch for Darwin (Apple Mac OS X) support.
- Jan-Marek Glogowski contributed a patch implementing the use_nss option.
-
-
- Special thanks to Bert Frederiks for letting me do a late-night debugging run on his machine to
- spot obscure bugs!
-
-
- Thanks to the following persons for reporting bugs and being helpful:
- David G. Andersen,
- Dirk Armbrust,
- Daniel Black,
- Kevin A. Burton,
- Juliusz Chroboczek,
- Joachim Dorner,
- Stefan Erhardt,
- Stefan Frster,
- Mike Hammer,
- Jonathan Hudson,
- Dan Jacobson,
- Byrial Jensen,
- Patrick Loschmidt,
- James MacLean,
- Fraser McCrossan,
- Michael Mller,
- Erich Reitz,
- Brian Schroeder,
- Milan P. Stanic,
- Michael Steiner,
- Norbert Steinl,
- Markus Storm,
- Michael Strder,
- Alan Swanson,
- Eelco Vriezekolk.
-
-
-
Links
- Well, this is the obligatory link section.
-
-
-
- Last revised: 17 March 2012 by Paul A. Rombouts
-
-
-
diff --git a/jni/pdnsd/doc/html2confman.pl b/jni/pdnsd/doc/html2confman.pl
deleted file mode 100644
index abade119..00000000
--- a/jni/pdnsd/doc/html2confman.pl
+++ /dev/null
@@ -1,161 +0,0 @@
-#!/usr/bin/perl -w
-#
-# A Perl script for converting pdnsd html documentation to a man page.
-#
-# Written by Paul A. Rombouts
-#
-# This file Copyright 2004 Paul A. Rombouts
-# It may be distributed under the GNU Public License, version 2, or
-# any higher version. See section COPYING of the GNU Public license
-# for conditions under which this file may be redistributed.
-#
-
-use strict;
-use POSIX qw(strftime);
-
-
-while(<>) {
- if(/[^<]*configuration file/i) {
- last;
- }
-}
-
-exit unless defined($_);
-
-while(<>) {
- if(/[^<]*layout/i) {
- last;
- }
-}
-
-exit unless defined($_);
-
-(my $myname=$0) =~ s{.*/}{};
-
-print <) {
- if(/.*\bpdnsd-ctl\b/) {
- last;
- }
- s{^\s*((?:<[^<>]+>)*?)[\d.]*\s*(.*)((?:<[^<>]+>)*?)(?: )?\s*$}{.SS $1$2$3\n}i;
- if(s{^\s*
\s*}{.TP\n}i) {$taggedparagraph=1}
- if(m{^\s*
}i) {$taggedparagraph=0}
- s{^\s*((?:<[^<>]+>)*?)(.*)((?:<[^<>]+>)*?)(?: )?\s*$}{.B $1$2$3\n}i if $taggedparagraph;
- s{^\s*((?:<[^<>]+>)*?or(?:<[^<>]+>)*?)(?: )?\s*$}{$1\n.PD 0\n.TP\n.PD\n}i if $taggedparagraph;
- if(s{^\s*
}{.DS L\n}i) {$displayed=1}
- s{^\t}{ } if $displayed;
- if(s{
}{\n$1\n}i;
- s{^\s* }{.br\n}i;
- s{ \s* \s*$}{\n\n}i;
- s{ \s*$}{\n.br\n}i;
- s{ }{\n.br\n}i;
- s{^\s*(<[^<>]+>)*\s*$}{};
- }
- s{<[^<>]+>}{}g;
- s{<}{<}ig;
- s{>}{>}ig;
- s{"}{"}ig;
- s{ }{\\ }ig;
- s{/var/cache/pdnsd\b}{\@cachedir\@}g;
- s{(?
-.UE
-and was extensively revised by Paul A. Rombouts
-.UR
-
-.UE
-(for versions 1.1.8b1\\-par and later).
-.PP
-Several others have contributed to \\fBpdnsd\\fP; see files in the source or
-\\fB/usr/share/doc/pdnsd/\\fP directory.
-.PP
-This man page was automatically generated from the html documentation for \\fBpdnsd\\fP,
-using a customized Perl script written by Paul A. Rombouts.
-ENDOFTRAILER
-
-if(defined($_)) {
- while(<>) {
- if(/last\s+revised/i) {
- s{^\s*}{};
- s{<[^<>]+>}{}g;
- s{<}{<}ig;
- s{>}{>}ig;
- s{"}{"}ig;
- s{ }{\\ }ig;
- print ".PP\n";
- print;
- last;
- }
- }
-}
-exit;
diff --git a/jni/pdnsd/doc/pdnsd-ctl.8 b/jni/pdnsd/doc/pdnsd-ctl.8
deleted file mode 100644
index 73459f3b..00000000
--- a/jni/pdnsd/doc/pdnsd-ctl.8
+++ /dev/null
@@ -1,198 +0,0 @@
-.\" This manpage has been automatically generated by docbook2man-spec
-.\" from a DocBook document. docbook2man-spec can be found at:
-.\"
-.\" Please send any bug reports, improvements, comments, patches,
-.\" etc. to Steve Cheng .
-.\" This manpage has been edited manually by Paul A. Rombouts.
-.TH "PDNSD\-CTL" "8" "Sep 2008" "pdnsd 1.2.9b-par" ""
-.SH NAME
-\fBpdnsd\-ctl\fP \- controls pdnsd
-.SH SYNOPSIS
-.sp
-\fBpdnsd\-ctl\fP [\fB\-c\fP \fIcachedir\fP] [\fB\-q\fP] \fIcommand\fP [\fIarguments\fP]
-.SH "DESCRIPTION"
-.PP
-\fBpdnsd\-ctl\fP controls \fBpdnsd\fP, a proxy dns server with permanent caching.
-Note that the status control socket must be enabled (by specifying an option on
-the pdnsd command line or in the configuration file) before you can use
-\fBpdnsd\-ctl\fP.
-.PP
-.TP
-\fB\-c\fP \fIcachedir\fP
-Set the cache directory to \fIcachedir\fP (must match pdnsd setting).
-This is only necessary if the directory differs from the default specified
-at compile time.
-.TP
-\fB\-q\fP
-Be quiet unless output is specified by the command or something goes wrong.
-.SH "COMMANDS"
-.TP
-\fBhelp\fP\ \ \ [no arguments]
-
-Print a command summary.
-.TP
-\fBversion\fP\ [no arguments]
-
-Print version and license info.
-.TP
-\fBstatus\fP\ [no arguments]
-
-Print a description of pdnsd's cache status, thread status and configuration.
-Also shows which remote name servers are assumed to be available.
-.TP
-\fBserver\fP\ (\fIindex\fP|\fIlabel\fP) (\fBup\fP|\fBdown\fP|\fBretest\fP) [\fIdns1\fP[,\fIdns2\fP[,...]]]
-
-Set the status of the servers with the given index or label to up or down, or
-force a retest. The index is assigned in the order of definition in pdnsd.conf
-starting with 0. Use the status command to view the indexes. You can specify all
-instead of an index to perform the action for all servers registered with pdnsd.
-.IP
-An optional third argument can be given consisting of a list of IP addresses
-separated by commas or white-space characters. This list will replace the
-addresses of name servers used by pdnsd for the given server section. This
-feature is useful for run-time configuration of pdnsd with dynamic DNS data in
-scripts called by ppp or DHCP clients. The last argument may also be an empty
-string, which causes existing IP addresses to be removed and the corresponding
-server section to become inactive.
-.TP
-\fBrecord\fP\ \fIname\fP (\fBdelete\fP|\fBinvalidate\fP)
-
-Delete or invalidate the records of the given domain name if it is in the cache.
-Invalidation means that the records are marked as timed out, and will be
-reloaded if possible. For local records (i.e., records that were given in the
-config file using a rr section, records read from a hosts-style file and records
-added using pdnsd-ctl), invalidation has no effect. Deletion will work, though.
-.TP
-\fBsource\fP\ \fIfn\fP \fIowner\fP [\fIttl\fP] [(\fBon\fP|\fBoff\fP)] [\fBnoauth\fP]
-
-Load a hosts-style file. Works like using the pdnsd source configuration section.
-Owner and ttl are used as in the source section. ttl has a default
-of 900 (it does not need to be specified). The next to last argument corresponds
-to the serve_aliases option, and is off by default.
-\fBnoauth\fP is used to make the domains non-authoritative
-(this is similar to setting authrec=off in the config file,
-please consult the
-.BR pdnsd.conf (5)
-man page for what that means).
-fn is the name of the file, which must be readable by pdnsd.
-.TP
-\fBadd\fP\ \ \ \ \fBa\fP \fIaddr\fP \fIname\fP [\fIttl\fP] [\fBnoauth\fP]
-.TP
-\fBadd\fP\ \ \ \ \fBaaaa\fP \fIaddr\fP \fIname\fP [\fIttl\fP] [\fBnoauth\fP]
-.TP
-\fBadd\fP\ \ \ \ \fBptr\fP \fIhost\fP \fIname\fP [\fIttl\fP] [\fBnoauth\fP]
-.TP
-\fBadd\fP\ \ \ \ \fBcname\fP \fIhost\fP \fIname\fP [\fIttl\fP] [\fBnoauth\fP]
-.TP
-\fBadd\fP\ \ \ \ \fBmx\fP \fIhost\fP \fIname\fP \fIpref\fP [\fIttl\fP] [\fBnoauth\fP]
-
-Add a record of the given type to the pdnsd cache, replacing existing
-records for the same name and type. The 2nd argument corresponds
-to the value of the option in the rr section that is named like
-the first argument. The addr argument may be a list of IP addresses,
-separated by commas or white space.
-The ttl is optional, the default is 900 seconds.
-\fBnoauth\fP is used to make the domains non-authoritative
-(this is similar to setting authrec=off in the config file,
-please consult the
-.BR pdnsd.conf (5)
-man page for what that means).
-If you want no other record than the newly added in the cache, do
-\fBpdnsd\-ctl\fP\ \fBrecord\fP\ \fIname\fP\ \fBdelete\fP
-before adding records.
-.TP
-\fBneg\fP\ \ \ \ \fIname\fP [\fItype\fP] [\fIttl\fP]
-
-Add a negatively cached record to pdnsd's cache, replacing existing
-records for the same name and type. If no type is given, the whole
-domain is cached negatively. For negatively cached records, errors are
-immediately returned on a query, without querying other servers first.
-The ttl is optional, the default is 900 seconds.
-.TP
-\fBconfig\fP\ \fIfilename\fP
-
-Reload pdnsd's configuration file.
-.br
-The config file must be owned by the uid that pdnsd had when it was started,
-and be readable by pdnsd's run_as uid.
-If no file name is specified, the config file used at start-up is reloaded.
-Note that some configuration changes, like the port or IP address pdnsd listens on,
-cannot be made this way and you will receive an error message.
-In these cases, you will have to restart pdnsd instead.
-.TP
-\fBinclude\fP\ \fIfilename\fP
-
-Parse an include file.
-.br
-The include file may contain the same
-type of sections as a config file, expect for global and server
-sections, which are not allowed. This command can be used to add data
-to the cache without reconfiguring pdnsd.
-.TP
-\fBeval\fP\ \ \ \fIstring\fP
-
-Parse a string as if part of an include file.
-.br
-The string should hold one or more complete configuration sections,
-but no global and server sections, which are not allowed.
-If multiple strings are given, they will be joined using newline chars
-and parsed together.
-.TP
-\fBempty\-cache\fP\ [[+|-]\fIname\fP ...]
-
-Delete all entries in the cache matching include/exclude rules.
-.br
-If no arguments are provided, the cache is completely emptied,
-freeing all existing entries.
-Note that this also removes local records, as defined by the config file.
-To restore local records, run "pdnsd-ctl\ config" immediately afterwards.
-.br
-If one or more arguments are provided, these are interpreted as
-include/exclude names. If an argument starts with a '+' the name is to
-be included. If an argument starts with a '-' it is to be excluded.
-If an argument does not begin with '+' or '-', a '+' is assumed.
-If the domain name of a cache entry ends in one of the names in the
-list, the first match will determine what happens. If the matching name
-is to be included, the cache entry is deleted, otherwise it remains.
-If there are no matches, the default action is not to delete.
-.TP
-\fBdump\fP\ \ \ [\fIname\fP]
-
-Print information stored in the cache about \fIname\fP.
-If \fIname\fP begins with a dot and is not the root domain, information
-about the names in the cache ending in \fIname\fP (including \fIname\fP without
-the leading dot) will be printed.
-If \fIname\fP is not specified, information about all the names in the cache
-will be printed.
-.TP
-\fBlist\-rrtypes\fP [no arguments]
-
-List available rr types for the neg command. Note that those are only
-used for the neg command, not for add!
-.SH "BUGS"
-.PP
-If you pipe the output of \fBdump\fP command through an application that
-reads only part of the output and then blocks (such as more or less),
-pdnsd threads trying to add new entries to the cache will be suspended
-until the pipe is closed.
-It is preferable to capture the output in a file in such a case.
-.br
-Report any remaining bugs to the authors.
-.SH "AUTHORS"
-.PP
-Thomas Moestl
-.UR
-
-.UE
-.br
-Paul A. Rombouts
-.UR
-
-.UE
-(for versions 1.1.8b1\-par and later)
-.PP
-Last revised: 04 Sep 2008 by Paul A. Rombouts.
-.SH "SEE ALSO"
-.PP
-.BR pdnsd (8),
-.BR pdnsd.conf (5)
diff --git a/jni/pdnsd/doc/pdnsd.8.in b/jni/pdnsd/doc/pdnsd.8.in
deleted file mode 100644
index ba4330af..00000000
--- a/jni/pdnsd/doc/pdnsd.8.in
+++ /dev/null
@@ -1,326 +0,0 @@
-.TH PDNSD 8 "Jul 2007" "pdnsd @fullversion@" "System Administration Commands"
-
-.SH NAME
-\fBpdnsd\fP \- dns proxy daemon
-
-.SH SYNOPSIS
-
-\fBpdnsd\fP [\-h] [\-V] [\-s] [\-d] [\-g] [\-t] [\-p \fIfile\fR] [\-v\fIn\fR] [\-m\fIxx\fR] [\-c \fIfile\fR] [\-4] [\-6] [\-a]
-.PP
-This man page is an extract of the documentation of \fBpdnsd\fP.
-For complete, current documentation, refer to the HTML (or plain text)
-documentation (which you can find in the \fBdoc/\fP subdirectory of the
-source or in a standard documentation directory, typically
-\fB/usr/share/doc/pdnsd/\fP if you are using a binary package).
-
-.SH DESCRIPTION
-.PP
-\fBpdnsd\fP is a IPv6 capable proxy domain name server (DNS) which
-saves the contents of its DNS cache to the disk on exit.
-
-.SH OPTIONS
-
-.RS
-.TP
-.B \-4
-enables IPv4 support. IPv6 support is automatically
-disabled (should it be available). On by default.
-.TP
-.B \-6
-enables IPv6 support. IPv4 support is automatically
-disabled (should it be available). Off by default.
-.TP
-.B \-a
-With this option, pdnsd will try to detect automatically if
-the system supports IPv6, and fall back to IPv4 otherwise.
-.TP
-.BR \-V " or " \-\-version
-Print version information and exit.
-.TP
-\fB\-c\fP \fIFILE\fP or \fB\-\-config\-file=\fP\fIFILE\fP
-specifies that configuration is to be read from \fIFILE\fP.
-Default is \fB@sysconfdir@/pdnsd.conf\fP.
-.TP
-.BR \-d " or " \-\-daemon
-Start \fBpdnsd\fP in daemon mode (as a background process).
-.TP
-.BR \-g " or " \-\-debug
-Print some debug messages on the console or to the file
-\fBpdnsd.debug\fP in your cache directory (in daemon mode).
-.TP
-.BR \-h " or " \-\-help
-Print an option summary and exit.
-.TP
-\fB\-i\fP \fIPREFIX\fP or \fB\-\-ipv4_6_prefix=\fP\fIPREFIX\fP
-specifies the prefix pdnsd uses (when running in IPv6 mode) to map IPv4
-addresses in the configuration file to IPv6 addresses. Must be a valid IPv6
-address. Default is ::ffff:0.0.0.0
-.TP
-.B \-p \fIFILE\fP
-writes the pid the server runs as to the specified filename. Works
-only in daemon mode.
-.TP
-.B \-\-pdnsd\-user
-Print the user \fBpdnsd\fP will run as and exit.
-.TP
-.BR \-s " or " \-\-status
-enables the status control socket. Either this option should be passed
-to the command line or \fBstatus_ctl=on;\fP should be specified in the
-config file if you want to use
-.BR pdnsd\-ctl (8)
-to control \fBpdnsd\fP at runtime.
-.TP
-.BR \-t " or " \-\-tcp
-enables the TCP server thread. \fBpdnsd\fP will then serve TCP and UDP
-queries.
-.TP
-.BI \-v n
-sets the verbosity of \fBpdnsd\fP. \fIn\fP is a numeric argument
-between 0 (normal operation) to 3 (many messages for debugging).
-.TP
-.BI \-m xx
-sets the query method \fBpdnsd\fP
-uses. Possible values for \fIxx\fP are:
-.IP
-.B uo
-\- pdnsd will use UDP only. This is the fastest method, and should
-be supported by all name servers on the Internet.
-
-.IP
-.B to
-\- pdnsd will use TCP only. TCP queries usually take more time than
-UDP queries, but are more secure against certain attacks, where an
-attacker tries to guess your query id and to send forged answers. TCP
-queries are not supported by some name servers.
-
-.IP
-.B tu
-\- pdnsd will try to use TCP, and will fall back to UDP if its
-connection is refused or times out.
-
-.IP
-.B ut
-\- pdnsd will try to use UDP, and will repeat the query using TCP
-if the UDP reply was truncated (i.e. the tc bit is set).
-This is the behaviour recommended by the DNS standards.
-
-.PP
-Additionally, "no" can be prepended to the \-\-status, \-\-daemon, \-\-debug
-and \-\-tcp options (e.g. \-\-notcp) to reverse their effect.
-.RE
-
-.SH USAGE
-.PP
-\fBpdnsd\fP is usually run from a startup script. For \fBpdnsd\fP to
-work, You need to:-
-
-.IP
-1. Tell your system to use \fBpdnsd\fP as the primary DNS server by
-modifying \fB/etc/resolv.conf\fP.
-
-.IP
-2. Tell \fBpdnsd\fP to use an authentic source for DNS records, by
-including the IP addresses of one or more DNS servers, usually your
-ISP's DNS servers, in \fB@sysconfdir@/pdnsd.conf\fP.
-.PP
-For this, put the following line in your \fB/etc/resolv.conf\fP
-.PP
-.RS
-nameserver 127.0.0.X
-.RE
-.PP
-where X can be any number. (I use 3). Comment out all other
-entries. You should put the same value in the server_ip= line in
-\fBglobal\fP section of \fB@sysconfdir@/pdnsd.conf\fP.
-.br
-If you want to use \fBpdnsd\fP as the DNS server for a small local network,
-you should use the IP address or name of the interface connected to
-this network instead of 127.0.0.X.
-.RE
-
-.PP
-To tell \fBpdnsd\fP where to get DNS information from, add the
-following lines in \fB@sysconfdir@/pdnsd.conf\fP:-
-
-.PP
-.RS
-server {
-.br
- label= "myisp";
- ip=123.456.789.001,123.456.789.002;
- proxy_only=on;
- timeout=10;
-.br
-}
-.RE
-.PP
-Note the opening and closing braces. Add more such \fBserver\fP
-sections for each set of DNS servers you want \fBpdnsd\fP to query.
-Of course the configuration options shown here are just examples.
-More examples can be found in \fB@sysconfdir@/pdnsd.conf.sample\fP
-or the pdnsd.conf in the documentation directory.
-See the
-.BR pdnsd.conf (5)
-man page for all the possible options and their exact meaning.
-.PP
-If you use a dial up connection, remember that ppp scripts usually
-replace \fB/etc/resolv.conf\fP when connection with the ISP is
-established. You need to configure ppp (or whatever you use to
-establish a connection) so that \fB/etc/resolv.conf\fP is not replaced
-every time a connection is established. Read the documentation for the
-scripts run when your network comes up.
-.PP
-If you use pppconfig, specify `none' in the `nameservers' option in
-the `advanced' tab. If you use multiple ISPs, you should do this for
-each connection/account.
-.PP
-If you use multiple ISPs, you should tell \fBpdnsd\fP which DNS servers
-have become available by calling \fBpdnsd\-ctl\fP, the \fBpdnsd\fP
-control utility, in a script (e.g. \fB/etc/ppp/ip\-up\fP when you use pppd)
-that is run when the connection is established.
-If the addresses of the DNS servers are obtained through some type of
-dynamic configuration protocol (e.g. pppd with the usepeerdns
-option or a DHCP client), you can pass the DNS server addresses as an extra
-argument to \fBpdnsd\-ctl\fP to configure \fBpdnsd\fP at run time.
-See the
-.BR pdnsd\-ctl (8)
-man page for details.
-
-.SH FILES
-
-\fB@sysconfdir@/pdnsd.conf\fP is the pdnsd configuration file.
-The file format and configuration options are described in the
-.BR pdnsd.conf (5)
-man page. You can find examples of almost all options in
-\fB@sysconfdir@/pdnsd.conf.sample\fP.
-.PP
-\fB@cachedir@/pdnsd.cache\fP
-.PP
-\fB@cachedir@/pdnsd.status\fP is the status control socket, which must be
-enabled before you can use \fBpdnsd\-ctl\fP.
-.PP
-\fB/etc/init.d/pdnsd\fP (the name and location of the start-up script
-may be different depending on your distribution.)
-.PP
-\fB/etc/resolv.conf\fP
-.PP
-\fB/etc/defaults/pdnsd\fP contains additional parameters or options
-which may be passed to pdnsd at boot time. This saves the hassle of
-fiddling with initscripts (not available on all distributions).
-
-.SH BUGS
-.PP
-The verbosity option
-.BI -v n
-presently does not seem to have much effect on the amount of debug output.
-.br
-Report any remaining bugs to the authors.
-
-.SH CONFORMING TO
-.PP
-\fBpdnsd\fP should comply with RFCs 1034 and 1035. As of version
-1.0.0, RFC compliance has been improved and pdnsd is now believed (or
-hoped?) to be fully RFC compatible. It completely follows RFC 2181
-(except for one minor issue in the FreeBSD port, see the
-documentation).
-.PP
-It does \fINOT\fP support the following features, of which most are
-marked optional, experimental or obsolete in these RFCs:
-
-
-.IP
-\(bu Inverse queries
-.IP
-\(bu Status queries
-.IP
-\(bu Completion queries
-.IP
-\(bu Namespaces other than IN (Internet)
-.IP
-\(bu AXFR and IXFR queries (whole zone transfers); since pdnsd does not maintain zones, that should not violate the standard
-
-.PP
-The following record types, that are extensions to the original DNS
-standard, are supported if given as options at compile time. (if you
-do not need them, you do not need to compile support for them into
-pdnsd and save cache and executable space):
-
-.IP
-\(bu RP (responsible person, RFC 1183)
-.IP
-\(bu AFSDB (AFS database location, RFC 1183)
-.IP
-\(bu X25 (X25 address, RFC 1183)
-.IP
-\(bu ISDN (ISDN number/address, RFC 1183)
-.IP
-\(bu RT (route through, RFC 1183)
-.IP
-\(bu NSAP (Network Service Access Protocol address , RFC 1348)
-.IP
-\(bu PX (X.400/RFC822 mapping information, RFC 1995)
-.IP
-\(bu GPOS (geographic position, deprecated)
-.IP
-\(bu AAAA (IPv6 address, RFC 1886)
-.IP
-\(bu LOC (location, RFC 1876)
-.IP
-\(bu EID (Nimrod EID)
-.IP
-\(bu NIMLOC (Nimrod locator)
-.IP
-\(bu SRV (service record, RFC 2782)
-.IP
-\(bu ATMA (ATM address)
-.IP
-\(bu NAPTR (URI mapping, RFC 2168)
-.IP
-\(bu KX (key exchange, RFC 2230)
-
-.SH SEE ALSO
-.PP
-.BR pdnsd\-ctl (8),
-.BR pdnsd.conf (5),
-.BR pppconfig (8),
-.BR resolv.conf (5)
-.PP
-More documentation is available in the \fBdoc/\fP subdirectory of the source,
-or in \fB/usr/share/doc/pdnsd/\fP if you are using a binary package.
-
-.SH AUTHORS
-
-\fBpdnsd\fP was originally written by Thomas Moestl,
-.UR
-,
-.UE
-and was extensively revised by Paul A. Rombouts
-.UR
-
-.UE
-(for versions 1.1.8b1\-par and later).
-.PP
-Several others have contributed to \fBpdnsd\fP; see files in the
-source or \fB/usr/share/doc/pdnsd/\fP directory.
-.PP
-This man page was written by Mahesh T. Pai
-.UR
-
-.UE
-using the documents in \fB/usr/share/docs/pdnsd/\fP directory for Debian,
-but can be used on other distributions too.
-.PP
-Last revised: 22 Jul 2007 by Paul A. Rombouts.
-
-.SH COPYRIGHT
-
-.PP
-This man page is a part of the pdnsd package, and may be distributed
-in original or modified form under terms of the GNU General Public
-License, as published by the Free Software Foundation; either version
-3, or (at your option) any later version.
-
-.PP
-You can find a copy of the GNU GPL in the file \fBCOPYING\fP in the source
-or the \fB/usr/share/common\-licenses/\fP directory if you are using a
-Debian system.
diff --git a/jni/pdnsd/doc/pdnsd.conf.5.in b/jni/pdnsd/doc/pdnsd.conf.5.in
deleted file mode 100644
index 801b5350..00000000
--- a/jni/pdnsd/doc/pdnsd.conf.5.in
+++ /dev/null
@@ -1,1328 +0,0 @@
-.\" Generated automatically from the html documentation by html2confman.pl
-.\"
-.\" Manpage for pdnsd.conf (pdnsd configuration file)
-.\"
-.\" Copyright (C) 2000, 2001 Thomas Moestl
-.\" Copyright (C) 2003, 2004, 2005, 2006, 2007 Paul A. Rombouts
-.\"
-.\" This manual is a part of the pdnsd package, and may be distributed in
-.\" original or modified form under terms of the GNU General Public
-.\" License, as published by the Free Software Foundation; either version
-.\" 3, or (at your option) any later version.
-.\" You can find a copy of the GNU GPL in the file COPYING in the source
-.\" or documentation directory.
-.\"
-.TH PDNSD.CONF 5 "Apr 2012" "pdnsd @fullversion@"
-.SH NAME
-pdnsd.conf \- The configuration file for pdnsd
-.hw config
-.SH DESCRIPTION
-.PP
-This manual page describes the layout of the
-.BR pdnsd (8)
-configuration file and the available configuration options.
-The default location of the file is @sysconfdir@/pdnsd.conf. This may be changed
-with the \fB-c\fP command line option.
-An example pdnsd.conf comes with the pdnsd distribution in the documentation directory
-or in @sysconfdir@/pdnsd.conf.sample.
-.SH "FILE FORMAT"
-.PP
-The configuration file is divided into sections. Each section is prefixed with
-the section name and opening curlies ({) and closed with closing curlies (}).
-In each section, configuration options can be given in the form
-
-\fIoption_name\fP=\fIoption_value\fP;
-
-Option value may be a string literal, a number, a time specification or a constant.
-In previous versions of pdnsd strings had to be enclosed
-in quotes ("), but since version 1.1.10 this is no longer necessary, unless
-a string contains a special character such as whitespace, a token that normally starts
-a comment, or one of ",;{}\".
-Since version 1.2.9 a backslash (\) inside a string is interpreted as an escape character,
-so it is possible to include special characters in strings (both quoted or unquoted)
-by preceding them with a backslash. Some escape sequences are in interpreted as in the C
-programming language, e.g. \t becomes a tab,
-\n becomes a new-line control char.
-.br
-A time specification consists a sequence of digits followed by a one-letter suffix.
-The following suffixes are recognized:
-s (seconds), m (minutes), h (hours),
-d (days) and w (weeks).
-If the suffix is missing, seconds are assumed.
-If several time specifications are concatenated, their values are added together;
-e.g. 2h30m is interpreted as 2*60*60 + 30*60 = 9000 seconds.
-.br
-Some options take more than one value; in this case, the values are separated with commas.
-.br
-If you may supply one of a set of possible values to an option, this is noted
-in the documentation as
-(option1|option2|option3|...)
-.br
-The constants true|false and yes|no
-are accepted as synonyms for the constants on|off.
-.br
-Comments may be enclosed in /* and */, nested comments are possible. If the
-# sign or two slashes (//) appear in the configuration file, everything from
-these signs to the end of the current line is regarded as a comment and ignored.
-.br
-There are examples for nearly all options in the sample config file.
-
-.SS global Section
-The global section specifies parameters that affect the overall behaviour of the
-server. If you specify multiple global sections, the settings of those later in
-the file will overwrite the earlier given values.
-.br
-These are the possible options:
-
-.TP
-.B perm_cache=(\fInumber\fP|off);
-Switch the disk cache off or supply a maximum cache size in kB. If the disk
-cache is switched off, 8 bytes will still be written to disk.
-The memory cache is always 10kB larger than the file cache.
-This value is 2048 (2 MB) by default.
-.TP
-.B cache_dir=\fIstring\fP;
-Set the directory you want to keep the cache in.
-The default is "@cachedir@"
-(unless pdnsd was compiled with a different default).
-.TP
-.B server_port=\fInumber\fP;
-Set the server port. This is especially useful when you want to start the
-server and are not root. Note that you may also not specify uptest=ping in
-the server section as non-root.
-.br
-The default port is 53, the RFC-standard one. Note that you should only use
-non-standard ports when you only need clients on your machine to communicate
-with the server; others will probably fail if the try to contact the server
-on the basis of an NS record, since the A record that supplies the address for
-(among others) name servers does not have a port number specification.
-.TP
-.B server_ip=\fIstring\fP;
-or
-.PD 0
-.TP
-.PD
-.B interface=\fIstring\fP;
-Set the IP address pdnsd listens on for requests. This can be useful
-when the host has several interfaces and you want pdnsd not to listen on
-all interfaces. For example, it is possible to bind pdnsd to listen on
-127.0.0.2 to allow pdnsd to be a forwarder for BIND.
-The default setting for this option is server_ip=any, which means that
-pdnsd will listen on all of your local interfaces.
-Presently you can only specify one address here; if you want pdnsd to listen on multiple
-interfaces but not all you will have to specify server_ip=any
-and use firewall rules to restrict access.
-.br
-The IP address used to need quotation marks around it, but since version 1.1.10
-this is no longer necessary.
-.br
-If pdnsd has been compiled with both IPv4 and IPv6 support, and you want to
-specify an IPv6 address here, then unless pdnsd was compiled to start up in IPv6 mode
-by default, you will need to use the \-6 command-line option or
-set run_ipv4=off first (see below) in order to ensure that the
-IPv6 address is parsed correctly.
-.br
-If pdnsd is running in IPv6 mode and you specify an IPv4 address here,
-it will automatically be mapped to an IPv6 address.
-.br
-\fINew in version 1.2:\fP You may also give the name of an interface
-such as "lo" or "eth0" here, instead of an IP address
-(this has been tested on Linux, and may or may not work on other platforms).
-pdnsd will not bind to the interface name, but will look up the address of the
-interface at start-up and listen on that address. If the address of the interface
-changes while pdnsd is running, pdnsd will not notice that. You will need to
-restart pdnsd in that case.
-.TP
-.B outgoing_ip=\fIstring\fP;
-or
-.PD 0
-.TP
-.PD
-.B outside_interface=\fIstring\fP;
-\fINew in version 1.2.9:\fP
-Set the IP address of the interface used by pdnsd for outgoing queries.
-This can be useful when the host has several interfaces and you want pdnsd
-to send outgoing queries via only one of them.
-For example, if pdnsd is running on a host with one interface with IP address
-192.168.1.1 connected to the local network, and another with IP address 123.xxx.yyy.zzz
-connected to the internet, you may specify server_ip=192.168.1.1
-and outgoing_ip=123.xxx.yyy.zzz to enforce that pdnsd only responds
-to queries received from the local network, and only sends outgoing queries via
-the interface connected to the internet.
-.br
-The default setting for this option is any, which means that
-the kernel is free to decide which interface to use.
-Like with the server_ip option, you may also give the name of an
-interface here, instead of an IP address.
-.TP
-.B linkdown_kluge=(on|off);
-This option enables a kluge that some people might need: when all servers are
-marked down, with this option set the cache is not even used when a query is
-received, and a DNS error is returned in any case. The only exception from this
-is that local records (as specified in rr and source
-sections are still served normally.
-In general, you probably want to get cached entries even when the network is down,
-so this defaults to off.
-.TP
-.B max_ttl=\fItimespec\fP;
-This option sets the maximum time a record is held in cache. All dns
-resource records have a time to live field that says for what period of time the
-record may be cached before it needs to be requeried. If this is more than the
-value given with max_ttl, this time to live value is set to max_ttl.
-This is done to prevent records from being cached an inappropriate long period of time, because
-that is almost never a good thing to do. Default is 604800s (one week).
-.TP
-.B min_ttl=\fItimespec\fP;
-This option sets the minimum time a record is held in cache. All dns
-resource records have a time to live field that says for what period of time the
-record may be cached before it needs to be requeried. If this is less than the
-value given with min_ttl, this time to live value is set to min_ttl.
-Default is 120 seconds.
-.TP
-.B neg_ttl=\fItimespec\fP;
-This option sets the time that negatively cached records will remain valid in the
-cache if no time to live can be determined. This is always the case when whole
-domains are being cached negatively, and additionally when record types are cached
-negatively for a domain for which no SOA record is known to pdnsd. If a SOA is present,
-the ttl of the SOA is taken.
-.TP
-.B neg_rrs_pol=(on|off|auth|default);
-This sets the RR set policy for negative caching; this tells pdnsd under which circumstances
-it should cache a record type negatively for a certain domain. off will
-turn the negative caching of record types off, on will always add a negative
-cache entry when a name server did not return a record type we asked it for, and auth
-will only add such entries if the answer came from an authoritative name server for that
-domain.
-.br
-\fINew in version 1.2.8:\fP The default setting will add a negatively cached record
-if either the answer was authoritive or the answer indicated the name server had "recursion available"
-while the query explicitly requested such recursion.
-.br
-The preset is "default" (used to be auth).
-.TP
-.B neg_domain_pol=(on|off|auth);
-This is analogue to neg_rrs_pol for whole domain negative caching. It should be safe
-to set this on, because I have not seen a caching server that will falsely claim that a
-domain does not exist.
-.br
-The default is auth.
-.TP
-.B run_as=\fIstring\fP;
-This option allows you to let pdnsd change its user and group id after operations that needed
-privileges have been done. This helps minimize security risks and is therefore recommended. The
-supplied string gives a user name whose user id and primary group id are taken.
-.br
-A little more details: after reading the config file, becoming a daemon (if specified) and starting
-the server status thread, the main thread changes its gid and uid, as do all newly created threads
-thereafter. By taking another uid and gid, those threads run with the privileges of the
-specified user.
-Under Linux and FreeBSD, the server status thread runs with the original privileges only when the strict_setuid option
-is set to off (see below, on by default), because these may be needed
-for exec uptests. The manager thread also retains its original privileges in this case.
-You should take care that the user you specify has write permissions on your cache file and
-status pipe (if you need a status pipe). You should look out for error messages like "permission denied"
-and "operation not permitted" to discover permission problems.
-.br
-.TP
-.B strict_setuid=(on|off);
-When used together with the run_as option, this option lets you specify that all threads of the
-program will run with the privileges of the run_as user. This provides higher security than
-the normal run_as
-option, but is not always possible. See the run_as option for further discussion.
-.br
-This option is on by default.
-.br
-Note that this option has no effect on Non-Linux systems.
-.TP
-.B paranoid=(on|off);
-Normally, pdnsd queries all servers in recursive mode (i.e. instructs servers to query other servers themselves
-if possible,
-and to give back answers for domains that may not be in its authority), and accepts additional records with information
-for servers that are not in the authority of the queried server. This opens the possibility of so-called cache poisoning:
-a malicious attacker might set up a dns server that, when queried, returns forged additional records. This way, he might
-replace trusted servers with his own ones by making your dns server return bad IP addresses. This option protects
-you from cache poisoning by rejecting additional records
-that do not describe domains in the queried servers authority space and not doing recursive queries any more.
-An exception
-to this rule are the servers you specify in your config file, which are trusted.
-.br
-The penalty is a possible performance decrease, in particular, more queries might be necessary for the same
-operation.
-.br
-You should also notice that there may be other similar security problems, which are essentially problems of
-the DNS, i.e.
-any "traditional" server has them (the DNS security extensions solve these problems, but are not widely
-supported).
-One of this vulnerabilities is that an attacker may bombard you with forged answers in hopes that one may match a
-query
-you have done. If you have done such a query, one in 65536 forged packets will be succesful (i.e. an average packet
-count of 32768 is needed for that attack). pdnsd can use TCP for queries,
-which has a slightly higher overhead, but is much less vulnerable to such attacks on sane operating systems. Also, pdnsd
-chooses random query ids, so that an attacker cannot take a shortcut. If the attacker is able to listen to your network
-traffic, this attack is relatively easy, though.
-.br
-This vulnerability is not pdnsd's fault, and is possible using any conventional
-name server (pdnsd is perhaps a little more secured against this type of attacks if you make it use TCP).
-.br
-The paranoid option is off by default.
-.br
-.TP
-.B ignore_cd=(on|off);
-\fINew in version 1.2.8:\fP This option lets you specify that the CD bit of a DNS query will be ignored.
-Otherwise pdnsd will reply FORMERR to clients that set this bit in a query.
-It is safe to enable this option, as the CD bit refers to 'Checking Disabled'
-which means that the client will accept non-authenticated data.
-.br
-This option is on by default. Turn it off if you want the old behaviour (before version 1.2.8).
-.TP
-.B scheme_file=\fIstring\fP;
-In addition to normal uptests, you may specify that some servers shall only be queried when a certain
-pcmcia-cs scheme is active (only under linux). For that, pdnsd needs to know where the file resides that
-holds the pcmcia scheme information. Normally, this is either /var/lib/pcmcia/scheme or
-/var/state/pcmcia/scheme.
-.TP
-.B status_ctl=(on|off);
-This has the same effect as the \-s command line option: the status control is enabled when
-on is specified.
-.br
-\fIAdded by Paul Rombouts\fP: Note that pdnsd\-ctl allows run-time configuration of pdnsd,
-even the IP addesses of the name servers can be changed. If you're not using pdnsd\-ctl and
-you want maximum security, you should not enable this option. It is disabled by default.
-.TP
-.B daemon=(on|off);
-This has the same effect as the \-d command line option: the daemon mode is enabled when
-on is specified.
-.br
-Default is off.
-.TP
-.B tcp_server=(on|off);
-tcp_server=on has the same effect as the \-t or \-\-tcp
-command-line option: it enables TCP serving.
-Similarly, tcp_server=off is like the \-\-notcp command-line option.
-.br
-Default is on.
-.TP
-.B pid_file=\fIstring\fP;
-This has the same effect as the \-p command line option: you can specify a file that pdnsd
-will write its pid into when it starts in daemon mode.
-.TP
-.B verbosity=\fInumber\fP;
-This has the same effect as the \-v command line option: you can set the verbosity of pdnsd's
-messages with it. The argument is a number between 0 (few messages) to 3 (most messages).
-.TP
-.B query_method=(tcp_only|udp_only|tcp_udp|udp_tcp);
-This has the same effect as the \-m command line option.
-Read the documentation for the command line option on this.
-tcp_only corresponds to the to, udp_only to the uo,
-tcp_udp to the tu and udp_tcp to the ut
-argument of the command line option.
-.br
-If you use query_method=tcp_udp, it is recommended that you also set the global timeout option to at least twice the longest server timeout.
-.TP
-.B run_ipv4=(on|off);
-This has the same effect as the \-4 or \-6 command line option:
-if on is specified, IPv4 support is enabled, and IPv6 support is disabled (if available).
-If off is specified, IPv4 will be disabled and IPv6 will be enabled.
-For this option to be meaningful, pdnsd needs to be compiled with support for the protocol you choose.
-If pdnsd was compiled with both IPv4 and IPv6 support, and you want to include IPv6 addresses
-in the configuration file, you will probably need to specify run_ipv4=off first to
-ensure that the IPv6 addresses are parsed correctly.
-.TP
-.B debug=(on|off);
-This has the same effect as the \-g command line option: the debugging messages are enabled when
-on is specified.
-.TP
-.B ctl_perms=\fInumber\fP;
-This option allows you to set the file permissions that the pdnsd status control socket will have. These
-are the same as file permissions. The owner of the file will be the run_as user, or, if none is specified,
-the user who started pdnsd. If you want to specify the permissions in octal (as usual), don't forget
-the leading zero (0600 instead of 600!). To use the status control, write access is needed. The default
-is 0600 (only the owner may read or write).
-.br
-Please note that the socket is kept in the cache directory, and that the cache directory permissions
-might also need to be adjusted. Please ensure that the cache directory is not writeable for untrusted
-users.
-.TP
-.B proc_limit=\fInumber\fP;
-With this option, you can set a limit on the pdnsd threads that will be active simultaneously. If
-this number is exceeded, queries are queued and may be delayed some time.
-See also the procq_limit option.
-.br
-The default for this option is 40.
-.TP
-.B procq_limit=\fInumber\fP;
-When the query thread limit proc_limit is exceeded, connection attempts to pdnsd will be queued.
-With this option, you can set the maximum queue length.
-If this length is also exceeded, the incoming queries will be dropped.
-That means that tcp connections will be closed and udp queries will just be dropped, which
-will probably cause the querying resolver to wait for an answer until it times out.
-.br
-See also the proc_limit option. A maximum of proc_limit+procq_limit
-query threads will exist at any one time (plus 3 to 6 threads that will always
-be present depending on your configuration).
-.br
-The default for this option is 60.
-.TP
-.B tcp_qtimeout=\fItimespec\fP;
-This option sets a timeout for tcp queries. If no full query has been received on a tcp connection
-after that time has passed, the connection will be closed. The default is set using the
-\-\-with\-tcp\-qtimeout option to configure.
-.TP
-.B par_queries=\fInumber\fP;
-This option used to set the maximum number of remote servers that would be queried simultaneously,
-for every query that pdnsd receives.
-.br
-Since version 1.1.11, the meaning of this option has changed slightly.
-It is now the increment with which the number of parallel queries is
-increased when the previous set of servers has timed out.
-For example, if we have a list \fIserver1, server2, server3,\fP etc. of available servers
-and par_queries=2, then pdnsd will first send queries to \fIserver1\fP and \fIserver2\fP,
-and listen for responses from these servers.
-.br
-If these servers do not send a reply within their timeout period, pdnsd will send additional
-queries to \fIserver3\fP and \fIserver4\fP, and listen for responses from
-\fIserver1, server2, server3\fP and \fIserver4\fP, and so on until a useful reply is
-received or the list is exhausted.
-.br
-In the worst case there will be pending queries to all the servers in the list of available servers.
-We may be using more system resources this way (but only if the first servers in the list
-are slow or unresponsive), but the advantage is that we have a greater chance of catching a reply.
-After all, if we wait longer anyway, why not for more servers.
-.br
-See also the explanation of the global timeout option below.
-.br
-1 or 2 are good values for this option.
-The default is set at compile time using the \-\-with\-par\-queries option to configure.
-.TP
-.B timeout=\fItimespec\fP;
-This is the global timeout parameter for dns queries.
-This specifies the minimum period of time pdnsd will wait after sending the
-first query to a remote server before giving up without having
-received a reply. The timeout options in the configuration file are
-now only minimum timeout intervals. Setting the global timeout option
-makes it possible to specify quite short timeout intervals in the
-server sections (see below). This will have the effect that pdnsd will start
-querying additional servers fairly quickly if the first servers are
-slow to respond (but will still continue to listen for responses from
-the first ones). This may allow pdnsd to get an answer more quickly in
-certain situations.
-.br
-If you use query_method=tcp_udp it is recommended that
-you make the global timeout at least twice as large as the largest
-server timeout, otherwise pdnsd may not have time to try a UDP query
-if a TCP connection times out.
-.br
-Default value is 0.
-.TP
-.B randomize_recs=(on|off);
-If this option is turned on, pdnsd will randomly reorder the cached records of one type
-when creating an answer. This supports round-robin DNS schemes and increases fail
-safety for hosts with multiple IP addresses, so this is usually a good idea.
-.br
-On by default.
-.TP
-.B query_port_start=(\fInumber\fP|none);
-If a number is given, this defines the start of the port range used for queries of pdnsd. The
-value given must be >= 1024. The purpose of this option is to aid certain firewall
-configurations that are based on the source port. Please keep in mind that another application
-may bind a port in that range, so a stateful firewall using target port and/or process uid may
-be more effective. In case a query start port is given pdnsd uses this port as the first port of a
-specified port range (see query_port_end) used for queries.
-pdnsd will try to randomly select a free port from this range as local port for the query.
-.br
-To ensure that there are enough ports for pdnsd to use, the range between query_port_start and
-query_port_end should be adjusted to at least (par_queries * proc_limit).
-A larger range is highly recommended for security reasons, and also because other applications may
-allocate ports in that range. If possible, this range should be kept out of the space
-that other applications usually use.
-.br
-The default for this option is 1024. Together with the default value of query_port_end,
-this makes it the hardest for an attacker to guess the source port used by the pdnsd resolver.
-If you specify none here, pdnsd will let the kernel choose the source port, but
-this may leave pdnsd more vulnerable to an attack.
-.TP
-.B query_port_end=\fInumber\fP;
-Used if query_port_start is not none. Defines the last port of the range started by query_port_start
-used for querys by pdnsd. The default is 65535, which is also the maximum legal value for this option.
-For details see the description of query_port_start.
-.TP
-.B delegation_only=\fIstring\fP;
-\fIAdded by Paul Rombouts\fP: This option specifies a "delegation-only" zone.
-This means that if pdnsd receives a query for a name that is in a
-subdomain of a "delegation-only" zone but the remote name server
-returns an answer with an authority section lacking any NS RRs for
-subdomains of that zone, pdnsd will answer NXDOMAIN (unknown domain).
-This feature can be used for undoing the undesired effects of DNS
-"wildcards". Several "delegation-only" zones may be specified together.
-If you specify root servers in a server section it is
-important that you set root_server=on in such a section.
-.br
-Example:
-
-delegation_only="com","net";
-
-This feature is off by default. It is recommended that you only use
-this feature if you actually need it, because there is a risk that
-some legitimate names will be blocked, especially if the remote
-name servers queried by pdnsd return answers with empty authority
-sections.
-.TP
-.B ipv4_6_prefix=\fIstring\fP;
-This option has the same effect as the \-i command-line option.
-When pdnsd runs in IPv6 mode, this option specifies the prefix pdnsd uses to convert IPv4 addresses in
-the configuration file (or addresses specified with pdnsd\-ctl)
-to IPv6-mapped addresses.
-The string must be a valid IPv6 address. Only the first 96 bits are used.
-Note that this only effects the parsing of IPv4 addresses listed after this option.
-.br
-The default is "::ffff.0.0.0.0".
-.TP
-.B use_nss=(on|off);
-If this option is turned on, pdnsd will call initgroups() to set up the group access list,
-whenever pdnsd changes its user and group id (see run_as option).
-There is a possible snag, though, if initgroups() uses NSS (Name Service Switch) and
-NSS in turn uses DNS. In such a case you may experience lengthy timeouts and stalls.
-By setting use_nss=off, you can disable the initgroups() call
-(only possible in versions 1.2.5 and later).
-.br
-This option was contributed by Jan-Marek Glogowski.
-.br
-On by default.
-.TP
-.B udpbufsize=\fInumber\fP;
-\fINew in version 1.2.9:\fP
-This option sets the upper limit on the size of UDP DNS messages. The default is 1024.
-.br
-See also the edns_query server option below.
-
-.SS server Section
-Each server section specifies a set of name servers that pdnsd should try to get
-resource records or authoritative name server information from. The servers are
-queried in the order of their appearance (or parallel to a limited extend).
-If one fails, the next one is taken and so on.
-.br
-You probably want to specify the dns server in your LAN, the caching dns servers
-of your internet provider or even a list of root servers in one or more server sections.
-.br
-The supported options in this section are:
-
-.TP
-.B label=\fIstring\fP;
-Specify a label for the server section. This can be used to refer to this section
-when using pdnsd\-ctl, the pdnsd control utility.
-.br
-You can give several server sections the same label, but if you want to change the addresses
-of a server section (see \fBip\fP option below) during run-time with
-"pdnsd\-ctl\ server\ \fIlabel\fP\ up\ \fIdns1\fP,\fIdns2\fP,...",
-the label must be unique.
-.TP
-.B ip=\fIstring\fP;
-Give the IP (the address, \fInot\fP the host name) of the server.
-.br
-Multiple IP addresses can be given per server section.
-This can be done by entering multiple lines of the form ip=\fIstring\fP;
-or a single line like this:
-
-ip=\fIstring\fP,\fIstring\fP,\fIstring\fP;
-
-IP addresses do not have to be specified in the configuration file.
-A server section without IP addresses will remain inactive until it is assigned
-one or more addresses with pdnsd\-ctl,
-the pdnsd control utility.
-.br
-If pdnsd has been compiled with both IPv4 and IPv6 support, any IPv6 addresses you specify
-here will be skipped with a warning message, unless pdnsd is running in IPv6 mode.
-Thus, unless pdnsd was compiled to startup in IPv6 mode by default, you need to use the
-command-line option \-6 or set run_ipv4=off
-first (see global section) in order to ensure
-that IPv6 addresses are parsed correctly.
-.br
-If pdnsd is running in IPv6 mode and you specify an IPv4 address here,
-it will automatically be mapped to an IPv6 address.
-.TP
-.B file=\fIstring\fP;
-\fINew in version 1.2:\fP This option allows you to give the name of a resolv.conf-style file.
-Of the lines beginning with the nameserver keyword, the second field will be parsed as an
-IP address, as if it were specified with the ip= option. The remaining lines will be ignored.
-If the contents of the file changes while pdnsd is running, you can make pdnsd aware of the changes through the
-use of pdnsd\-ctl, the pdnsd control utility.
-This is usually most conveniently done by placing the command "pdnsd\-ctl\ config" in a script
-that is automatically run whenever the DNS configuration changes.
-.br
-For example, suppose you have a ppp client that writes the DNS configuration for your ISP to the file
-/etc/ppp/resolv.conf and runs the script /etc/ppp/ip-up when a new
-connection is established. One way of ensuring that pdnsd is automatically reconfigured is to
-add a server section in the config file with file=/etc/ppp/resolv.conf and to
-add the command "pdnsd\-ctl\ config" to /etc/ppp/ip-up.
-.TP
-.B port=\fInumber\fP;
-Give the port the remote name server listens on. Default is 53 (the official
-dns port)
-.TP
-.B uptest=(ping|none|if|dev|diald|exec|query);
-Determine the method to check whether the server is available. Currently
-defined methods are:
-.IP
-\(bu \fBping\fP: Send an ICMP_ECHO request to the server. If it doesn't respond
-within the timeout, it is regarded to be unavailable until the next probe.
-.IP
-\(bu \fBnone\fP: The availability status is not changed, only the time stamp is updated.
-.IP
-\(bu \fBif\fP: Check whether the interface (specified in the interface= option) is
-existent, up and running. This currently works for all "ordinary"
-network interfaces, interfaces that disappear when down (e.g. ppp?),
-and additionally for Linux isdn interfaces (as of kernel 2.2). Note that
-you need a /dev/isdninfo device file (major#45, minor#255), or the
-isdn uptest will always fail.
-.IP
-\(bu \fBdev\fP and \fBdiald\fP: Perform an if uptest, and, if that
-was succesful, additionally check whether a program is running that
-has locked a given (modem-) device. The needed parameters are an interface (specified as for the if
-uptest, e.g. "ppp0") and a device relative to /dev (e.g.
-"modem" for /dev/modem specified using the device= option.
-pdnsd will then look for a pid file for the given interface in /var/lock (e.g.
-/var/run/ppp0.pid) and for a lockfile for the given device (e.g. /var/lock/LCK..modem),
-and then test whether the locking process is the process that created the pid file and this process is still
-alive. If this is the case, the normal if uptest is executed for the given interface.
-.br
-The dev option is for pppd dial-on-demand, diald is the same for diald users.
-.IP
-\(bu \fBexec\fP: Executes a given command in the /bin/sh shell
-(as /bin/sh \-c )
-and evaluates the result (the return code of the last command) in the shell's way of handling return codes,
-i.e. 0 indicates success, all other indicate failure. The shell's process name will be
-uptest_sh. The command is given with the uptest_cmd option (see below).
-For secuity issues, also see that entry.
-.IP
-\(bu \fBquery\fP: \fINew in version 1.2:\fP
-This works like the ping test, except it sends an (empty) DNS query to the remote server.
-If the server sends a well-formed response back within the timeout period (except SERVFAIL),
-it will be regarded as available.
-This test is useful if a remote server does not respond to ICMP_ECHO requests at all,
-which unfortunately is quite common these days.
-It can also happen that a remote server is online but ignores empty DNS queries.
-Then you will need the set the query_test_name option (see below).
-In many cases this test will be a more reliable indicator of availability
-than the ones mentioned before.
-
-The default value is \fBnone\fP.
-
-\fBNOTE\fP: If you use on-demand dialing, use none, if,
-dev, diald or exec,
-since ping or query will send packets
-in the specified interval and the interface will thus frequently dial!
-.TP
-.B ping_timeout=\fInumber\fP;
-Sets the timeout for the ping test in tenths of seconds
-(this unit is used for legacy reasons; actually the current implementation is
-only accurate to a second).
-.br
-The default is 600 (one minute).
-.TP
-.B ping_ip=\fIstring\fP;
-The IP address for the ping test. The default is the IP of the name server.
-.TP
-.B query_test_name=\fIstring\fP;
-\fINew in version 1.2.9:\fP
-Sets the name to be queried when using uptest=query availability test.
-If the string is the unquoted constant none,
-an empty query is used (this the default), otherwise a query of type A will be
-sent for the domain name specified here. It is not necessary for the domain name
-to exist or have a record of type A in order for the uptest to succeed.
-.br
-If the the remote server ignores empty queries, you will probably want to set
-query_test_name="." (the root domain).
-.TP
-.B uptest_cmd=\fIstring\fP,\fIstring\fP;
-or
-.PD 0
-.TP
-.PD
-.B uptest_cmd=\fIstring\fP;
-Sets the command for the uptest=exec function to the first string.
-If the second string is given, it specifies a user with whose user
-id and primary group id the command is executed.
-.br
-This is especially useful if you are executing the server as root,
-but do not want the uptest to be performed with root privileges.
-In fact, you should never execute the uptest as root if you can help
-it.
-.br
-If the server is running setuid or setgid, the privileges thus gained
-are attempted to be dropped even before changing identity to the
-specified user to prevent setuid/gid security holes (otherwise, any
-user might execute commands as root if you setuid the executable).
-.br
-\fBNote that this is not always possible, and that pdnsd should never
-be installed as setuid or setgid.\fP
-The command is executed using /bin/sh, so you should be able to use
-shell builtin commands.
-.TP
-.B interval=(\fItimespec\fP|onquery|ontimeout);
-Sets the interval for the server up-test. The default is 900 seconds;
-however, a test is forced when a query times out and the timestamp is reset then.
-.br
-If you specify onquery instead of a timeout, the interface will be
-tested before every query. This is to prevent automatically dialing
-interfaces (diald/pppd or ippp) to dial on dns queries. It is intended to be
-used in connection with an interface-testing uptest ;\-)
-.br
-Note that using uptest=exec, you might run into performance problems
-on slow machines when you use that option.
-DON'T use onquery with uptest=ping or
-uptest=query, as it may cause delays if the server does not answer
-(btw, it doesn't make sense anyway).
-Note also that using onquery is no guarantee that the interface
-will not be used. When another (reachable) dns server tells pdnsd
-to query a third dns server for data, pdnsd will do that and has
-no means of checking whether this will dial up the interface or not.
-This however should be a rare situation.
-.br
-\fINew in version 1.2.3:\fP
-A third possibility is to specify interval=ontimeout.
-In this case the server is not tested at startup/reconfiguration, nor at regular intervals,
-but only after a DNS query to a server times out. Certain types of network problems
-such as a refused connection will also cause the server to be considered unavailable.
-However, once a server is declared dead it is never considered again unless it is revived using a
-pdnsd\-ctl config or server command.
-The idea behind this option is to minimize uptests by assuming all
-servers are available until there is reason to believe otherwise.
-.TP
-.B interface=\fIstring\fP;
-The network interface (or network device, e.g. "eth0") for the uptest=if option.
-Must be specified if uptest=if is given.
-.TP
-.B device=\fIstring\fP;
-The (modem-) device that is used for the dev uptest. If you use this for a dial-on-demand
-ppp uptest (together with uptest=dev), you need to enter the device you are using for your
-pppd here, e.g. modem for /dev/modem.
-.br
-Must be specified if uptest=dev is given.
-.TP
-.B timeout=\fItimespec\fP;
-Set the timeout for the dns query. The default is 120 seconds. You probably want to set this lower.
-.br
-Timeouts specified in the configuration file are only treated as the
-minimum period of time to wait for a reply. A queries to a remote
-server are not canceled until a useful reply has been received, or all
-the other queries have timed out or failed.
-.br
-If you have also set the global timeout option, you may consider setting a fairly small value here.
-See the explanation of the timeout option in the global
-section for what that means.
-.TP
-.B purge_cache=(on|off);
-In every fetched dns record, there is a cache timeout given, which
-specifies how long the fetched data may be cached until it needs to be
-reloaded. If purge_cache is set to off, the stale records are not purged
-(unless the cache size would be exceeded, in this case the oldest records are purged).
-Instead, they are still served if they cannot succesfully be
-updated (e.g. because all servers are down).
-.br
-Default is off.
-.TP
-.B caching=(on|off);
-Specifies if caching shall be performed for this server at all. Default is
-on.
-.TP
-.B lean_query=(on|off);
-Specifies whether to use the "lean" query mode. In this mode, only the
-information actually queried from pdnsd is resolved and cached. This has
-the advantage that usually less cache space is used and the query is
-usually faster. In 90% of the cases, only address (A) records are needed
-anyway. If switched off, pdnsd will always cache all data about a host
-it can find and will specifically ask for all available records
-(well, at least it is a good approximation for what it really does ;\-)
-This will of course increase the answer packet sizes.
-.br
-Some buggy name servers may not deliver CNAME records when not asked for
-all records. I do not know if such servers are around, but if you have
-trouble resolving certain host names, try turning this option off.
-.br
-A last note: If you use multiple pdnsd's that access each other, turning
-this option on is probably a big win.
-.br
-This on by default.
-.TP
-.B edns_query=(on|off);
-\fINew in version 1.2.9:\fP
-Specifies whether to use EDNS (Extension mechanisms for DNS) for outgoing queries.
-Currently this is only useful for allowing UDP message sizes larger than 512 bytes.
-Note that setting this option on can give problems in combination with some legacy
-systems or software, including, embarrassingly enough, previous versions of pdnsd.
-.br
-The default is off, but if your network can handle UDP payloads
-significantly larger than 512 bytes, the recommended value is on.
-.br
-Note that this option only effects outgoing queries. If pdnsd receives a query using
-EDNS, it will reply using EDNS regardless of the value of this option.
-
-See also the udpbufsize option above.
-.TP
-.B scheme=\fIstring\fP;
-You can specify a pcmcia-cs scheme that is used in addition to the uptests. If you specify
-a scheme here, the server this section is for will only be queries if the given scheme
-is active. Shell wildcards (* and ?) are allowed in the string under their special
-meanings. You need to use the scheme_file option on the global
-section to make this option work.
-.TP
-.B preset=(on|off);
-This allows you to specify the initial state of a server before any uptest is performed.
-on specifies that the server is regarded available. The default is on.
-This is especially useful when you set uptest=none; and want to change
-the status of a server only via pdnsd\-ctl.
-.TP
-.B proxy_only=(on|off);
-When this option is set to on, answers given by the servers are always accepted, and no
-other servers (as, for example, specified in the NS records of the query domain) are
-queried. If you do not turn this option on, pdnsd will do such queries in some cases
-(in particular when processing ANY queries).
-.br
-This option is useful when you do not want pdnsd to make connections to outside servers
-for some reasons (e.g. when a firewall is blocking such queries).
-.br
-I recommend that you turn on lean_query when using this option.
-.br
-Default is off.
-.TP
-.B root_server=(on|off|discover);
-Set this option to on if the servers specified in a section are root servers.
-A root server will typically only give the name servers for the top-level domain in its reply.
-Setting root_server=on will cause pdnsd to try to use cached information about
-top-level domains to reduce to number of queries to root servers, making the resolving of
-new names more efficient.
-You can get a list of available root servers by running the command
-"dig\ .\ ns".
-.br
-This option is also necessary if you use the delegation_only option.
-.br
-\fINew in version 1.2.8:\fP This option may also be set to "discover".
-This will cause pdnsd to query the servers provided with the ip= option
-to obtain the full list of root servers. The root-server addresses will replace the addresses
-specified with the ip= option.
-This will only be done once on startup, or after a "pdnsd\-ctl\ config" command.
-In this case the name servers specified with the ip= option don't have to be
-root servers, they just have to know the names and addresses of the root servers.
-After root-server discovery pdnsd will behave just as if root_server=on
-had been specified.
-.br
-Default is off.
-.TP
-.B randomize_servers=(on|off);
-\fINew in version 1.2.6:\fP Set this option to on to give each name server
-in this section an equal chance of being queried. If this option is off, the name servers
-are always queried starting with the first one specified. Even with this option on, the
-query order is not truly random. Only the first server is selected randomly; the following
-ones are queried in consecutive order, wrapping around to the beginning of the list when
-the end is reached. Note that this option only effects the order within a section. The
-servers in the first (active) section are always queried before those in the second one,
-etc.
-.br
- The default is off, but if you are resolving from root servers setting this
-option on is highly recommended. If root_server=on this option also effects
-the query order of the name servers for the top-level domains.
-.TP
-.B reject=\fIstring\fP;
-\fINew in version 1.2.6:\fP This option can be used to make pdnsd reject replies that
-contain certain IP addresses. You can specify a single IP address, which will be matched
-exactly, or a range of addresses using an address/mask pair.
-The mask can be specified as a simple integer, indicating the number of initial 1 bits in
-the mask, or in the usual IP address notation. IP addresses may be either IPv4 or IPv6
-(provided there is sufficient support in the C libraries and support for AAAA records was
-not disabled).
-When addresses in the reject list are compared with those in a reply, only the bits
-corresponding to those set in the netmask are significant, the rest are ignored.
-.br
-Multiple addresses or address/mask pairs may be specified; this can be done by entering
-multiple lines of the form reject=\fIstring\fP;
-or a single line like this:
-
-reject=\fIstring\fP,\fIstring\fP,\fIstring\fP;
-
-How pdnsd reacts when an address in the reply matches one in the reject list,
-depends on the reject_policy option, see below.
-.TP
-.B reject_policy=(fail|negate);
-\fINew in version 1.2.6:\fP
-This option determines what pdnsd does when an address in the reply from a name server
-matches the reject list (see above). If this option is set to
-fail, pdnsd will try another server, or, if there no more servers to try,
-return the answer SERVFAIL. If this option is set to negate, pdnsd will
-immediately return the answer NXDOMAIN (unknown domain) without querying additional
-servers. The fail setting is useful if you don't always trust the servers in
-this section, but do trust the servers in the following section. The negate
-setting can be used to completely censor certain IP addresses. In this case you should put
-the same reject list in every server section, and also set the
-reject_recursively option (see below) to true.
-.br
-The default is fail.
-.TP
-.B reject_recursively=(on|off);
-\fINew in version 1.2.6:\fP Normally pdnsd checks for addresses in the
-reject list (see above) only when the reply comes directly from a name server
-listed in the configuration file. With this option set to on, pdnsd will
-also do this check for name servers that where obtained from NS records in the authority
-section of a previous reply (which was incomplete and non-authoritative).
-.br
-Default is off.
-.TP
-.B policy=(included|excluded|simple_only|fqdn_only);
-pdnsd supports inclusion/exclusion lists for server sections: with include=
-and exclude= (see below) you can specify domain names for which this server
-will be used or will not be used. The first match counts (i.e., the first include or
-exclude rule in a server section that matches a domain name is applied, and the
-search for other rules is terminated). If no rule matched a given domain name,
-the policy= option determines whether this server is used for the
-lookup for that domain name; when included is given, the server will
-be asked, and when excluded is given, it will not.
-If simple_only is given the server will be used if the name to lookup
-is a simple (single-label) domain name, on the other hand if fqdn_only
-is given the server will be used only for names consisting of two or more labels
-(i.e. the name has at least one dot in-between).
-.br
-If no server is available for a queried domain, pdnsd will return an error message
-to the client that usually will stop the client's attempts to resolve a specific
-domain from this server (the libc resolver will e.g. return an error to the application that
-tried to resolve the domain if no other servers are available in the resolv.conf).
-This may be of use sometimes.
-.br
-\fINote\fP: the simple_only and fqdn_only constants
-were added by Paul Rombouts.
-They are useful for controlling which name servers (if any) will be used by
-pdnsd for resolving simple (single-label) host names.
-fqdn_only used to stand for "fully qualified domain name only", but this is
-actually a misnomer. The names in queries received by pdnsd are always considered to be
-fully qualified. If you do not exactly understand what the options simple_only and
-fqdn_only are good for, you are probably better off not using them.
-.br
-The default for this option is included.
-.TP
-.B include=\fIstring\fP;
-This option adds an entry to the exclusion/inclusion list. If a domain matches
-the name given as string, the server is queried if this was the first matching rule
-(see also the entry for policy).
-.br
-If the given name starts with a dot, the whole subdomain
-of the given name including the one of that name is matched, e.g. ".foo.bar."
-will match the domain names a.foo.bar., a.b.c.foo.bar. and foo.bar.
-.br
-If it does not start in a dot, only exactly the given name (ignoring the case, of course)
-will be matched (hint: if you want to include all subdomains, but not the domain of the given
-name itself, place an exact-match exclude rule before the include rule, e.g:
-exclude="foo.bar."; include=".foo.bar.";
-.br
-Previous versions of pdnsd
-required that names given with this and the next option ended in a dot, but since
-version 1.1.8b1-par8, pdnsd automatically adds a dot at the end if it
-is missing.
-.br
-pdnsd now also accepts a more compact notation for adding several "include" entries in
-one line, e.g.:
-
-include=".foo",".bar",".my.dom";
-
-.TP
-.B exclude=\fIstring\fP;
-This option adds an entry to the exclusion/inclusion list. If a domain matches
-the name given as string, the server is not queried if this was the first matching rule
-(see also the entry for policy).
-.br
-If the given name starts with a dot, the whole subdomain
-of the given name including the one of that name is matched, e.g. ".foo.bar."
-will match the domain names a.foo.bar., a.b.c.foo.bar. and foo.bar.
-.br
-If it does not start in a dot, only exactly the given name (ignoring the case, of course)
-will be matched (hint: if you want to exclude all subdomains, but not the domain of the given
-name itself, place an exact-match include rule before the exclude rule, e.g:
-include="foo.bar."; exclude=".foo.bar.";
-.br
-pdnsd now also accepts a more compact notation for adding several "exclude" entries in
-one line, e.g.:
-
-exclude=".foo",".bar",".my.dom";
-
-
-.SS rr Section
-Every rr section specifies a dns resource record that is stored locally. It
-allows you to specify own dns records that are served by pdnsd in a limited way.
-Only A, PTR, CNAME, MX, NS and SOA records are implemented.
-.br
-This option is intended to allow you to define RRs for 1.0.0.127.in-addr.arpa.
-and localhost. (and perhaps even one or two hosts) without having to start an
-extra named if your cached name servers do not serve those records.
-It is \fBNOT\fP intended and not capable to work as a full-featured name server.
-
-.TP
-.B name=\fIstring\fP;
-Specifies the name of the resource records, i.e. the domain name of
-the resource the record describes. This option must be specified
-before any a, ptr, cname,
-mx, ns or soa records.
-Names are interpreted as absolute domain names
-(i.e. pdnsd assumes they end in the root domain).
-For this and all following arguments that take domain names, you need to
-specify domain names in dotted notation (example venera.isi.edu.).
-.br
-Previous versions of pdnsd
-required that domain names given in the configuration file ended in a
-dot, but since version 1.1.8b1-par8, pdnsd automatically assumes a
-dot at the end if it is missing.
-.br
-\fINew in version 1.2:\fP It is also possible to specify a name starting
-with the label *. Such a name is called a wildcard. The * in a wildcard
-can match one or more labels in a queried name, but only whole labels.
-Any other * characters in a wildcard, apart from the leading one,
-will only match a literal *.
-.br
-For example, *.mydomain will match a.mydomain or www.a.mydomain, but not
-mydomain. *.a*.mydomain will match www.a*.mydomain, but not www.ab.mydomain.
-*a.mydomain will only match itself.
-.br
-Before you can specify an rr section with name=*.mydomain
-you must define some records for mydomain, typically NS and/or SOA records.
-Example:
-.DS L
-
- rr {
- name = mydomain;
- ns = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
- rr {
- name = *.mydomain;
- a = 192.168.1.10;
- }
-.DE
-
-In this example, www.mydomain and ftp.mydomain will resolve to the numeric
-address 192.168.1.10 (unless you add rr sections explicitly
-specifying different addresses for www.mydomain or ftp.mydomain).
-If you want mydomain also to resolve to a numeric address,
-add an A record to the first rr section.
-.TP
-.B ttl=\fItimespec\fP;
-Specifies the ttl (time to live) for all resource records in this section after this entry.
-This may be redefined. The default is 86400 seconds (=1 day).
-.TP
-.B authrec=(on|off);
-If this is turned on, pdnsd will create authoritative local records for this rr section.
-This means that pdnsd flags the domain record so that records of this domain that are not
-present in the cache are treated as non-existent, i.e. no other servers are queried for
-that record type, and an response containing none of those records is returned. This is
-most time what people want: if you add an A record for a host, and it has no AAAA record
-(thus no IPv6 address), you normally don't want other name servers to be queried for it.
-.br
-This is on by default.
-.br
-Please note that this only has an effect if it precedes the name option!
-.TP
-.B reverse=(on|off);
-\fINew in version 1.2:\fP If you want a locally defined name to resolve to a numeric address
-and vice versa, you can achieve this by setting reverse=on before defining the A record
-(see below). The alternative is to define a separate PTR record, but you will
-probably find this option much more convenient.
-.br
-The default is off.
-.TP
-.B a=\fIstring\fP;
-Defines an A (host address) record. The argument is an IPv4 address in dotted notation.
-pdnsd will serve this address for the host name given in the name option.
-.br
-Provided there is sufficient support in the C libraries and support for AAAA records was not
-disabled, the argument string may also be an IPv6 address, in which case an AAAA record
-will be defined.
-.br
-This option be may used multiple times within an rr section, causing
-multiple addresses to be defined for the name. However, if you put the different addresses
-in different rr sections for the same name, the definition in the last
-rr section will cancel the definitions in the previous ones.
-.TP
-.B ptr=\fIstring\fP;
-Defines a PTR (domain name pointer) record. The argument is a host name in
-dotted notation (see name). The ptr record is for resolving adresses into names. For example, if
-you want the adress 127.0.0.1 to resolve into localhost, and localhost into 127.0.0.1, you need something
-like the following sections:
-.br
-.DS L
-
- rr {
- name = localhost;
- a = 127.0.0.1;
- owner = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
- rr {
- name = 1.0.0.127.in-addr.arpa;
- ptr = localhost;
- owner = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
-.DE
-
-The second section is for reverse resolving and uses the ptr option.
-Note that you can get the same effect by specifying only the first rr section
-with reverse=on.
-.br
-There is something special about the name in the second section:
-when a resolver wants to get a host name from an internet address,
-it composes an address that is built of the IP address in reverse byte order
-(1.0.0.127 instead of 127.0.0.1) where each byte of the adress written
-as number constitutes a sub-domain under the domain in-addr.arpa.
-.br
-So, if you want to compose an adress for reverse resolving, take your ip in dotted notation (e.g. 1.2.3.4),
-reverse the byte order (4.3.2.1) and append in-addr.arpa. (4.3.2.1.in-addr.arpa.)
-Then, define an rr section giving this address as name and the domain name corresponding to
-that ip in the ptr option.
-.TP
-.B cname=\fIstring\fP;
-Defines a CNAME (canonical name) record.
-The argument should be a fully-qualified host name in dotted notation (see name).
-A CNAME is the DNS equivalent of an alias or symbolic link.
-.br
-A useful application for CNAMEs is giving short, easy to remember nicknames to hosts with complicated names.
-For example, you might want the name "news" to refer to your ISP's news server "nntp2.myisp.com".
-Instead of adding an A record for "news" with the same address as "nntp2.myisp.com", you could
-put in a CNAME pointing to "nntp2.myisp.com", so that if the IP address of the news server changes,
-there is no need to update the record for "news".
-.br
-To implement this with pdnsd, you could add the following section to your configuration file:
-.br
-.DS L
-
- rr {
- name = news;
- cname = nntp2.myisp.com;
- owner = localhost;
- }
-.DE
-
-.TP
-.B mx=\fIstring\fP,\fInumber\fP;
-Defines an MX (mail exchange) record. The string is the host name of the mail server in dotted notation (see name).
-The number specifies the preference level.
-.br
-When you send mail to someone, your mail typically goes from your E-mail client to an SMTP server.
-The SMTP server then checks for the MX record of the domain in the E-mail address.
-For example, with joe@example.com, it would look for the MX record for example.com and find
-that the name of mail server for that domain is, say, mail.example.com.
-The SMTP server then gets the A record for mail.example.com, and connects to the mail server.
-.br
-If there are multiple MX records, the SMTP server will pick one based on the preference level
-(starting with the lowest preference number, working its way up).
-.br
-Don't define MX records with pdnsd unless you know what you're doing.
-.TP
-.B owner=\fIstring\fP;
-or
-.PD 0
-.TP
-.PD
-.B ns=\fIstring\fP;
-Defines an NS (name server) record. Specifies the name of the host which should be authoritative for the records
-you defined in the rr section. This is typically the host pdnsd runs on.
-.br
-\fINote:\fP In previous versions of pdnsd this option had to be specified before
-any a, ptr, cname, mx or soa entries.
-In version 1.2, the restrictions on this option are same as the options just mentioned,
-and it must listed after the name= option.
-This can be a pain if you want to use an old config file which specifies owner=
-before name= (sorry about that).
-Apart from greater consistency, the advantage is that you can now specify as many NS records as you like (including zero).
-.TP
-.B soa=\fIstring\fP,\fIstring\fP,\fInumber\fP,\fItimespec\fP,\fItimespec\fP,\fItimespec\fP,\fItimespec\fP;
-This defines a soa (start of authority) record. The first string is the
-domain name of the server and should be equal to the name you specified as
-owner.
-.br
-The second string specifies the email address of the maintainer of the name
-server. It is also specified as a domain name, so you will have to replace the
-@ sign in the name with a dot (.) to get the name you have to specify here.
-The next parameter (the first number) is the serial number of the record. You
-should increment this number if you change the record.
-.br
-The 4th parameter is the refresh timeout. It specifies after what amount
-of time a caching server should attempt to refresh the cached record.
-.br
-The 5th parameter specifies a time after which a caching server should attempt
-to refresh the record after a refresh failure.
-.br
-The 6th parameter defines the timeout after which a cached record expires if it
-has not been refreshed.
-.br
-The 7th parameter is the ttl that is specified in every rr and should be the
-same as given with the ttl option (if you do not specify a ttl, use the default 86400).
-.TP
-.B txt=\fIstring\fP,...,\fIstring\fP;
-\fINew in version 1.2.9:\fP
-Defines an TXT record. You can specify one or more strings here.
-
-.SS neg Section
-Every neg section specifies a dns resource record or a dns domain that should be
-cached negatively locally. Queries for negatively cached records are always answered
-immediatley with an error or an empty answer without querying other hosts as long
-as the record is valid. The records defined with neg sections remain
-valid until they are explicitely invalidated or deleted by the user using
-pdnsd\-ctl.
-.br
-This is useful if a certain application asks periodically for nonexisting hosts or
-RR types and you do not want a query to go out every time the cached record has
-timed out. Example: Netscape Communicator will ask for the servers news and mail
-on startup if unconfigured. If you do not have a dns search list for your network,
-you can inhibit outgoing queries for these by specifying
-.br
-.DS L
-
- neg {
- name = news;
- types = domain;
- }
- neg {
- name = mail;
- types = domain;
- }
-.DE
-
-in your config file. If you have a search list, you have to repeat that for any
-entry in your search list in addition to the entries given above!
-.br
-In versions 1.1.11 and later, if you negate whole domains this way, all subdomains
-will be negated as well. Thus if you specify
-.br
-neg {name=example.com; types=domain;} in the
-config file, this will also negate www.example.com, xxx.adserver.example.com, etc.
-
-.TP
-.B name=\fIstring\fP;
-Specifies the name of the domain for which negative cache entries are created.
-This option must be specified before the types option.
-Names are interpreted as absolute domain names (i.e. pdnsd
-assumes they end in the root domain).
-You need to specify domain names in dotted notation (example venera.isi.edu.).
-.br
-Previous versions of pdnsd
-required that domain names given in the configuration file ended in a
-dot, but since version 1.1.8b1-par8, pdnsd automatically assumes a
-dot at the end if it is missing.
-.TP
-.B ttl=\fItimespec\fP;
-Specifies the ttl (time to live) for all resource records in this section after this entry.
-This may be redefined. The default is 86400 seconds (=1 day).
-.TP
-.B types=(domain|\fIrr_type\fP[,\fIrr_type\fP[,\fIrr_type\fP[,...]]]);
-Specifies what is to be cached negatively: domain will cache the whole
-domain negatively; alternatively, you can specify a comma-separated list of RR types
-which are to be cached negatively. You may specify multiple types options, but
-domain and the RR types are mutually exclusive.
-.br
-The RR types are specified using their official names from the RFC's in capitals,
-e.g. A, CNAME, NS, PTR, MX,
-AAAA, ...
-.br
-The command pdnsd\-ctl\ list\-rrtypes will give you a complete list
-of those types. pdnsd\-ctl is built along with pdnsd
-and will be installed in the same directory as the pdnsd binary during make install.
-
-.SS source Section
-Every source section allows you to let pdnsd read the records from a file in an
-/etc/hosts-like format. pdnsd will generate records to resolve the entries
-address from its host name and vice versa for every entry in the file. This is
-normally easier than defining an rr for every of your addresses, since localhost
-and your other FQDNs are normally given in /etc/hosts.
-.br
-The accepted format is as follows: The #\-sign initiates a comment, the rest of
-the line from the first occurence of this character on is ignored. Empty lines
-are tolerated.
-.br
-The first entry on a line (predeceded by an arbitrary number of tabs and spaces)
-is the IP in dotted notation, the second entry on one line (separated by the
-first by an arbitrary number of tabs and spaces) is the FQDN (fully qualified
-domain name) for that ip. The rest of the line is ignored by default (in the original
-/etc/hosts, it may contain information not needed by pdnsd).
-
-.TP
-.B owner=\fIstring\fP;
-Specifies the name of the host pdnsd runs on and that are specified in dns
-answers (specifically, nameserver records).
-Must be specified before any file entries.
-.br
-Names are interpreted as absolute domain names (i.e. pdnsd
-assumes they end in the root domain).
-You need to specify domain names in dotted notation (example venera.isi.edu.).
-.br
-Previous versions of pdnsd
-required that domain names given in the configuration file ended in a
-dot, but since version 1.1.8b1-par8, pdnsd automatically assumes a
-dot at the end if it is missing.
-.TP
-.B ttl=\fItimespec\fP;
-Specifies the ttl (time to live) for all resource records in this section after
-this entry. This may be redefined. The default is 86400 seconds (=1 day).
-.TP
-.B file=\fIstring\fP;
-The string specifies a file name. For every file entry in a source section,
-pdnsd will try to load the given file as described above. Failure is indicated
-only when the file cannot be opened, malformed entries will be ignored.
-.TP
-.B serve_aliases=(on|off);
-If this is turned on pdnsd will serve the aliases given in a hosts-style file.
-These are the third entry in a line of a hosts-style file, which usually give a "short name" for the host.
-This may be used to support broken clients without a proper domain-search option.
-If no aliases are given in a line of the file, pdnsd behaves as without this option for this line.
-.br
-This feature was suggested by Bert Frederiks.
-.br
-It is off by default.
-.TP
-.B authrec=(on|off);
-If this is turned on, pdnsd will create authoritative local records with the data from the hosts file.
-Please see the description of the option of the same name in the rr section for a closer description of
-what this means. Please note that this only has an effect for files sourced with file options
-subsequent to this option.
-.br
-This is on by default.
-
-.SS include Section
-A configuration file may include other configuration files.
-However, only the top-level configuration file may contain global
-and server sections,
-thus include files are effectively limited to sections that add local definitions to the cache.
-.br
-Include sections currently only have one type of option, which may be given multiple times within a single section.
-
-.TP
-.B file=\fIstring\fP;
-The string specifies a file name. For every file option in an include section,
-pdnsd will parse the given file as described above. The file may contain include sections itself,
-but as a precaution pdnsd checks that a certain maximum depth is not exceeded to guard against
-the possibility of infinite recursion.
-
-.SH "VERSION"
-.PP
-This man page is correct for version @fullversion@ of pdnsd.
-.SH "SEE ALSO"
-.PP
-.BR pdnsd (8),
-.BR pdnsd\-ctl (8)
-.PP
-More documentation is available in the \fBdoc/\fP subdirectory of the source,
-or in \fB/usr/share/doc/pdnsd/\fP if you are using a binary package.
-
-.SH AUTHORS
-
-\fBpdnsd\fP was originally written by Thomas Moestl
-.UR
-
-.UE
-and was extensively revised by Paul A. Rombouts
-.UR
-
-.UE
-(for versions 1.1.8b1\-par and later).
-.PP
-Several others have contributed to \fBpdnsd\fP; see files in the source or
-\fB/usr/share/doc/pdnsd/\fP directory.
-.PP
-This man page was automatically generated from the html documentation for \fBpdnsd\fP,
-using a customized Perl script written by Paul A. Rombouts.
-.PP
-Last revised: 19 April 2012 by Paul A. Rombouts
diff --git a/jni/pdnsd/doc/pdnsd.conf.in b/jni/pdnsd/doc/pdnsd.conf.in
deleted file mode 100644
index e348eb02..00000000
--- a/jni/pdnsd/doc/pdnsd.conf.in
+++ /dev/null
@@ -1,143 +0,0 @@
-// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
-// Read the pdnsd.conf(5) manpage for an explanation of the options.
-// Add or remove '#' in front of options you want to disable or enable, respectively.
-// Remove '/*' and '*/' to enable complete sections.
-
-global {
- perm_cache=1024;
- cache_dir="@cachedir@";
-# pid_file = /var/run/pdnsd.pid;
- run_as="@def_id@";
- server_ip = 127.0.0.1; # Use eth0 here if you want to allow other
- # machines on your network to query pdnsd.
- status_ctl = on;
-# paranoid=on; # This option reduces the chance of cache poisoning
- # but may make pdnsd less efficient, unfortunately.
- query_method=udp_tcp;
- min_ttl=15m; # Retain cached entries at least 15 minutes.
- max_ttl=1w; # One week.
- timeout=10; # Global timeout option (10 seconds).
- neg_domain_pol=on;
- udpbufsize=1024; # Upper limit on the size of UDP messages.
-}
-
-# The following section is most appropriate if you have a fixed connection to
-# the Internet and an ISP which provides good DNS servers.
-server {
- label= "myisp";
- ip = 192.168.0.1; # Put your ISP's DNS-server address(es) here.
-# proxy_only=on; # Do not query any name servers beside your ISP's.
- # This may be necessary if you are behind some
- # kind of firewall and cannot receive replies
- # from outside name servers.
- timeout=4; # Server timeout; this may be much shorter
- # that the global timeout option.
- uptest=if; # Test if the network interface is active.
- interface=eth0; # The name of the interface to check.
- interval=10m; # Check every 10 minutes.
- purge_cache=off; # Keep stale cache entries in case the ISP's
- # DNS servers go offline.
- edns_query=yes; # Use EDNS for outgoing queries to allow UDP messages
- # larger than 512 bytes. May cause trouble with some
- # legacy systems.
-# exclude=.thepiratebay.org, # If your ISP censors certain names, you may
-# .thepiratebay.se, # want to exclude them here, and provide an
-# .piratebay.org, # alternative server section below that will
-# .piratebay.se; # successfully resolve the names.
-}
-
-/*
-# The following section is more appropriate for dial-up connections.
-# Read about how to use pdnsd-ctl for dynamic configuration in the documentation.
-server {
- label= "dialup";
- file = "/etc/ppp/resolv.conf"; # Preferably do not use /etc/resolv.conf
- proxy_only=on;
- timeout=4;
- uptest=if;
- interface = ppp0;
- interval=10; # Check the interface every 10 seconds.
- purge_cache=off;
- preset=off;
-}
-*/
-
-/*
-# The servers provided by OpenDNS are fast, but they do not reply with
-# NXDOMAIN for non-existant domains, instead they supply you with an
-# address of one of their search engines. They also lie about the addresses of
-# of the search engines of google, microsoft and yahoo.
-# If you do not like this behaviour the "reject" option may be useful.
-server {
- label = "opendns";
- ip = 208.67.222.222, 208.67.220.220;
- reject = 208.69.32.0/24, # You may need to add additional address ranges
- 208.69.34.0/24, # here if the addresses of their search engines
- 208.67.219.0/24; # change.
- reject_policy = fail; # If you do not provide any alternative server
- # sections, like the following root-server
- # example, "negate" may be more appropriate here.
- timeout = 4;
- uptest = ping; # Test availability using ICMP echo requests.
- ping_timeout = 100; # ping test will time out after 10 seconds.
- interval = 15m; # Test every 15 minutes.
- preset = off;
-}
-*/
-
-/*
-# This section is meant for resolving from root servers.
-server {
- label = "root-servers";
- root_server = discover; # Query the name servers listed below
- # to obtain a full list of root servers.
- randomize_servers = on; # Give every root server an equal chance
- # of being queried.
- ip = 198.41.0.4, # This list will be expanded to the full
- 192.228.79.201; # list on start up.
- timeout = 5;
- uptest = query; # Test availability using empty DNS queries.
-# query_test_name = .; # To be used if remote servers ignore empty queries.
- interval = 30m; # Test every half hour.
- ping_timeout = 300; # Test should time out after 30 seconds.
- purge_cache = off;
-# edns_query = yes; # Use EDNS for outgoing queries to allow UDP messages
- # larger than 512 bytes. May cause trouble with some
- # legacy systems.
- exclude = .localdomain;
- policy = included;
- preset = off;
-}
-*/
-
-source {
- owner=localhost;
-# serve_aliases=on;
- file="/etc/hosts";
-}
-
-/*
-include {file="/etc/pdnsd.include";} # Read additional definitions from /etc/pdnsd.include.
-*/
-
-rr {
- name=localhost;
- reverse=on;
- a=127.0.0.1;
- owner=localhost;
- soa=localhost,root.localhost,42,86400,900,86400,86400;
-}
-
-/*
-neg {
- name=doubleclick.net;
- types=domain; # This will also block xxx.doubleclick.net, etc.
-}
-*/
-
-/*
-neg {
- name=bad.server.com; # Badly behaved server you don't want to connect to.
- types=A,AAAA;
-}
-*/
diff --git a/jni/pdnsd/doc/txt/doc_makefile b/jni/pdnsd/doc/txt/doc_makefile
deleted file mode 100644
index 57aa7c11..00000000
--- a/jni/pdnsd/doc/txt/doc_makefile
+++ /dev/null
@@ -1,21 +0,0 @@
-# Makefile for converting pdnsd html documentation to text files.
-# This file was based on a Makefile originally written by Thomas Moestl
-# and adapted by Paul Rombouts.
-
-
-HTML2TXT=w3m -dump -cols 80 -T text/html
-
-doc: intro.txt manual.txt faq.txt
-.PHONY: doc clean
-
-intro.txt: ../html/index.html
- sed -e 's///-->/g' ../html/index.html | $(HTML2TXT) | sed -e 's/[[:blank:]]\+$$//' > intro.txt
-
-manual.txt: ../html/doc.html
- sed -e 's///-->/g' ../html/doc.html | $(HTML2TXT) | sed -e 's/[[:blank:]]\+$$//' > manual.txt
-
-faq.txt: ../html/faq.html
- sed -e 's///-->/g' ../html/faq.html | $(HTML2TXT) | sed -e 's/[[:blank:]]\+$$//' > faq.txt
-
-clean:
- @rm -fv intro.txt manual.txt faq.txt
diff --git a/jni/pdnsd/doc/txt/faq.txt b/jni/pdnsd/doc/txt/faq.txt
deleted file mode 100644
index 02631610..00000000
--- a/jni/pdnsd/doc/txt/faq.txt
+++ /dev/null
@@ -1,227 +0,0 @@
-The pdnsd FAQ
-
-Q: There are complete and well-tested name servers around, such as the BIND.
- These do also perform caching. Why should I use pdnsd?
-
- pdnsd does not aim to be a complete name server implementation, such as the
- BIND. It is optimized for caching, and you can only specify a small subset
- of all dns record types pdnsd knows in your local "zone" definitions. This
- of course reduces the code size drastically, and such the memory footprint.
- There are some features especially interesting for dialin networks,
- ordinary (non-server) internet hosts and computers that are often not
- connected to to their network, e.g. notebooks (I originally wrote this
- program for use with my notebook). These features are:
-A:
- * permanent disk cache (useful for frequent power-offs/reboots)
- * usually smaller memory footprint (depends on cache size) (see next
- question)
- * offline-detection prevents hangs (e.g. the typical hang on startup of
- some Netscape Navigator versions if not dialled in)
- * better control about timeouts (also to prevent hangs)
- * better control over the cache
- * better run-time control
-
--------------------------------------------------------------------------------
-
- When I look at the process size with ps, top, gtop, or a similar tool, I
-Q: see some processes with a total size well above 3.5 MB. This is much more
- than e.g. BIND named (about 1.4 MB). Why?
-
- Really, it is not. pdnsd uses multithreading, not multiprocessing. That
- means that the processes share most of their process space. In the
- LinuxThreads library or NPTL (Native Posix Thread Libary), which are used
- by pdnsd on Linux, in fact the total process address space is shared
-A: (although the processes have different stacks, these are in one process
- address space). You may check this by looking at the at the process sizes
- of the pdnsd threads: all should be the same. The effective size that pdnsd
- occupies is thus the size of any of the processes, not the sum of those.
- So, pdnsd with empty cache occupies about 800 kB, and the maximum size
- should be about the cache size plus this size (in fact, ca 5-10% more).
-
--------------------------------------------------------------------------------
-
-Q: What do I need the status control (option -s) for?
-
- It enables you to do some things you might or might not need. With it, you
- can:
-
- * query pdnsd's settings at runtime to debug configuration files and see
- which servers are regarded to be available
-A: * mark servers as available or unavailable, or force a status retest -
- very handy if you want to control which servers pdnsd queries, e.g for
- muliple dial-up accounts
- * delete, invalidate or add DNS records - useful e.g. when you want to
- build records for dynamically assigned IP addresses or domain names
- * reload pdnsd's configuration file without restarting pdnsd
- * print information about the contents of pdnsd's cache.
-
--------------------------------------------------------------------------------
-
-Q: What do I need local records (rr- and source-sections in the config file)
- for?
-
- Some resolver programs, e.g. nslookup, want to look up the name of the
- server they are using before doing anything else. This option is for
- defining a PTR record for your IP such that those programs get an answer
- even if the name server you are caching is not available or does not offer
- these records. By extension, you may also define A and SOA records. This
- allows you to build very small zones without having to use a "big" name
- server. It is NOT intended to replace such a complete server in anything
- but VERY small networks. Alternatively, you may start a named on another
- host or on the same host on another port and cache it with pdnsd in
- addition to other (more distant) name servers.
-A: The source section allows you to let pdnsd read in your /etc/hosts file on
- startup and serve its contents. This file is used by your local resolver
- before it even tries the name servers and usually contains fully-qualified
- domain names (FQDNs) for all of the internet addresses your host has. If
- you source this file, you usually won't need any additional rr sections.
- Sourcing it also allows other hosts (eg. in your local network) to access
- the names defined in your hosts file. You can of course just add other
- hosts in your local network to the servers hosts file, thus making them
- known to your server's resolver and pdnsd (if you sourced that file).
- If you don't know what this answer was all about, you should just take the
- source section in the sample config file that comes with pdnsd, copy it
- into your config file and forget about it.
-
--------------------------------------------------------------------------------
-
- When compiling, I get an error message like
-Q: Please define __BYTE_ORDER to be __LITTLE_ENDIAN or __BIG_ENDIAN
- What's up?
-
- Normally, this macros should be defined in your C library's header files.
- There are two different methods, most C libraries support both (and pdnsd
- honors both): either __BYTE_ORDER is set to __LITTLE_ENDIAN or
- __BIG_ENDIAN, or __LITTLE_ENDIAN or __BIG_ENDIAN are directly defined as
- macros.
- Linux glibc, for example, does set those macros correctly. Never mind. You
- just have to know whether your machine is little-endian or big-endian, this
- means wheter your machine saves the least significant byte of a word or
- double-word first in memory (little-endian) or the most significant first
-A: (big-endian). All intel x86 and Alpha machines are little-endian, for
- example, while SPARC and PowerPC architectures are big-endian. If your
- machine is little-endian, add the following line to your config.h:
- #define __BYTE_ORDER __LITTLE_ENDIAN
- Likewise, if your machines byte order is big-endian:
- #define __BYTE_ORDER __BIG_ENDIAN
- Pathological byte orders like pdp-endian are not yet supported really;
- However, for the place the endianess is needed, __LITTLE_ENDIAN should do
- (it deals only with 16 bits; for all other occurances, ntoh[sl]/hton[sl] is
- used).
-
--------------------------------------------------------------------------------
-
- At startup, I get a warning saying:
-Q: Uptest command [...] will implicitly be executed as root
- What does that mean?
-
- This warning only occurs if you use the uptest=exec option in your
- configuration. It means that the uptest command is run as root because
- pdnsd is running as root, and this was not explicitely specified. The idea
- is that it may introduce security holes (in the programs being run) when
-A: they run as root, and so they shouldn't do that if possible. You can
- specify the user that shall run the command by appending its name
- comma-separated as string to the uptest_cmd line:
- uptest_cmd="","";
- If it is correctly running as root, just append the user string "root" to
- the command and the warning will not occur again.
-
--------------------------------------------------------------------------------
-
-Q: I cannot run my uptest_cmd command as root (it says permission denied),
- although the pdnsd executable is setuid root. Why?
-
- pdnsd will drop privileges gained through setuid/setgid before executing
- the uptest commands (you shouldn't set the pdnsd executable setuid/setgid
-A: anyway). The reason is clear: if you install the pdnsd executable as setuid
- root and this wouln't be done, any user could execute shellcode with root
- privileges using that option!
-
--------------------------------------------------------------------------------
-
- At startup, I get an error saying:
-Q: Bad config file permissions: the file must be only writeable by the user
- Why is that?
-
- pdnsd has an option (uptest=exec) that allows the execution of arbitrary
- shell code (for testing whether an interface is up). This must be of course
- secured against unauthorized use. One of these protection is the one that
- produces the error message: if you routinely run pdnsd, e.g. at system
- startup, and your config file is editable for others, someone could change
-A: it and insert shell code that is executed in the next pdnsd run -- with
- your user privileges! To prevent this, pdnsd will exit if the config file
- is writeable by others than the owner. To get rid of this message, just do
- chmod go-w
- on your config file (for the default file: chmod go-w /etc/pdnsd.conf). You
- should also check that the ownership is set correct.
-
--------------------------------------------------------------------------------
-
-Q: serve_aliases does not seem to work.
-
- Some resolvers (e.g. of the glibc 2.1) seem sometimes not to look up
- unmodified names, but the names with an entry of the search path already
-A: appended. Since pdnsd will serve short names with this option anyway, you
- can delete the search an domain options from your /etc/resolv.conf. This is
- reported to work in some cases.
-
--------------------------------------------------------------------------------
-
-Q: Some queries for domains that have many records (e.g. www.gmx.de) fail
- mysteriously.
-
- pdnsd versions prior to 1.1.0 had the tcp server thread disabled by
- default. Most resolvers repeat their query using tcp when they receive a
-A: truncated answer (the answer is truncated when it exceeds a length of 512
- bytes). You need to recompile pdnsd with the option --enable-tcp-server to
- fix this.
-
--------------------------------------------------------------------------------
-
- I am behind some kind of firewall. In the configuration file I have only
-Q: listed addresses of name servers on the local (ISP's) network, but pdnsd is
- slow and DNS queries frequently time out.
-
- In some cases pdnsd will not consider the answer of the local name server
- authoritative enough, and will try to get answers from the name servers
- listed in the authority section of the reply message. If pdnsd is behind a
- firewall that blocks the UDP reply packets from remote name servers, pdnsd
- will wait in vain for a reply. One solution is to set proxy_only=on in the
-A: servers sections of the configuration file. This will prevent pdnsd from
- querying name servers that are not listed in the configuration file.
- Another solution that can be tried is specifying query_method=tcp_only in
- the global section of the configuration file, because a firewall that
- blocks UDP packets from outside might still allow outgoing TCP connections
- to port 53.
-
--------------------------------------------------------------------------------
-
-Q: Is pdnsd vulnerable to DNS cache poisoning as described in CERT
- vulnerability note VU#800113?
-
- Short answer: Yes.
- Somewhat longer answer: The problem is not so much that pdnsd's
- implementation is flawed but rather that the DNS protocol currently being
- used is fundamentally flawed from a security viewpoint. As long as a more
- secure protocol is not in place, all that the developers of pdnsd can do is
- to try to tweak the current implementation to make it as difficult as
- possible for an attacker to succeed.
- From version 1.2.7 onwards, the default for the query_port_start option is
-A: 1024, which means that the pdnsd resolver will randomly select source ports
- in the range 1024-65535. (In previous versions the default was to let the
- kernel select the source ports, which will often result in a more or less
- predictable sequence of ports.) It also helps to use a good quality source
- of random numbers. On platforms where this is supported, it is preferable
- to configure with --with-random-device=/dev/urandom. There is still more
- that can be done to make pdnsd less vulnerable, but this remains (as of
- this writing) a work in progress.
- Please note that pdnsd was designed for small (private) networks, and that
- it is generally not recommended to let untrusted users access pdnsd.
-
--------------------------------------------------------------------------------
-
-Thomas Moestl and Paul Rombouts
-
-
-Last revised: 18 August 2008 by Paul Rombouts
-
diff --git a/jni/pdnsd/doc/txt/intro.txt b/jni/pdnsd/doc/txt/intro.txt
deleted file mode 100644
index db1c89e3..00000000
--- a/jni/pdnsd/doc/txt/intro.txt
+++ /dev/null
@@ -1,305 +0,0 @@
--------------------------------------------------------------------------------
-
-About pdnsd
-
-pdnsd is a proxy DNS server with permanent caching (the cache contents are
-written to hard disk on exit) that is designed to cope with unreachable or down
-DNS servers (for example in dial-in networking).
-Since version 1.1.0, pdnsd supports negative caching.
-
-It is licensed under the GNU General Public License (GPL). This, in short,
-means that the sources are distributed togehter with the program, and that you
-are free to modify the sources and redistribute them as long as you also
-license them under the GPL. You do not need to pay anything for pdnsd. It also
-means that there is ABSOLUTELY NO WARRANTY for pdnsd or any part of it. For
-details, please read the GPL.
-
-pdnsd can be used with applications that do DNS lookups, e.g. on startup, and
-can't be configured to change that behaviour, to prevent the often minute-long
-hangs (or even crashes) that result from stalled DNS queries. Some Netscape
-Navigator versions for Unix, for example, expose this behaviour.
-
-pdnsd is configurable via a file and supports run-time configuration using the
-program pdnsd-ctl that comes with pdnsd. This allows you to set the status
-flags of servers that pdnsd knows (to influence which servers pdnsd will
-query), and the addition, deletion and invalidation of DNS records in pdnsd's
-cache.
-Parallel name server queries are supported. This is a technique that allows
-querying several servers at the same time so that very slow or unavailable
-servers will not block the answer for one timeout interval.
-Since version 1.0.0, pdnsd has full IPv6 support.
-
-There is also a limited support for local zone records, intended for defining
-1.0.0.127.in-addr.arpa. and localhost. , since some clients request that
-information and it must be served even if the cached servers are not available
-or do not serve these records. pdnsd may also read your /etc/hosts file (this
-file is normally used by your local resolver and usually contains information
-for localhost as well as for your machines FQDN) and serve its contents.
-
-pdnsd was started on Linux, and has since been ported to FreeBSD (and Cygwin
-and Darwin). 90% of the source code should be easily portable to POSIX- and
-BSD-compatible systems, provided that those systems support the POSIX threads
-(pthreads). The rest might need OS-specific rewrites.
-
-Currently, pdnsd is only compileable by gcc. This should be easy to fix, but I
-just do not have documentation for other compilers. If you are not able or do
-not want to use gcc, I would recommend you just try to do the minor changes.
-
-pdnsd must be started as root in some cases (raw sockets are needed for icmp
-echoes for the option uptest=ping, and the default port is 53, this must be >
-1024 to allow non-root execution). However, pdnsd can be configured to change
-it's user and group id to those of a non-privileged user after opening the
-sockets needed for this.
-
-The server should support the full standard DNS queries following the rfcs 1034
-and 1035. As of version 1.0.0, the rfc compliance has been improved again, and
-pdnsd is now believed (or hoped?) to be fully rfc-compatible. It completely
-follows rfc 2181 (except for one minor issue in the FreeBSD port, see the
-documentation). It does not support the following features, of which most are
-marked optional, experimental or obsolete in these rfcs:
-
- * Inverse queries
- * Status queries
- * Completion queries
- * Namespaces other than IN (Internet)
- * AXFR and IXFR queries (whole zone transfers); since pdnsd does not maintain
- zones, that should not violate the standard
-
-The following record types, that are extensions to the original DNS standard,
-are supported for caching since version 1.2.9 (if you do not need most of them,
-you can disable runtime support for the unneeded ones before compiling pdnsd
-and save a little cache and executable space, see the source file src/
-rr_types.in):
-
- * RP (responsible person, RFC 1183)
- * AFSDB (AFS database location, RFC 1183)
- * X25 (X25 address, RFC 1183)
- * ISDN (ISDN number/address, RFC 1183)
- * RT (route through, RFC 1183)
- * NSAP (Network Service Access Protocol address , RFC 1348)
- * PX (X.400/RFC822 mapping information, RFC 1995)
- * GPOS (geographic position, deprecated)
- * AAAA (IPv6 address, RFC 1886)
- * LOC (location, RFC 1876)
- * EID (Nimrod EID)
- * NIMLOC (Nimrod locator)
- * SRV (service record, RFC 2782)
- * ATMA (ATM address)
- * NAPTR (URI mapping, RFC 2168)
- * KX (key exchange, RFC 2230)
- * CERT (Certificate record, RFC 4398)
- * DS (Delegation Signer, RFC 4034)
- * RRSIG (Resource Record Signature, RFC 4034)
- * NSEC (Next Secure, RFC 4034)
- * DNSKEY (record containing the public key for a zone, RFC 4034)
- * NSEC3 (Next Secure version 3, RFC 5155)
- * NSEC3PARAM (NSEC3 parameters, RFC 5155)
-
-Note: This list is incomplete. For the complete list see the source file src/
-rr_types.in.
-
-There are FreeBSD and OpenBSD ports available for pdnsd (ports/net/pdnsd for
-both). Thanks go to Roman Shterenzon for the FreeBSD port Sebastian Stark for
-the OpenBSD one! Thanks to Kiyo Kelvin Lee now also runs on the Cygwin
-platform! Thanks goes to Rodney Brown for extending portability to the Darwin
-(Apple Mac OS X) platform!
-
-If you have questions left, you should take a look into the FAQ.
-Bugfixes, patches and compatability fixes for other OSs are very welcome!
-
-Features in detail
-
-This section describes some of pdnsds features in detail. Most of the options
-are set in the config file. For more information on the configuration file, see
-the documenation page.
-
-
-Uptests
-
-pdnsd provides several methods to test whether a remote DNS server should be
-regarded as available (so that pdnsd can query it), in addition to the obvious
-"none" test (the server is always regarded as available, or availability is set
-on or off using the pdnsd-ctl utility). These tests are:
-
- * ping: a given adress is ping'ed in a given interval. If it there is no
- response or the host is unreachable, the server is seen to be not available
- (for those who don't know: pinging is sending a certain Internet packet
- type to a host to which any standard-conformant host is required to reply).
- * if: a given network interface is tested whether it is existent, up and
- running. If it is not, the server is regarded to be not available. This is
- especially useful for ppp and similar interfaces. A special case test for
- Linux isdn (ippp*) interfaces is integrated, so that the uptests should
- also work for these.
- * dev: this is a variant of the if uptest for use with Linux dial-on-demand
- ppp interfaces. In addition to performing an if-style interface uptest, it
- also tests whether a specified program (e.g. pppd) owns a lock to a given
- (modem-) device.
- * exec: a given shell command line is executed and the exit status of the
- whole command line (which is normally the exit status of the last command)
- is evaluated. If it is not zero, the server is regarded to be not
- available. This is a very flexible testing method with which it should be
- able to perform virtually any needed test.
- * query: New in version 1.2: This works like the ping test, except it sends
- an (empty) DNS query to the remote server. If the server sends a
- well-formed response back within the timeout period (except SERVFAIL), it
- will be regarded as available. This test is useful if a remote server does
- not respond to ICMP_ECHO requests at all, which unfortunately is quite
- common these days. In many cases this test will be a more reliable
- indicator of availability than the ones mentioned above.
-
-
-Local Records ("Zones")
-
-As mentioned above, there are only very basic local record types (ie the record
-types that you may use in record declarations in your local configuration for
-records that pdnsd shall serve in addion to the cached ones). They are
-organized roughly in zones but have not complete zone declarations, so I
-generally do not use the term "zone" for them, but rather "local records".
-These are the local record types pdnsd can understand:
-
- * SOA (information about the name server)
- * A (domain-name-to-address mapping)
- * PTR (pointer, used normally for address-to-domain-name mapping)
- * NS (name server, generated automatically by pdnsd for any local record set)
- * CNAME (canonical host name)
- * MX (mail exchange for the domain)
- * TXT (arbitrary text strings, often used for Sender Policy Framework)
-
-You can specify these records in the configuration file.
-You may "source" a file in a format like that used in the /etc/hosts file, that
-means that pdnsd reads this file, extracts addresses and domain names from it
-and automatically generates A records for name to address mapping, PTR records
-for address to name mapping and NS records (name server specifiation) for each
-entry in the file.
-Records can also be changed dynamically at run time.
-A script contributed by Marko Stolle makes pdnsd usable in a DHCP setup using
-this feature.
-
-System requirements
-
-As mentioned, pdnsd currently runs under Linux, FreeBSD and Cygwin. Other BSD
-flavours may or may not work (feedback is very welcome!). The system and
-software requirements under Linux are:
-
- * Kernel version >2.2.0
- * glibc version >2.0.1 (aka libc6) with LinuxThreads (normally included) or
- NPTL (Native Posix Thread Library, recommended).
- Due to a bug, pdnsd 0.9.8 does not run with glibc2.1.1. This behaviour was
- fixed in pdnsd 0.9.9.
- * For IPv6: glibc>=2.1
-
-The system requirements under FreeBSD are:
-
- * FreeBSD versions >=2.6 (prior ones may or may not work)
- * For IPv6: FreeBSD >=4.0 is recommended (no idea if it runs on prior
- versions)
-
-The common software requirements for all supported systems are:
-
- * GCC, preferably egcs-2.* or 3.* (other compilers are currently not
- supported; the needed patch for another compiler should not be difficult,
- however)
- * GNU or BSD make
- * the standard commands install, grep, sed, awk, touch and which (along with
- the REALLY standard ones mv, cp, ln, rm, pwd, test, echo, cat, mkdir,
- chown, chmod, tar). In any standard Unix installation, this should be no
- problem.
- * for hacking and building own packages, you might also need gzip, bzip2,
- perl and rpmbuild
-
-
-Download
-
-If you want to download pdnsd, please visit the download page.
-
-Authors
-
-pdnsd was originally written by Thomas Moestl, but is no longer maintained by
-him. Paul A. Rombouts has revised large portions of the code and has added a
-number of new features. See README.par and the ChangeLog in the source
-directory (or /usr/share/doc/pdnsd- if you have installed a binary
-package) for more details. If you have questions about the recent
-modifications, you can find the email address of the current maintainer at the
-end of README.par.
-
-Daniel Smolik has contributed RedHat RPMs (the most recent RPMs are available
-here).
-Torben Janssen contributed start scripts for Red Hat Linux.
-Soenke J. Peters contributed patches and suggestions for Red Hat compatability.
-Wolfgang Ocker has contributed the code and documentation for the server_ip
-option.
-Markus Mohr contributed a Debian rc script.
-Nikita V. Youschenko contributed extensions to the "if" uptest.
-Lyonel Vincent extended the serve_aliases option to support an arbitrary number
-of aliases.
-Sourav K. Mandal wrote the autoconf scripts and contributed many fixes and
-suggestions.
-Stephan Boettcher contributed the SCHEME= option.
-Ron Yorston contributed the uptest for Linux ppp dial-on-demand devices.
-Alexandre Nunes fixed some bugs in the autoconf files.
-Sverker Wiberg contributed fixes for IPv6.
-Carsten Block contributed configure-able rc scripts.
-Olaf Kirch contributed a security fix for the run_as code.
-Paul Wagland contributed various patches for bind9-compatability and other
-issues.
-Roman Shterenzon contributed patches and lots of helpful hints for FreeBSD
-compatability.
-Bernd Leibing has contributed spec file fixes.
-Michael Wiedmann has contributed the pdnsd-ctl.8 man page.
-Marko Stolle has contributed the contrib/pdnsd_update.pl script that makes
-pdnsd usable in a DHCP setup.
-P.J. Bostley has contributed patches to get pdnsd working on alpha properly.
-Christian Engstler contributed patches for SuSE compatability.
-Bjoern Fischer contributed code to make pdnsd leave the case of names in the
-cache unchanged.
-Marko Stolle contributed the contrib/pdnsd_update.pl script that makes pdnsd
-usable in a DHCP setup.
-Andrew M. Bishop contributed the support for the label server option and the
-pdnsd-ctl interface for using it.
-Frank Elsner contributed rc script fixes.
-Andreas Steinmetz contributed the code for query_port_start and query_port_end
-options.
-Mahesh T. Pai contributed the pdnsd.8 man page.
-Nikola Kotur contributed the Slackware start-up script.
-Kiyo Kelvin Lee contributed a patch for Cygwin support.
-Rodney Brown contributed a patch for Darwin (Apple Mac OS X) support.
-Jan-Marek Glogowski contributed a patch implementing the use_nss option.
-
-Special thanks to Bert Frederiks for letting me do a late-night debugging run
-on his machine to spot obscure bugs!
-
-Thanks to the following persons for reporting bugs and being helpful:
-David G. Andersen,
-Dirk Armbrust,
-Daniel Black,
-Kevin A. Burton,
-Juliusz Chroboczek,
-Joachim Dorner,
-Stefan Erhardt,
-Stefan F?rster,
-Mike Hammer,
-Jonathan Hudson,
-Dan Jacobson,
-Byrial Jensen,
-Patrick Loschmidt,
-James MacLean,
-Fraser McCrossan,
-Michael M?ller,
-Erich Reitz,
-Brian Schroeder,
-Milan P. Stanic,
-Michael Steiner,
-Norbert Steinl,
-Markus Storm,
-Michael Str?der,
-Alan Swanson,
-Eelco Vriezekolk.
-
-
--------------------------------------------------------------------------------
-
-Thomas Moestl and Paul A. Rombouts
-
-
-Last revised: 17 March 2012 by Paul A. Rombouts
-
diff --git a/jni/pdnsd/doc/txt/manual.txt b/jni/pdnsd/doc/txt/manual.txt
deleted file mode 100644
index c7e3e9d2..00000000
--- a/jni/pdnsd/doc/txt/manual.txt
+++ /dev/null
@@ -1,2017 +0,0 @@
- pdnsd Documentation
-
-This is the "official" pdnsd documentation and reference written by Thomas
-Moestl with revisions by Paul A. Rombouts.
-This manual is a part of the pdnsd package, and may be distributed in original
-or modified form under terms of the GNU General Public License, as published by
-the Free Software Foundation; either version 3, or (at your option) any later
-version.
-You can find a copy of the GNU GPL in the file COPYING in the source or
-documentation directory.
-This manual is up-to-date for version 1.2.9b. For older documentation, please
-refer to the doc directory of the respective pdnsd package.
-If you want a quicker introduction to pdnsd, you can try some of the HOWTOs
-available on the web. For Apple Mac users, Brian Wells has published a good
-HOWTO at http://web.mac.com/brianwells/main/pdnsd.html.
-
-0. Installation
-
-0.1 Installing binary RPM's
-
-To install a binary RPM, just do
-
-rpm -i pdnsd-.rpm
-
-This should install pretty much everything automatically. The only thing left
-for you to do is adapt your configuration file (stored in /etc/pdnsd.conf)
-according to your needs (see below). In the Red Hat and SuSE RPMs, a start
-script is also installed; read the section 0.4, Start at Boot Time about that.
-
-0.2 Building RPM's
-
-It is possible to build a binary RPM from a source package using the command
-
-rpmbuild --rebuild pdnsd-.src.rpm
-
-or alternatively from a tarball using the command
-
-rpmbuild -tb pdnsd-.tar.gz
-
-You can do this as root, but it is safer to build a binary package first as a
-normal user, and then, when all has gone well, install the resulting binary
-package as root as in the previous section. How to build an RPM package without
-being root is described at http://www.ibm.com/developerworks/linux/library/
-l-rpm1/.
-
-Several pdnsd-specific options are available when building RPM packages:
-
---with isdn Has the same effect as --enable-isdn (see below).
-
---without poll Has the same effect as --disable-poll (see below).
-
---without nptl Has the same effect as --with-thread-lib=linuxthreads (
- see below).
-
---with ipv6 Has the same effect as --enable-ipv6 (see below).
-
---without tcpqueries Has the same effect as --disable-tcp-queries (see below
- ).
-
---without debug Has the same effect as --with-debug=0 (see below).
-
---define "distro < Has the same effect as --with-distribution= (
-distro>" see below).
-
---define "run_as_user Has the same effect as --with-default-id= (see
-" below).
- For RPMs the default is "pdnsd".
-
- If the user defined by the previous option does not
---define "run_as_uid < exist when the RPM is installed, the pre-install script
-uid>" will try to create a new user with numerical id .
- The default is to let the system choose the numerical
- id at install time.
-
---define "cachedir < Has the same effect as --with-cachedir= (see below
-dir>" ).
-
-You can also configure which compiler flags will be used by setting the
-environment variable CFLAGS. Using a bash shell, you can do that on the command
-line like this: CFLAGS="-O1 -Wall" rpmbuild ...
-This is useful if you prefer a different level of optimization, for instance.
-
-0.3 Installing from pure sources (tar archives or git repositories)
-
-0.3.1 Setting up the source code tree
-
-Source code is available in the form of snapshots (tarballs) or a git
-repository with the very latest development code and a (nearly) complete
-history of all the revisions. Cloning a git repository is useful if you need a
-recent fix or feature that is not yet contained in a main release or you want
-to participate in pdnsd development. Otherwise you will probably find the
-tarballs more convenient because they are much more compact.
-
-0.3.1.1 Unpacking a tar archive
-
-The pdsnsd snapshot releases come in the form of a gzip'ed tar archive. To
-decompress it (using a modern tar) do
-
-tar -xzf pdnsd-.tar.gz
-
-If your tar doesn't do this, use:
-
-gzip -dc pdnsd-.tar.gz | tar -xf -
-
-0.3.1.2 Cloning a git repository
-
-To clone a git repository you need to install, if not already installed, the
-git version control system, which is available as a package in most modern
-Linux distributions. Then run the command:
-
-git clone git://gitorious.org/pdnsd/pdnsd.git pdnsd
-
-In rare cases, if you are behind some kind of firewall, the special git
-protocol can't be used and you will need to fall back to the http protocol. See
-the gitorious.org website or git documentation for more information.
-
-0.3.2 Configuring the source
-
-Change into the pdnsd source directory and run configure. It takes the
-following command line options (if you do not specify an option, defaults will
-be used):
-
- Specify the prefix directory. The pdnsd files are
- installed in subdirectories of the prefix, the
---prefix=dir pdnsd and pdnsd-ctl executables are for example
- installed in the sbin subdirectory of the prefix.
- The default for this is /usr/local; you might want
- to set this to /usr (using --prefix=/usr).
-
- Specify the config directory. pdnsd expects its
- pdnsd.conf file to reside there if the -c option is
---sysconfdir=dir not given at startup. The default for this is the
- etc subdirectory of your prefix, e.g. /usr/local/
- etc if you did not specify a prefix. To set this
- e.g. to /etc, use --sysconfdir=/etc.
-
---with-distribution= Specify target distribution (default=Generic;
-distro others: RedHat, SuSE, Debian)
- See below for the effect of these settings.
-
- Change compilation target platform (default:
- autodetect; others: Linux, BSD, Cygwin).
- autodetect will attempt to detect whether you are
---with-target=platform using Linux, *BSD or Cygwin and should normally be
- sufficient. If this does not work, try specifying
- your system manually (for the Darwin platform
- (Apple Mac OS X) specify BSD here).
-
- Default directory for pdnsd cache (default=/var/
---with-cachedir=dir cache/pdnsd)
- This setting can be changed via config file
- settings when pdnsd has been built.
-
- Number of hash buckets to use (default=1024). The
- default should be sufficient for most purposes, but
- if you want to store a large number of names in the
---with-hash-buckets=num cache, cache lookups may be faster if the number of
- hash buckets is comparable to the number of names
- stored in the cache. The number actually used is
- the smallest power of two greater or equal to the
- number specified here.
-
- Enable ISDN support
- This option will work only on Linux and may cause
---enable-isdn problems with 2.0.x or old 2.2.x kernels. You will
- need it for a proper if uptest under Linux for ISDN
- ppp devices.
-
---disable-ipv4 Disable IPv4 networking support (default=enabled)
-
- Enable IPv6 networking support.
---enable-ipv6 If your OS does support IPv6 properly, you should
- be able to serve also IPv4 queries using this.
- Normally, this is disabled and you won't need it.
-
---disable-ipv4-startup Disable IPv4 on pdnsd startup by default (default=
- enabled)
-
- Enable IPV6 on pdnsd startup by default (default=
- IPv4). These options are only defaults, you can
---enable-ipv6-startup specify on the command line or in the config files
- which IP version will really be used. Normally, you
- won't need to change these.
-
---disable-udp-queries Disable UDP as query method. You shouldn't need to
- change this.
-
- Disable TCP as query method. This only effects the
- querying of name servers by pdnsd, not the ability
- of pdnsd to answer TCP queries from clients. TCP
- queries are slower than UDP queries, but can be
---disable-tcp-queries more secure against certain types of attacks and
- are able to handle large answers. For normal use
- this can be disabled. (Note that the default has
- changed: TCP-query support is now compiled in by
- default, but it still depends on the run-time
- options whether it is actually used.)
-
- Specify the query method (default=udponly, others:
- tcponly, tcpudp, udptcp). If you have enabled both
- UDP and TCP queries, this lets you control which
- query method pdnsd will use by default. tcpudp will
- try TCP first and fall back to UDP if TCP is not
---with-query-method=qm supported by the server; udptcp will try UDP first
- and, if the answer was truncated, will repeat the
- query using TCP. udponly and tcponly should be
- clear. Note that this only effects the compiled-in
- default; the query method can still be changed
- using command-line options or options in the
- configuration file.
-
- Disable the TCP server. In this case pdnsd will not
---disable-tcp-server be able to respond to TCP queries from clients.
- This may cause problems with very large answers.
-
- Disable the UDP source address discovery.
- You need this only if you have trouble with
---disable-src-addr-disc messages saying "could not discover udp source
- address".
- For the Cygwin target, this option is disabled by
- default.
-
---disable-poll Disable poll(2) and use select(2) (default=enabled)
- You will normally not need this.
-
- Since version 1.2.9 this option is obsolete and
- ignored. It is now possible to configure for each
---disable-new-rrs RR type separately whether it is cacheable by pdnsd
- by editing the file src/rr_types.in. The comments
- in this file explain how to do this.
-
- Enforce strict RFC 2181 compliance.
- This will cause pdnsd to reject DNS answers with
---enable-strict-rfc2181 incorrect timestamp settings (multiple RRs of the
- same type and for the same domain with different
- TTLs). Normally not needed.
-
- This option is obsolete. Since version 1.2, pdnsd
---enable-underscores places no restrictions on the types of characters
- in domain names (there are still a few restrictions
- for locally defined names, though).
-
- Specify random device; default: C Library random()
- PRNG
- pdnsd uses (pseudo-) random numbers as query IDs
- for security reasons (this makes forging DNS
- answers more difficult). This option controls where
- pdnsd gets these from. The default is the C library
- random() function, which is relatively weak. You
- can specify a device like /dev/urandom here if you
---with-random-device= like; pdnsd will read random numbers from it
-device 16-bit-wise. /dev/urandom is present under Linux
- and most BSD derivates. You should not use /dev/
- random - it is more secure, but may block and delay
- pdnsd's answers for a long time.
- You can specify arc4random to use the BSD
- arc4random() library function (default for FreeBSD
- target), which is considered safe.
- You can also specify random as device to use the C
- Library random() function (described above).
-
- Specify default user for pdnsd (default=nobody).
- This is the user that will be entered for the
---with-default-id=user run_as option in the config file (see below) that
- will be installed during make install. You can
- change this any time in your config file.
-
- Specify debugging level. Normally you can safely
- switch debugging off by setting the level to 0.
- This will increase speed (although only marginally)
- and save space in the executable (only about 12kB).
- However, more significant may be the savings in
- stack space, especially if pdnsd is put under heavy
- load and there are many simultaneous running
- threads.
- Presently the only defined debug levels are in the
- range 0 - 9. Setting the level to 9 enables hex
---with-debug=level dumps of the queries and replies pdnsd receives and
- should normally not be needed. Debug output will
- only be generated if you turn on special switches;
- it might be useful for debugging your config files,
- so I recommend using the default (1). However, if
- you use pdnsd under heavy load, a better strategy
- may be to compile one version of pdnsd without
- debug support (configured with --with-debug=0) for
- production use, and one version with with debug
- support (e.g. --with-debug=9) for diagnostic
- purposes.
-
---with-verbosity=level Specify default message verbosity. The default
- should be ok.
-
- Enable RCS IDs in executables (default=disabled).
---enable-rcsids For personal use, there is no need to do this. If
- you build rpm's, it might have advantages.
-
- Enable subsequent tcp queries. The DNS protocol
- standard requires that servers must be capable of
- answering multiple subsequent queries that are sent
- over the same tcp connection, and that the server
- may only close the connection by himself after a
- certain timeout. This feature is rarely used, but
---enable-tcp-subseq may make denial-of-service attacks easier, as it
- allows for an attacker to hold a connection open a
- long time (although the attacker's IP is most
- likely revealed then). For full standard
- compliance, you should use this option. If you do
- not use --enable-tcp-server, is option is not
- honored.
-
- Specify default tcp query timeout after which the
- connection is closed if no full query has been
---with-tcp-qtimeout=secs received. The default is 30s. You can also change
- this option at run time using the tcp_qtimeout
- config file option. If you do not use
- --enable-tcp-server, is option is not honored.
-
- Specify the default number of queries that can be
- executed in parallel. You can also change this
---with-par-queries=num option at run time using the par_queries config
- file option. See the description of that option for
- an explanation of what it really does.
- The default for this option is 2.
-
- New in version 1.2.9b: Specify the maximum number
- of IP addresses that can be used per nameserver
- obtained from NS records (when resolving names
- recursively). Just one IP address per nameserver is
- sufficient in the vast majority of cases (and this
---with-max-nameserver-ips was the strategy used by pdnsd in previous
-=num versions), but in rare cases this will cause
- unnecessary resolve failures if the address chosen
- for each nameserver happens to be unreachable while
- the other addresses would lead to successful
- resolution.
- The default for this option is 3.
-
- Added by Paul Rombouts: Use this option if you
- experience problems with signal handling under
- Linux. The usual symptom is that pdnsd fails to
- save the cache to disk, and /var/cache/pdnsd/
- pdnsd.cache remains empty. If you experience this
- kind of trouble, try reconfiguring with different
- values for the --with-thread-lib option. The
- allowable values are linuxthreads (or lt for
- short), linuxthreads2 (or lt2 for short), and nptl.
- By default the configure script tries to detect
---with-thread-lib=lib automatically whether linuxthreads or nptl is more
- appropriate for your system, but the method used is
- not foolproof. Look for the line: checking if this
- is an NPTL-based system...
- If the automatic test mistakenly indentifies the
- thread library on your system as NPTL based, you
- should reconfigure with --with-thread-lib=lt and
- recompile. If the result of the automatic test is
- "no" or if --with-thread-lib=lt does not have the
- desired effect, try again using --with-thread-lib=
- lt2 .
-
-Normally, you will need only --prefix, --sysconfdir and --with-distribution. If
-you specify your distribution using --with-distribution, this has the following
-effects:
-
- * An rc script is copied in the appropriate localtion, which enables pdnsd to
- start at machine boot time (see 0.4)
- * Distribution-specific portions might be included in the generated
- pdnsd.spec file (only important if you want to build rpm archives
- yourself).
-
-If you choose Generic, no rc script is installed, and a generic spec file is
-generated.
-Further instructions are in the INSTALL document in the pdnsd source directory.
-./configure --help will give you a list of all supported command line options.
-
-Note added by Paul Rombouts: Some people may want change the compiler
-optimization flag. I use the -O2 flag, but it might be safer to use a lower
-level of optimization or no optimization at all. In that case prefix the
-configure command with the desired compiler flags like this (assuming you're
-using a bash shell):
-
-CFLAGS="-O1 -Wall" ./configure ...
-
-
-0.3.3 Building & installing
-
-Type make in the source directory. Should work by now.
-To install, type make install or do the installation by hand (see 0.3.4).
-make install will do the following ($prefix is the prefix directory; see
-above):
-
- 1. copies pdnsd to $(prefix)/sbin/
- 2. copies pdnsd-ctl to $(prefix)/sbin/
- 3. copies docs/pdnsd.conf.sample (a sample configuration) to the pdnsd config
- directory.
- 4. creates your cache directory if it is not there. After installation, you
- should check the file permissions and create or edit /etc/pdnsd.conf to fit
- your needs (see below). If you use the run_as option, please make sure that
- your cache directory is owned by the user you specified with this option!
-
-You must be root for this installation!
-Security notes: never make the pdnsd cache directory writeable for untrusted
-users, or you will get several security holes: the users might modify the cache
-contents, or plant dangerous links.
-If you use a pidfile, you should be aware that you introduce security problems
-if you place the pidfile in a directory in a NFS filesystem that is writeable
-for untrusted users. Generally, the pidfile directory (typically /var/run)
-should not be writeable for untrusted users.
-
-0.3.4 Manual installation
-
-For a manual installation, you need to do the following steps:
-
- 1. Copy pdnsd and pdnsd-ctl from your build directory to an appropriate
- location (e.g. /usr/sbin).
- 2. Copy docs/pdnsd.conf into the directory you want it to reside (/etc by
- default, and change it according to your needs (see below).
- 3. Create your caching directory; default is /var/cache/pdnsd (you may change
- this in your pdnsd.conf); Permissions should be at max rwxr-xr-x (if you
- want to protect your cache and status socket, make it rwx------).
-
-Thats it!
-
-0.4 Start at boot time
-
-In the src/rc folder of the pdnsd distribution are start scripts for pdnsd
-designed for different Linux distros. There are scripts for SuSE, Redhat,
-Debian, Arch Linux and Slackware now.
-The start scripts are automatically installed during RPM install, and also
-during make install if you specified your distro.
-For Slackware Linux there is a start-up script contributed by Nikola Kotur, but
-presently it must be installed manually. See src/rc/README and src/rc/Slackware
-/rc.pdnsd for details.
-
-0.4.1 SuSE Linux startup
-
-rc/SuSE/pdnsd is a start script for SuSE Linux. It was tested for 6.? but
-should run on some versions below. You can do make install as root in the rc/
-SuSE directory to install it, or you can install manually:
-
-manual installation
-
-For manual installation, copy rc/SuSE/pdnsd into /sbin/init.d/, go to /sbin/
-init.d/rc2.d/ and create there the following two symlinks:
-S11pdnsd to ../pdnsd (do ln -s ../pdnsd S11pdnsd in that dir)
-K34pdnsd to ../pdnsd (do ln -s ../pdnsd K34pdnsd in that dir)
-The numbers dictate the order different services are started and might need to
-be modified. Then edit your /etc/rc.config file and add the line START_PDNSD=
-yes to start pdnsd at boot time.
-
-If you used the make install command, START_PDNSD=yes has been appended to your
-/etc/rc.config file, causing pdnsd to be started at boot time. If you don't
-want that, change the yes into no.
-
-This start script was created from /sbin/init.d/skeleton by me, so the most is
-copyrighted by SuSE. They put it under the GPL, however, so the license stated
-in COPYING also applies to this script. There is NO WARRANTY OF ANY KIND on
-these scripts. This is no official SuSE script, and SuSE naturally does NO
-support for it.
-
-0.4.2 Red Hat Linux startup
-
-rc/Redhat/pdnsd is a start script for Red Hat Linux. It was contibuted by
-Torben Janssen.
-This was tested for 6.1 but should run on 5.0+. You can do make install as root
-in the rc/Redhat directory to install it, or you can install manually:
-
-manual installation
-
-For manual installation, copy rc/Redhat/pdnsd into /etc/rc.d/init.d/
-Then go to /etc/rc.d/rc3.d and create there the following symlink:
-S78pdnsd -> ../init.d/pdnsd (do ln -f -s ../init.d/pdnsd S78pdnsd in that dir)
-Then go to /etc/rc.d/rc0.d and create there the following symlink:
-K78pdnsd -> ../init.d/pdnsd (do ln -f -s ../init.d/pdnsd K78pdnsd in that dir)
-Then go to /etc/rc.d/rc6.d and create there the following symlink:
-K78pdnsd -> ../init.d/pdnsd (do ln -f -s ../init.d/pdnsd K78pdnsd in that dir)
-
-This script is also covered by license stated in COPYING. Again, there is NO
-WARRANTY OF ANY KIND on these scripts. This is no offical Redhat script, and
-Redhat naturally does NO support for it
-
-0.5 Notes for FreeBSD users
-
-The special handling of ISDN ppp devices is only supported on Linux. It is not
-needed in FreeBSD, the normal device handling also works fine with isdn4bsd
-devices.
-When compiled for FreeBSD, pdnsd as a small RFC compatability issue: RFC2181
-demands answers on dns querys to be sent with the same source address the query
-packet went to. In seldom cases, this will not be the case, because the kernel
-selects the source address depending on the interface that was used for sending
-the answer.
-Setting the source address currently does not work for IPv4. I have written a
-kernel patch that will provide an easy way to program this. We'll see if or
-when it gets commited.
-
-
-
-1 Invocation
-
-When invoking pdnsd, you can specify various options at the command line.
-Command line options always override config file options. The various --noX
-options are present to override config file options.
-
-pdnsd --help (or -h) gives you an overview of the pdnsd command line options.
-
-pdnsd --version (or -V for short) prints licence and version information.
-
-To start pdnsd as background daemon, specifiy --daemon (or -d for short) on the
-command line. Diagnostic and error messages after the actual daemon start will
-be printed to the syslog instead of the console. --nodaemon will disable this.
-
-When starting pdnsd as a daemon, the -p option may be helpful: It writes the
-pid of the server process to the file of the name given as argument to this
-option.
-Example: pdnsd -d -p /var/run/pdnsd.pid
-
-If you want to specify a configuration file other than /etc/pdnsd.conf, specify
--c or --config-file on the command line, followed by a filename.
-
-If pdnsd was compiled with debugging support, you may specify -g or --debug on
-the command line. This will cause extra diagnostic messages to be printed. When
-pdnsd runs in daemon mode, the messages will be written to the pdnsd.debug file
-in your cache directory. --nodebug disables debugging.
-
-pdnsd -vn sets the verbosity level of pdnsd. n is normally a digit from 0 to 3,
-where 0 means normal operation, while 3 will most verbose. Level 9 can be used
-in combination with the --debug option for very extensive debug information.
-Note: The current implementation mostly ignores the verbosity level, so you may
-not notice much difference between the various levels.
-
-The option -s or --status enables the status control socket. This is a named
-socket in the cache directory called pdnsd.status. This socket allows run-time
-configuration of pdnsd using the utility pdnsd-ctl. See below for more details
-about pdnsd-ctl. --nostatus disables status control. See also the configuration
-option status_ctl in the global section.
-
-The option --notcp disables the seldom needed TCP server thread, which may save
-you some resources. -t or --tcp will enable it. See also the tcp_server
-configuration option.
-
-Using the -m option, you can select the method pdnsd uses to query other name
-servers. Following methods are supported (see also the query_method
-configuration option):
--muo: pdnsd will use UDP only. This is the fastest method, and should be
-supported by all name servers on the Internet.
--mto: pdnsd will use TCP only. TCP queries usually take longer time than UDP
-queries, but are more secure against certain attacks, where an attacker tries
-to guess your query id and to send forged answers. TCP queries are not
-supported by some name servers.
--mtu: pdnsd will try to use TCP, and will fall back to UDP if its connection is
-refused or times out.
--mut: New in version 1.2.5: pdnsd will try to use UDP, and will repeat the
-query using TCP if the UDP reply was truncated (i.e. the tc bit is set). This
-is the behaviour recommended by the DNS standards.
-
-The -4 option switches to IPv4 mode, providing pdnsd was compiled with IPv4
-support.
-The -6 option switches to IPv6 mode, providing pdnsd was compiled with IPv6
-support.
-The -a option is only available when pdnsd was compiled with both IPv4 and IPv6
-support. With this option, pdnsd will try to detect automatically if a system
-supports IPv6, and fall back to IPv4 otherwise.
-
-With -i prefix or --ipv4_6_prefix=prefix you can set the prefix pdnsd uses
-(when running in IPv6 mode) to map IPv4 addresses in the configuration file to
-IPv6 addresses. There is also a corresponding option for the config file, see
-below. Must be a valid IPv6 address. The default is ::ffff:0.0.0.0
-
-2 The configuration file
-
-This section describes the layout of the configuration file and the available
-configuration options. The default location of the file is /etc/pdnsd.conf.
-This may be changed with the -c command line option. An example pdnsd.conf
-comes with the pdnsd distribution in the docs directory and will be installed
-to /etc/ by make install.
-
-2.1 Layout
-
-The configuration file is divided into sections. Each section is prefixed with
-the section name and opening curlies ({) and closed with closing curlies (}).
-In each section, configuration options can be given in the form
-option_name=option_value;
-Option value may be a string literal, a number, a time specification or a
-constant. In previous versions of pdnsd strings had to be enclosed in quotes
-("), but since version 1.1.10 this is no longer necessary, unless a string
-contains a special character such as whitespace, a token that normally starts a
-comment, or one of ",;{}\". Since version 1.2.9 a backslash (\) inside a string
-is interpreted as an escape character, so it is possible to include special
-characters in strings (both quoted or unquoted) by preceding them with a
-backslash. Some escape sequences are in interpreted as in the C programming
-language, e.g. \t becomes a tab, \n becomes a new-line control char.
-A time specification consists a sequence of digits followed by a one-letter
-suffix. The following suffixes are recognized: s (seconds), m (minutes), h
-(hours), d (days) and w (weeks). If the suffix is missing, seconds are assumed.
-If several time specifications are concatenated, their values are added
-together; e.g. 2h30m is interpreted as 2*60*60 + 30*60 = 9000 seconds.
-Some options take more than one value; in this case, the values are separated
-with commas.
-If you may supply one of a set of possible values to an option, this is noted
-in the documentation as (option1|option2|option3|...)
-The constants true|false and yes|no are accepted as synonyms for the constants
-on|off.
-Comments may be enclosed in /* and */, nested comments are possible. If the #
-sign or two slashes (//) appear in the configuration file, everything from
-these signs to the end of the current line is regarded as a comment and
-ignored.
-There are examples for nearly all options in the sample config file.
-
-2.1.1 global Section
-
-The global section specifies parameters that affect the overall behaviour of
-the server. If you specify multiple global sections, the settings of those
-later in the file will overwrite the earlier given values.
-These are the possible options:
-
-
-perm_cache=(number|off);
-Switch the disk cache off or supply a maximum cache size in kB. If the disk
-cache is switched off, 8 bytes will still be written to disk. The memory cache
-is always 10kB larger than the file cache. This value is 2048 (2 MB) by
-default.
-
-cache_dir=string;
-Set the directory you want to keep the cache in. The default is "/var/cache/
-pdnsd" (unless pdnsd was compiled with a different default).
-
-server_port=number;
-Set the server port. This is especially useful when you want to start the
-server and are not root. Note that you may also not specify uptest=ping in the
-server section as non-root.
-The default port is 53, the RFC-standard one. Note that you should only use
-non-standard ports when you only need clients on your machine to communicate
-with the server; others will probably fail if the try to contact the server on
-the basis of an NS record, since the A record that supplies the address for
-(among others) name servers does not have a port number specification.
-
-server_ip=string;
-or
-interface=string;
-Set the IP address pdnsd listens on for requests. This can be useful when the
-host has several interfaces and you want pdnsd not to listen on all interfaces.
-For example, it is possible to bind pdnsd to listen on 127.0.0.2 to allow pdnsd
-to be a forwarder for BIND. The default setting for this option is server_ip=
-any, which means that pdnsd will listen on all of your local interfaces.
-Presently you can only specify one address here; if you want pdnsd to listen on
-multiple interfaces but not all you will have to specify server_ip=any and use
-firewall rules to restrict access.
-The IP address used to need quotation marks around it, but since version 1.1.10
-this is no longer necessary.
-If pdnsd has been compiled with both IPv4 and IPv6 support, and you want to
-specify an IPv6 address here, then unless pdnsd was compiled to start up in
-IPv6 mode by default, you will need to use the -6 command-line option or set
-run_ipv4=off first (see below) in order to ensure that the IPv6 address is
-parsed correctly.
-If pdnsd is running in IPv6 mode and you specify an IPv4 address here, it will
-automatically be mapped to an IPv6 address.
-New in version 1.2: You may also give the name of an interface such as "lo" or
-"eth0" here, instead of an IP address (this has been tested on Linux, and may
-or may not work on other platforms). pdnsd will not bind to the interface name,
-but will look up the address of the interface at start-up and listen on that
-address. If the address of the interface changes while pdnsd is running, pdnsd
-will not notice that. You will need to restart pdnsd in that case.
-
-outgoing_ip=string;
-or
-outside_interface=string;
-New in version 1.2.9: Set the IP address of the interface used by pdnsd for
-outgoing queries. This can be useful when the host has several interfaces and
-you want pdnsd to send outgoing queries via only one of them. For example, if
-pdnsd is running on a host with one interface with IP address 192.168.1.1
-connected to the local network, and another with IP address 123.xxx.yyy.zzz
-connected to the internet, you may specify server_ip=192.168.1.1 and
-outgoing_ip=123.xxx.yyy.zzz to enforce that pdnsd only responds to queries
-received from the local network, and only sends outgoing queries via the
-interface connected to the internet.
-The default setting for this option is any, which means that the kernel is free
-to decide which interface to use. Like with the server_ip option, you may also
-give the name of an interface here, instead of an IP address.
-
-linkdown_kluge=(on|off);
-This option enables a kluge that some people might need: when all servers are
-marked down, with this option set the cache is not even used when a query is
-received, and a DNS error is returned in any case. The only exception from this
-is that local records (as specified in rr and source sections are still served
-normally. In general, you probably want to get cached entries even when the
-network is down, so this defaults to off.
-
-max_ttl=timespec;
-This option sets the maximum time a record is held in cache. All dns resource
-records have a time to live field that says for what period of time the record
-may be cached before it needs to be requeried. If this is more than the value
-given with max_ttl, this time to live value is set to max_ttl. This is done to
-prevent records from being cached an inappropriate long period of time, because
-that is almost never a good thing to do. Default is 604800s (one week).
-
-min_ttl=timespec;
-This option sets the minimum time a record is held in cache. All dns resource
-records have a time to live field that says for what period of time the record
-may be cached before it needs to be requeried. If this is less than the value
-given with min_ttl, this time to live value is set to min_ttl. Default is 120
-seconds.
-
-neg_ttl=timespec;
-This option sets the time that negatively cached records will remain valid in
-the cache if no time to live can be determined. This is always the case when
-whole domains are being cached negatively, and additionally when record types
-are cached negatively for a domain for which no SOA record is known to pdnsd.
-If a SOA is present, the ttl of the SOA is taken.
-
-neg_rrs_pol=(on|off|auth|default);
-This sets the RR set policy for negative caching; this tells pdnsd under which
-circumstances it should cache a record type negatively for a certain domain.
-off will turn the negative caching of record types off, on will always add a
-negative cache entry when a name server did not return a record type we asked
-it for, and auth will only add such entries if the answer came from an
-authoritative name server for that domain.
-New in version 1.2.8: The default setting will add a negatively cached record
-if either the answer was authoritive or the answer indicated the name server
-had "recursion available" while the query explicitly requested such recursion.
-The preset is "default" (used to be auth).
-
-neg_domain_pol=(on|off|auth);
-This is analogue to neg_rrs_pol for whole domain negative caching. It should be
-safe to set this on, because I have not seen a caching server that will falsely
-claim that a domain does not exist.
-The default is auth.
-
-run_as=string;
-This option allows you to let pdnsd change its user and group id after
-operations that needed privileges have been done. This helps minimize security
-risks and is therefore recommended. The supplied string gives a user name whose
-user id and primary group id are taken.
-A little more details: after reading the config file, becoming a daemon (if
-specified) and starting the server status thread, the main thread changes its
-gid and uid, as do all newly created threads thereafter. By taking another uid
-and gid, those threads run with the privileges of the specified user. Under
-Linux and FreeBSD, the server status thread runs with the original privileges
-only when the strict_setuid option is set to off (see below, on by default),
-because these may be needed for exec uptests. The manager thread also retains
-its original privileges in this case. You should take care that the user you
-specify has write permissions on your cache file and status pipe (if you need a
-status pipe). You should look out for error messages like "permission denied"
-and "operation not permitted" to discover permission problems.
-
-strict_setuid=(on|off);
-When used together with the run_as option, this option lets you specify that
-all threads of the program will run with the privileges of the run_as user.
-This provides higher security than the normal run_as option, but is not always
-possible. See the run_as option for further discussion.
-This option is on by default.
-Note that this option has no effect on Non-Linux systems.
-
-paranoid=(on|off);
-Normally, pdnsd queries all servers in recursive mode (i.e. instructs servers
-to query other servers themselves if possible, and to give back answers for
-domains that may not be in its authority), and accepts additional records with
-information for servers that are not in the authority of the queried server.
-This opens the possibility of so-called cache poisoning: a malicious attacker
-might set up a dns server that, when queried, returns forged additional
-records. This way, he might replace trusted servers with his own ones by making
-your dns server return bad IP addresses. This option protects you from cache
-poisoning by rejecting additional records that do not describe domains in the
-queried servers authority space and not doing recursive queries any more. An
-exception to this rule are the servers you specify in your config file, which
-are trusted.
-The penalty is a possible performance decrease, in particular, more queries
-might be necessary for the same operation.
-You should also notice that there may be other similar security problems, which
-are essentially problems of the DNS, i.e. any "traditional" server has them
-(the DNS security extensions solve these problems, but are not widely
-supported). One of this vulnerabilities is that an attacker may bombard you
-with forged answers in hopes that one may match a query you have done. If you
-have done such a query, one in 65536 forged packets will be succesful (i.e. an
-average packet count of 32768 is needed for that attack). pdnsd can use TCP for
-queries, which has a slightly higher overhead, but is much less vulnerable to
-such attacks on sane operating systems. Also, pdnsd chooses random query ids,
-so that an attacker cannot take a shortcut. If the attacker is able to listen
-to your network traffic, this attack is relatively easy, though.
-This vulnerability is not pdnsd's fault, and is possible using any conventional
-name server (pdnsd is perhaps a little more secured against this type of
-attacks if you make it use TCP).
-The paranoid option is off by default.
-
-ignore_cd=(on|off);
-New in version 1.2.8: This option lets you specify that the CD bit of a DNS
-query will be ignored. Otherwise pdnsd will reply FORMERR to clients that set
-this bit in a query. It is safe to enable this option, as the CD bit refers to
-'Checking Disabled' which means that the client will accept non-authenticated
-data.
-This option is on by default. Turn it off if you want the old behaviour (before
-version 1.2.8).
-
-scheme_file=string;
-In addition to normal uptests, you may specify that some servers shall only be
-queried when a certain pcmcia-cs scheme is active (only under linux). For that,
-pdnsd needs to know where the file resides that holds the pcmcia scheme
-information. Normally, this is either /var/lib/pcmcia/scheme or /var/state/
-pcmcia/scheme.
-
-status_ctl=(on|off);
-This has the same effect as the -s command line option: the status control is
-enabled when on is specified.
-Added by Paul Rombouts: Note that pdnsd-ctl allows run-time configuration of
-pdnsd, even the IP addesses of the name servers can be changed. If you're not
-using pdnsd-ctl and you want maximum security, you should not enable this
-option. It is disabled by default.
-
-daemon=(on|off);
-This has the same effect as the -d command line option: the daemon mode is
-enabled when on is specified.
-Default is off.
-
-tcp_server=(on|off);
-tcp_server=on has the same effect as the -t or --tcp command-line option: it
-enables TCP serving. Similarly, tcp_server=off is like the --notcp command-line
-option.
-Default is on.
-
-pid_file=string;
-This has the same effect as the -p command line option: you can specify a file
-that pdnsd will write its pid into when it starts in daemon mode.
-
-verbosity=number;
-This has the same effect as the -v command line option: you can set the
-verbosity of pdnsd's messages with it. The argument is a number between 0 (few
-messages) to 3 (most messages).
-
-query_method=(tcp_only|udp_only|tcp_udp|udp_tcp);
-This has the same effect as the -m command line option. Read the documentation
-for the command line option on this. tcp_only corresponds to the to, udp_only
-to the uo, tcp_udp to the tu and udp_tcp to the ut argument of the command line
-option.
-If you use query_method=tcp_udp, it is recommended that you also set the global
-timeout option to at least twice the longest server timeout.
-
-run_ipv4=(on|off);
-This has the same effect as the -4 or -6 command line option: if on is
-specified, IPv4 support is enabled, and IPv6 support is disabled (if
-available). If off is specified, IPv4 will be disabled and IPv6 will be
-enabled. For this option to be meaningful, pdnsd needs to be compiled with
-support for the protocol you choose. If pdnsd was compiled with both IPv4 and
-IPv6 support, and you want to include IPv6 addresses in the configuration file,
-you will probably need to specify run_ipv4=off first to ensure that the IPv6
-addresses are parsed correctly.
-
-debug=(on|off);
-This has the same effect as the -g command line option: the debugging messages
-are enabled when on is specified.
-
-ctl_perms=number;
-This option allows you to set the file permissions that the pdnsd status
-control socket will have. These are the same as file permissions. The owner of
-the file will be the run_as user, or, if none is specified, the user who
-started pdnsd. If you want to specify the permissions in octal (as usual),
-don't forget the leading zero (0600 instead of 600!). To use the status
-control, write access is needed. The default is 0600 (only the owner may read
-or write).
-Please note that the socket is kept in the cache directory, and that the cache
-directory permissions might also need to be adjusted. Please ensure that the
-cache directory is not writeable for untrusted users.
-
-proc_limit=number;
-With this option, you can set a limit on the pdnsd threads that will be active
-simultaneously. If this number is exceeded, queries are queued and may be
-delayed some time. See also the procq_limit option.
-The default for this option is 40.
-
-procq_limit=number;
-When the query thread limit proc_limit is exceeded, connection attempts to
-pdnsd will be queued. With this option, you can set the maximum queue length.
-If this length is also exceeded, the incoming queries will be dropped. That
-means that tcp connections will be closed and udp queries will just be dropped,
-which will probably cause the querying resolver to wait for an answer until it
-times out.
-See also the proc_limit option. A maximum of proc_limit+procq_limit query
-threads will exist at any one time (plus 3 to 6 threads that will always be
-present depending on your configuration).
-The default for this option is 60.
-
-tcp_qtimeout=timespec;
-This option sets a timeout for tcp queries. If no full query has been received
-on a tcp connection after that time has passed, the connection will be closed.
-The default is set using the --with-tcp-qtimeout option to configure.
-
-par_queries=number;
-This option used to set the maximum number of remote servers that would be
-queried simultaneously, for every query that pdnsd receives.
-Since version 1.1.11, the meaning of this option has changed slightly. It is
-now the increment with which the number of parallel queries is increased when
-the previous set of servers has timed out. For example, if we have a list
-server1, server2, server3, etc. of available servers and par_queries=2, then
-pdnsd will first send queries to server1 and server2, and listen for responses
-from these servers.
-If these servers do not send a reply within their timeout period, pdnsd will
-send additional queries to server3 and server4, and listen for responses from
-server1, server2, server3 and server4, and so on until a useful reply is
-received or the list is exhausted.
-In the worst case there will be pending queries to all the servers in the list
-of available servers. We may be using more system resources this way (but only
-if the first servers in the list are slow or unresponsive), but the advantage
-is that we have a greater chance of catching a reply. After all, if we wait
-longer anyway, why not for more servers.
-See also the explanation of the global timeout option below.
-1 or 2 are good values for this option. The default is set at compile time
-using the --with-par-queries option to configure.
-
-timeout=timespec;
-This is the global timeout parameter for dns queries. This specifies the
-minimum period of time pdnsd will wait after sending the first query to a
-remote server before giving up without having received a reply. The timeout
-options in the configuration file are now only minimum timeout intervals.
-Setting the global timeout option makes it possible to specify quite short
-timeout intervals in the server sections (see below). This will have the effect
-that pdnsd will start querying additional servers fairly quickly if the first
-servers are slow to respond (but will still continue to listen for responses
-from the first ones). This may allow pdnsd to get an answer more quickly in
-certain situations.
-If you use query_method=tcp_udp it is recommended that you make the global
-timeout at least twice as large as the largest server timeout, otherwise pdnsd
-may not have time to try a UDP query if a TCP connection times out.
-Default value is 0.
-
-randomize_recs=(on|off);
-If this option is turned on, pdnsd will randomly reorder the cached records of
-one type when creating an answer. This supports round-robin DNS schemes and
-increases fail safety for hosts with multiple IP addresses, so this is usually
-a good idea.
-On by default.
-
-query_port_start=(number|none);
-If a number is given, this defines the start of the port range used for queries
-of pdnsd. The value given must be >= 1024. The purpose of this option is to aid
-certain firewall configurations that are based on the source port. Please keep
-in mind that another application may bind a port in that range, so a stateful
-firewall using target port and/or process uid may be more effective. In case a
-query start port is given pdnsd uses this port as the first port of a specified
-port range (see query_port_end) used for queries. pdnsd will try to randomly
-select a free port from this range as local port for the query.
-To ensure that there are enough ports for pdnsd to use, the range between
-query_port_start and query_port_end should be adjusted to at least (par_queries
-* proc_limit). A larger range is highly recommended for security reasons, and
-also because other applications may allocate ports in that range. If possible,
-this range should be kept out of the space that other applications usually use.
-The default for this option is 1024. Together with the default value of
-query_port_end, this makes it the hardest for an attacker to guess the source
-port used by the pdnsd resolver. If you specify none here, pdnsd will let the
-kernel choose the source port, but this may leave pdnsd more vulnerable to an
-attack.
-
-query_port_end=number;
-Used if query_port_start is not none. Defines the last port of the range
-started by query_port_start used for querys by pdnsd. The default is 65535,
-which is also the maximum legal value for this option. For details see the
-description of query_port_start.
-
-delegation_only=string;
-Added by Paul Rombouts: This option specifies a "delegation-only" zone. This
-means that if pdnsd receives a query for a name that is in a subdomain of a
-"delegation-only" zone but the remote name server returns an answer with an
-authority section lacking any NS RRs for subdomains of that zone, pdnsd will
-answer NXDOMAIN (unknown domain). This feature can be used for undoing the
-undesired effects of DNS "wildcards". Several "delegation-only" zones may be
-specified together. If you specify root servers in a server section it is
-important that you set root_server=on in such a section.
-Example:
-
-delegation_only="com","net";
-
-This feature is off by default. It is recommended that you only use this
-feature if you actually need it, because there is a risk that some legitimate
-names will be blocked, especially if the remote name servers queried by pdnsd
-return answers with empty authority sections.
-
-ipv4_6_prefix=string;
-This option has the same effect as the -i command-line option. When pdnsd runs
-in IPv6 mode, this option specifies the prefix pdnsd uses to convert IPv4
-addresses in the configuration file (or addresses specified with pdnsd-ctl) to
-IPv6-mapped addresses. The string must be a valid IPv6 address. Only the first
-96 bits are used. Note that this only effects the parsing of IPv4 addresses
-listed after this option.
-The default is "::ffff.0.0.0.0".
-
-use_nss=(on|off);
-If this option is turned on, pdnsd will call initgroups() to set up the group
-access list, whenever pdnsd changes its user and group id (see run_as option).
-There is a possible snag, though, if initgroups() uses NSS (Name Service
-Switch) and NSS in turn uses DNS. In such a case you may experience lengthy
-timeouts and stalls. By setting use_nss=off, you can disable the initgroups()
-call (only possible in versions 1.2.5 and later).
-This option was contributed by Jan-Marek Glogowski.
-On by default.
-
-udpbufsize=number;
-New in version 1.2.9: This option sets the upper limit on the size of UDP DNS
-messages. The default is 1024.
-See also the edns_query server option below.
-
-
-2.1.2 server Section
-
-Each server section specifies a set of name servers that pdnsd should try to
-get resource records or authoritative name server information from. The servers
-are queried in the order of their appearance (or parallel to a limited extend).
-If one fails, the next one is taken and so on.
-You probably want to specify the dns server in your LAN, the caching dns
-servers of your internet provider or even a list of root servers in one or more
-server sections.
-The supported options in this section are:
-
-
-label=string;
-Specify a label for the server section. This can be used to refer to this
-section when using pdnsd-ctl, the pdnsd control utility.
-You can give several server sections the same label, but if you want to change
-the addresses of a server section (see ip option below) during run-time with
-"pdnsd-ctl server label up dns1,dns2,...", the label must be unique.
-
-ip=string;
-Give the IP (the address, not the host name) of the server.
-Multiple IP addresses can be given per server section. This can be done by
-entering multiple lines of the form ip=string; or a single line like this:
-
-ip=string,string,string;
-
-IP addresses do not have to be specified in the configuration file. A server
-section without IP addresses will remain inactive until it is assigned one or
-more addresses with pdnsd-ctl, the pdnsd control utility.
-If pdnsd has been compiled with both IPv4 and IPv6 support, any IPv6 addresses
-you specify here will be skipped with a warning message, unless pdnsd is
-running in IPv6 mode. Thus, unless pdnsd was compiled to startup in IPv6 mode
-by default, you need to use the command-line option -6 or set run_ipv4=off
-first (see global section) in order to ensure that IPv6 addresses are parsed
-correctly.
-If pdnsd is running in IPv6 mode and you specify an IPv4 address here, it will
-automatically be mapped to an IPv6 address.
-
-file=string;
-New in version 1.2: This option allows you to give the name of a
-resolv.conf-style file. Of the lines beginning with the nameserver keyword, the
-second field will be parsed as an IP address, as if it were specified with the
-ip= option. The remaining lines will be ignored. If the contents of the file
-changes while pdnsd is running, you can make pdnsd aware of the changes through
-the use of pdnsd-ctl, the pdnsd control utility. This is usually most
-conveniently done by placing the command "pdnsd-ctl config" in a script that is
-automatically run whenever the DNS configuration changes.
-For example, suppose you have a ppp client that writes the DNS configuration
-for your ISP to the file /etc/ppp/resolv.conf and runs the script /etc/ppp/
-ip-up when a new connection is established. One way of ensuring that pdnsd is
-automatically reconfigured is to add a server section in the config file with
-file=/etc/ppp/resolv.conf and to add the command "pdnsd-ctl config" to /etc/ppp
-/ip-up.
-
-port=number;
-Give the port the remote name server listens on. Default is 53 (the official
-dns port)
-
-uptest=(ping|none|if|dev|diald|exec|query);
-Determine the method to check whether the server is available. Currently
-defined methods are:
-
- * ping: Send an ICMP_ECHO request to the server. If it doesn't respond within
- the timeout, it is regarded to be unavailable until the next probe.
- * none: The availability status is not changed, only the time stamp is
- updated.
- * if: Check whether the interface (specified in the interface= option) is
- existent, up and running. This currently works for all "ordinary" network
- interfaces, interfaces that disappear when down (e.g. ppp?), and
- additionally for Linux isdn interfaces (as of kernel 2.2). Note that you
- need a /dev/isdninfo device file (major#45, minor#255), or the isdn uptest
- will always fail.
- * dev and diald: Perform an if uptest, and, if that was succesful,
- additionally check whether a program is running that has locked a given
- (modem-) device. The needed parameters are an interface (specified as for
- the if uptest, e.g. "ppp0") and a device relative to /dev (e.g. "modem" for
- /dev/modem specified using the device= option. pdnsd will then look for a
- pid file for the given interface in /var/lock (e.g. /var/run/ppp0.pid) and
- for a lockfile for the given device (e.g. /var/lock/LCK..modem), and then
- test whether the locking process is the process that created the pid file
- and this process is still alive. If this is the case, the normal if uptest
- is executed for the given interface.
- The dev option is for pppd dial-on-demand, diald is the same for diald
- users.
- * exec: Executes a given command in the /bin/sh shell (as /bin/sh -c
- ) and evaluates the result (the return code of the last command)
- in the shell's way of handling return codes, i.e. 0 indicates success, all
- other indicate failure. The shell's process name will be uptest_sh. The
- command is given with the uptest_cmd option (see below). For secuity
- issues, also see that entry.
- * query: New in version 1.2: This works like the ping test, except it sends
- an (empty) DNS query to the remote server. If the server sends a
- well-formed response back within the timeout period (except SERVFAIL), it
- will be regarded as available. This test is useful if a remote server does
- not respond to ICMP_ECHO requests at all, which unfortunately is quite
- common these days. It can also happen that a remote server is online but
- ignores empty DNS queries. Then you will need the set the query_test_name
- option (see below). In many cases this test will be a more reliable
- indicator of availability than the ones mentioned before.
-
-The default value is none.
-
-NOTE: If you use on-demand dialing, use none, if, dev, diald or exec, since
-ping or query will send packets in the specified interval and the interface
-will thus frequently dial!
-
-ping_timeout=number;
-Sets the timeout for the ping test in tenths of seconds (this unit is used for
-legacy reasons; actually the current implementation is only accurate to a
-second).
-The default is 600 (one minute).
-
-ping_ip=string;
-The IP address for the ping test. The default is the IP of the name server.
-
-query_test_name=string;
-New in version 1.2.9: Sets the name to be queried when using uptest=query
-availability test. If the string is the unquoted constant none, an empty query
-is used (this the default), otherwise a query of type A will be sent for the
-domain name specified here. It is not necessary for the domain name to exist or
-have a record of type A in order for the uptest to succeed.
-If the the remote server ignores empty queries, you will probably want to set
-query_test_name="." (the root domain).
-
-uptest_cmd=string,string;
-or
-uptest_cmd=string;
-Sets the command for the uptest=exec function to the first string. If the
-second string is given, it specifies a user with whose user id and primary
-group id the command is executed.
-This is especially useful if you are executing the server as root, but do not
-want the uptest to be performed with root privileges. In fact, you should never
-execute the uptest as root if you can help it.
-If the server is running setuid or setgid, the privileges thus gained are
-attempted to be dropped even before changing identity to the specified user to
-prevent setuid/gid security holes (otherwise, any user might execute commands
-as root if you setuid the executable).
-Note that this is not always possible, and that pdnsd should never be installed
-as setuid or setgid. The command is executed using /bin/sh, so you should be
-able to use shell builtin commands.
-
-interval=(timespec|onquery|ontimeout);
-Sets the interval for the server up-test. The default is 900 seconds; however,
-a test is forced when a query times out and the timestamp is reset then.
-If you specify onquery instead of a timeout, the interface will be tested
-before every query. This is to prevent automatically dialing interfaces (diald/
-pppd or ippp) to dial on dns queries. It is intended to be used in connection
-with an interface-testing uptest ;-)
-Note that using uptest=exec, you might run into performance problems on slow
-machines when you use that option. DON'T use onquery with uptest=ping or uptest
-=query, as it may cause delays if the server does not answer (btw, it doesn't
-make sense anyway). Note also that using onquery is no guarantee that the
-interface will not be used. When another (reachable) dns server tells pdnsd to
-query a third dns server for data, pdnsd will do that and has no means of
-checking whether this will dial up the interface or not. This however should be
-a rare situation.
-New in version 1.2.3: A third possibility is to specify interval=ontimeout. In
-this case the server is not tested at startup/reconfiguration, nor at regular
-intervals, but only after a DNS query to a server times out. Certain types of
-network problems such as a refused connection will also cause the server to be
-considered unavailable. However, once a server is declared dead it is never
-considered again unless it is revived using a pdnsd-ctl config or server
-command. The idea behind this option is to minimize uptests by assuming all
-servers are available until there is reason to believe otherwise.
-
-interface=string;
-The network interface (or network device, e.g. "eth0") for the uptest=if
-option. Must be specified if uptest=if is given.
-
-device=string;
-The (modem-) device that is used for the dev uptest. If you use this for a
-dial-on-demand ppp uptest (together with uptest=dev), you need to enter the
-device you are using for your pppd here, e.g. modem for /dev/modem.
-Must be specified if uptest=dev is given.
-
-timeout=timespec;
-Set the timeout for the dns query. The default is 120 seconds. You probably
-want to set this lower.
-Timeouts specified in the configuration file are only treated as the minimum
-period of time to wait for a reply. A queries to a remote server are not
-canceled until a useful reply has been received, or all the other queries have
-timed out or failed.
-If you have also set the global timeout option, you may consider setting a
-fairly small value here. See the explanation of the timeout option in the
-global section for what that means.
-
-purge_cache=(on|off);
-In every fetched dns record, there is a cache timeout given, which specifies
-how long the fetched data may be cached until it needs to be reloaded. If
-purge_cache is set to off, the stale records are not purged (unless the cache
-size would be exceeded, in this case the oldest records are purged). Instead,
-they are still served if they cannot succesfully be updated (e.g. because all
-servers are down).
-Default is off.
-
-caching=(on|off);
-Specifies if caching shall be performed for this server at all. Default is on.
-
-lean_query=(on|off);
-Specifies whether to use the "lean" query mode. In this mode, only the
-information actually queried from pdnsd is resolved and cached. This has the
-advantage that usually less cache space is used and the query is usually
-faster. In 90% of the cases, only address (A) records are needed anyway. If
-switched off, pdnsd will always cache all data about a host it can find and
-will specifically ask for all available records (well, at least it is a good
-approximation for what it really does ;-) This will of course increase the
-answer packet sizes.
-Some buggy name servers may not deliver CNAME records when not asked for all
-records. I do not know if such servers are around, but if you have trouble
-resolving certain host names, try turning this option off.
-A last note: If you use multiple pdnsd's that access each other, turning this
-option on is probably a big win.
-This on by default.
-
-edns_query=(on|off);
-New in version 1.2.9: Specifies whether to use EDNS (Extension mechanisms for
-DNS) for outgoing queries. Currently this is only useful for allowing UDP
-message sizes larger than 512 bytes. Note that setting this option on can give
-problems in combination with some legacy systems or software, including,
-embarrassingly enough, previous versions of pdnsd.
-The default is off, but if your network can handle UDP payloads significantly
-larger than 512 bytes, the recommended value is on.
-Note that this option only effects outgoing queries. If pdnsd receives a query
-using EDNS, it will reply using EDNS regardless of the value of this option.
-See also the udpbufsize option above.
-
-scheme=string;
-You can specify a pcmcia-cs scheme that is used in addition to the uptests. If
-you specify a scheme here, the server this section is for will only be queries
-if the given scheme is active. Shell wildcards (* and ?) are allowed in the
-string under their special meanings. You need to use the scheme_file option on
-the global section to make this option work.
-
-preset=(on|off);
-This allows you to specify the initial state of a server before any uptest is
-performed. on specifies that the server is regarded available. The default is
-on. This is especially useful when you set uptest=none; and want to change the
-status of a server only via pdnsd-ctl.
-
-proxy_only=(on|off);
-When this option is set to on, answers given by the servers are always
-accepted, and no other servers (as, for example, specified in the NS records of
-the query domain) are queried. If you do not turn this option on, pdnsd will do
-such queries in some cases (in particular when processing ANY queries).
-This option is useful when you do not want pdnsd to make connections to outside
-servers for some reasons (e.g. when a firewall is blocking such queries).
-I recommend that you turn on lean_query when using this option.
-Default is off.
-
-root_server=(on|off|discover);
-Set this option to on if the servers specified in a section are root servers. A
-root server will typically only give the name servers for the top-level domain
-in its reply. Setting root_server=on will cause pdnsd to try to use cached
-information about top-level domains to reduce to number of queries to root
-servers, making the resolving of new names more efficient. You can get a list
-of available root servers by running the command "dig . ns".
-This option is also necessary if you use the delegation_only option.
-New in version 1.2.8: This option may also be set to "discover". This will
-cause pdnsd to query the servers provided with the ip= option to obtain the
-full list of root servers. The root-server addresses will replace the addresses
-specified with the ip= option. This will only be done once on startup, or after
-a "pdnsd-ctl config" command. In this case the name servers specified with the
-ip= option don't have to be root servers, they just have to know the names and
-addresses of the root servers. After root-server discovery pdnsd will behave
-just as if root_server=on had been specified.
-Default is off.
-
-randomize_servers=(on|off);
-New in version 1.2.6: Set this option to on to give each name server in this
-section an equal chance of being queried. If this option is off, the name
-servers are always queried starting with the first one specified. Even with
-this option on, the query order is not truly random. Only the first server is
-selected randomly; the following ones are queried in consecutive order,
-wrapping around to the beginning of the list when the end is reached. Note that
-this option only effects the order within a section. The servers in the first
-(active) section are always queried before those in the second one, etc.
-The default is off, but if you are resolving from root servers setting this
-option on is highly recommended. If root_server=on this option also effects the
-query order of the name servers for the top-level domains.
-
-reject=string;
-New in version 1.2.6: This option can be used to make pdnsd reject replies that
-contain certain IP addresses. You can specify a single IP address, which will
-be matched exactly, or a range of addresses using an address/mask pair. The
-mask can be specified as a simple integer, indicating the number of initial 1
-bits in the mask, or in the usual IP address notation. IP addresses may be
-either IPv4 or IPv6 (provided there is sufficient support in the C libraries
-and support for AAAA records was not disabled). When addresses in the reject
-list are compared with those in a reply, only the bits corresponding to those
-set in the netmask are significant, the rest are ignored.
-Multiple addresses or address/mask pairs may be specified; this can be done by
-entering multiple lines of the form reject=string; or a single line like this:
-
-reject=string,string,string;
-
-How pdnsd reacts when an address in the reply matches one in the reject list,
-depends on the reject_policy option, see below.
-
-reject_policy=(fail|negate);
-New in version 1.2.6: This option determines what pdnsd does when an address in
-the reply from a name server matches the reject list (see above). If this
-option is set to fail, pdnsd will try another server, or, if there no more
-servers to try, return the answer SERVFAIL. If this option is set to negate,
-pdnsd will immediately return the answer NXDOMAIN (unknown domain) without
-querying additional servers. The fail setting is useful if you don't always
-trust the servers in this section, but do trust the servers in the following
-section. The negate setting can be used to completely censor certain IP
-addresses. In this case you should put the same reject list in every server
-section, and also set the reject_recursively option (see below) to true.
-The default is fail.
-
-reject_recursively=(on|off);
-New in version 1.2.6: Normally pdnsd checks for addresses in the reject list
-(see above) only when the reply comes directly from a name server listed in the
-configuration file. With this option set to on, pdnsd will also do this check
-for name servers that where obtained from NS records in the authority section
-of a previous reply (which was incomplete and non-authoritative).
-Default is off.
-
-policy=(included|excluded|simple_only|fqdn_only);
-pdnsd supports inclusion/exclusion lists for server sections: with include= and
-exclude= (see below) you can specify domain names for which this server will be
-used or will not be used. The first match counts (i.e., the first include or
-exclude rule in a server section that matches a domain name is applied, and the
-search for other rules is terminated). If no rule matched a given domain name,
-the policy= option determines whether this server is used for the lookup for
-that domain name; when included is given, the server will be asked, and when
-excluded is given, it will not. If simple_only is given the server will be used
-if the name to lookup is a simple (single-label) domain name, on the other hand
-if fqdn_only is given the server will be used only for names consisting of two
-or more labels (i.e. the name has at least one dot in-between).
-If no server is available for a queried domain, pdnsd will return an error
-message to the client that usually will stop the client's attempts to resolve a
-specific domain from this server (the libc resolver will e.g. return an error
-to the application that tried to resolve the domain if no other servers are
-available in the resolv.conf). This may be of use sometimes.
-Note: the simple_only and fqdn_only constants were added by Paul Rombouts. They
-are useful for controlling which name servers (if any) will be used by pdnsd
-for resolving simple (single-label) host names. fqdn_only used to stand for
-"fully qualified domain name only", but this is actually a misnomer. The names
-in queries received by pdnsd are always considered to be fully qualified. If
-you do not exactly understand what the options simple_only and fqdn_only are
-good for, you are probably better off not using them.
-The default for this option is included.
-
-include=string;
-This option adds an entry to the exclusion/inclusion list. If a domain matches
-the name given as string, the server is queried if this was the first matching
-rule (see also the entry for policy).
-If the given name starts with a dot, the whole subdomain of the given name
-including the one of that name is matched, e.g. ".foo.bar." will match the
-domain names a.foo.bar., a.b.c.foo.bar. and foo.bar.
-If it does not start in a dot, only exactly the given name (ignoring the case,
-of course) will be matched (hint: if you want to include all subdomains, but
-not the domain of the given name itself, place an exact-match exclude rule
-before the include rule, e.g: exclude="foo.bar."; include=".foo.bar.";
-Previous versions of pdnsd required that names given with this and the next
-option ended in a dot, but since version 1.1.8b1-par8, pdnsd automatically adds
-a dot at the end if it is missing.
-pdnsd now also accepts a more compact notation for adding several "include"
-entries in one line, e.g.:
-
-include=".foo",".bar",".my.dom";
-
-exclude=string;
-This option adds an entry to the exclusion/inclusion list. If a domain matches
-the name given as string, the server is not queried if this was the first
-matching rule (see also the entry for policy).
-If the given name starts with a dot, the whole subdomain of the given name
-including the one of that name is matched, e.g. ".foo.bar." will match the
-domain names a.foo.bar., a.b.c.foo.bar. and foo.bar.
-If it does not start in a dot, only exactly the given name (ignoring the case,
-of course) will be matched (hint: if you want to exclude all subdomains, but
-not the domain of the given name itself, place an exact-match include rule
-before the exclude rule, e.g: include="foo.bar."; exclude=".foo.bar.";
-pdnsd now also accepts a more compact notation for adding several "exclude"
-entries in one line, e.g.:
-
-exclude=".foo",".bar",".my.dom";
-
-
-2.1.3 rr Section
-
-Every rr section specifies a dns resource record that is stored locally. It
-allows you to specify own dns records that are served by pdnsd in a limited
-way. Only A, PTR, CNAME, MX, NS and SOA records are implemented.
-This option is intended to allow you to define RRs for 1.0.0.127.in-addr.arpa.
-and localhost. (and perhaps even one or two hosts) without having to start an
-extra named if your cached name servers do not serve those records. It is NOT
-intended and not capable to work as a full-featured name server.
-
-
-name=string;
-Specifies the name of the resource records, i.e. the domain name of the
-resource the record describes. This option must be specified before any a, ptr,
-cname, mx, ns or soa records. Names are interpreted as absolute domain names
-(i.e. pdnsd assumes they end in the root domain). For this and all following
-arguments that take domain names, you need to specify domain names in dotted
-notation (example venera.isi.edu.).
-Previous versions of pdnsd required that domain names given in the
-configuration file ended in a dot, but since version 1.1.8b1-par8, pdnsd
-automatically assumes a dot at the end if it is missing.
-New in version 1.2: It is also possible to specify a name starting with the
-label *. Such a name is called a wildcard. The * in a wildcard can match one or
-more labels in a queried name, but only whole labels. Any other * characters in
-a wildcard, apart from the leading one, will only match a literal *.
-For example, *.mydomain will match a.mydomain or www.a.mydomain, but not
-mydomain. *.a*.mydomain will match www.a*.mydomain, but not www.ab.mydomain.
-*a.mydomain will only match itself.
-Before you can specify an rr section with name=*.mydomain you must define some
-records for mydomain, typically NS and/or SOA records. Example:
-
- rr {
- name = mydomain;
- ns = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
- rr {
- name = *.mydomain;
- a = 192.168.1.10;
- }
-
-In this example, www.mydomain and ftp.mydomain will resolve to the numeric
-address 192.168.1.10 (unless you add rr sections explicitly specifying
-different addresses for www.mydomain or ftp.mydomain). If you want mydomain
-also to resolve to a numeric address, add an A record to the first rr section.
-
-ttl=timespec;
-Specifies the ttl (time to live) for all resource records in this section after
-this entry. This may be redefined. The default is 86400 seconds (=1 day).
-
-authrec=(on|off);
-If this is turned on, pdnsd will create authoritative local records for this rr
-section. This means that pdnsd flags the domain record so that records of this
-domain that are not present in the cache are treated as non-existent, i.e. no
-other servers are queried for that record type, and an response containing none
-of those records is returned. This is most time what people want: if you add an
-A record for a host, and it has no AAAA record (thus no IPv6 address), you
-normally don't want other name servers to be queried for it.
-This is on by default.
-Please note that this only has an effect if it precedes the name option!
-
-reverse=(on|off);
-New in version 1.2: If you want a locally defined name to resolve to a numeric
-address and vice versa, you can achieve this by setting reverse=on before
-defining the A record (see below). The alternative is to define a separate PTR
-record, but you will probably find this option much more convenient.
-The default is off.
-
-a=string;
-Defines an A (host address) record. The argument is an IPv4 address in dotted
-notation. pdnsd will serve this address for the host name given in the name
-option.
-Provided there is sufficient support in the C libraries and support for AAAA
-records was not disabled, the argument string may also be an IPv6 address, in
-which case an AAAA record will be defined.
-This option be may used multiple times within an rr section, causing multiple
-addresses to be defined for the name. However, if you put the different
-addresses in different rr sections for the same name, the definition in the
-last rr section will cancel the definitions in the previous ones.
-
-ptr=string;
-Defines a PTR (domain name pointer) record. The argument is a host name in
-dotted notation (see name). The ptr record is for resolving adresses into
-names. For example, if you want the adress 127.0.0.1 to resolve into localhost,
-and localhost into 127.0.0.1, you need something like the following sections:
-
- rr {
- name = localhost;
- a = 127.0.0.1;
- owner = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
- rr {
- name = 1.0.0.127.in-addr.arpa;
- ptr = localhost;
- owner = localhost;
- soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
- }
-
-The second section is for reverse resolving and uses the ptr option. Note that
-you can get the same effect by specifying only the first rr section with
-reverse=on.
-There is something special about the name in the second section: when a
-resolver wants to get a host name from an internet address, it composes an
-address that is built of the IP address in reverse byte order (1.0.0.127
-instead of 127.0.0.1) where each byte of the adress written as number
-constitutes a sub-domain under the domain in-addr.arpa.
-So, if you want to compose an adress for reverse resolving, take your ip in
-dotted notation (e.g. 1.2.3.4), reverse the byte order (4.3.2.1) and append
-in-addr.arpa. (4.3.2.1.in-addr.arpa.) Then, define an rr section giving this
-address as name and the domain name corresponding to that ip in the ptr option.
-
-cname=string;
-Defines a CNAME (canonical name) record. The argument should be a
-fully-qualified host name in dotted notation (see name). A CNAME is the DNS
-equivalent of an alias or symbolic link.
-A useful application for CNAMEs is giving short, easy to remember nicknames to
-hosts with complicated names. For example, you might want the name "news" to
-refer to your ISP's news server "nntp2.myisp.com". Instead of adding an A
-record for "news" with the same address as "nntp2.myisp.com", you could put in
-a CNAME pointing to "nntp2.myisp.com", so that if the IP address of the news
-server changes, there is no need to update the record for "news".
-To implement this with pdnsd, you could add the following section to your
-configuration file:
-
- rr {
- name = news;
- cname = nntp2.myisp.com;
- owner = localhost;
- }
-
-mx=string,number;
-Defines an MX (mail exchange) record. The string is the host name of the mail
-server in dotted notation (see name). The number specifies the preference
-level.
-When you send mail to someone, your mail typically goes from your E-mail client
-to an SMTP server. The SMTP server then checks for the MX record of the domain
-in the E-mail address. For example, with joe@example.com, it would look for the
-MX record for example.com and find that the name of mail server for that domain
-is, say, mail.example.com. The SMTP server then gets the A record for
-mail.example.com, and connects to the mail server.
-If there are multiple MX records, the SMTP server will pick one based on the
-preference level (starting with the lowest preference number, working its way
-up).
-Don't define MX records with pdnsd unless you know what you're doing.
-
-owner=string;
-or
-ns=string;
-Defines an NS (name server) record. Specifies the name of the host which should
-be authoritative for the records you defined in the rr section. This is
-typically the host pdnsd runs on.
-Note: In previous versions of pdnsd this option had to be specified before any
-a, ptr, cname, mx or soa entries. In version 1.2, the restrictions on this
-option are same as the options just mentioned, and it must listed after the
-name= option. This can be a pain if you want to use an old config file which
-specifies owner= before name= (sorry about that). Apart from greater
-consistency, the advantage is that you can now specify as many NS records as
-you like (including zero).
-
-soa=string,string,number,timespec,timespec,timespec,timespec;
-This defines a soa (start of authority) record. The first string is the domain
-name of the server and should be equal to the name you specified as owner.
-The second string specifies the email address of the maintainer of the name
-server. It is also specified as a domain name, so you will have to replace the
-@ sign in the name with a dot (.) to get the name you have to specify here. The
-next parameter (the first number) is the serial number of the record. You
-should increment this number if you change the record.
-The 4th parameter is the refresh timeout. It specifies after what amount of
-time a caching server should attempt to refresh the cached record.
-The 5th parameter specifies a time after which a caching server should attempt
-to refresh the record after a refresh failure.
-The 6th parameter defines the timeout after which a cached record expires if it
-has not been refreshed.
-The 7th parameter is the ttl that is specified in every rr and should be the
-same as given with the ttl option (if you do not specify a ttl, use the default
-86400).
-
-txt=string,...,string;
-New in version 1.2.9: Defines an TXT record. You can specify one or more
-strings here.
-
-
-2.1.4 neg Section
-
-Every neg section specifies a dns resource record or a dns domain that should
-be cached negatively locally. Queries for negatively cached records are always
-answered immediatley with an error or an empty answer without querying other
-hosts as long as the record is valid. The records defined with neg sections
-remain valid until they are explicitely invalidated or deleted by the user
-using pdnsd-ctl.
-This is useful if a certain application asks periodically for nonexisting hosts
-or RR types and you do not want a query to go out every time the cached record
-has timed out. Example: Netscape Communicator will ask for the servers news and
-mail on startup if unconfigured. If you do not have a dns search list for your
-network, you can inhibit outgoing queries for these by specifying
-
- neg {
- name = news;
- types = domain;
- }
- neg {
- name = mail;
- types = domain;
- }
-
-in your config file. If you have a search list, you have to repeat that for any
-entry in your search list in addition to the entries given above!
-In versions 1.1.11 and later, if you negate whole domains this way, all
-subdomains will be negated as well. Thus if you specify
-neg {name=example.com; types=domain;} in the config file, this will also negate
-www.example.com, xxx.adserver.example.com, etc.
-
-
-name=string;
-Specifies the name of the domain for which negative cache entries are created.
-This option must be specified before the types option. Names are interpreted as
-absolute domain names (i.e. pdnsd assumes they end in the root domain). You
-need to specify domain names in dotted notation (example venera.isi.edu.).
-Previous versions of pdnsd required that domain names given in the
-configuration file ended in a dot, but since version 1.1.8b1-par8, pdnsd
-automatically assumes a dot at the end if it is missing.
-
-ttl=timespec;
-Specifies the ttl (time to live) for all resource records in this section after
-this entry. This may be redefined. The default is 86400 seconds (=1 day).
-
-types=(domain|rr_type[,rr_type[,rr_type[,...]]]);
-Specifies what is to be cached negatively: domain will cache the whole domain
-negatively; alternatively, you can specify a comma-separated list of RR types
-which are to be cached negatively. You may specify multiple types options, but
-domain and the RR types are mutually exclusive.
-The RR types are specified using their official names from the RFC's in
-capitals, e.g. A, CNAME, NS, PTR, MX, AAAA, ...
-The command pdnsd-ctl list-rrtypes will give you a complete list of those
-types. pdnsd-ctl is built along with pdnsd and will be installed in the same
-directory as the pdnsd binary during make install.
-
-
-2.1.5 source Section
-
-Every source section allows you to let pdnsd read the records from a file in an
-/etc/hosts-like format. pdnsd will generate records to resolve the entries
-address from its host name and vice versa for every entry in the file. This is
-normally easier than defining an rr for every of your addresses, since
-localhost and your other FQDNs are normally given in /etc/hosts.
-The accepted format is as follows: The #-sign initiates a comment, the rest of
-the line from the first occurence of this character on is ignored. Empty lines
-are tolerated.
-The first entry on a line (predeceded by an arbitrary number of tabs and
-spaces) is the IP in dotted notation, the second entry on one line (separated
-by the first by an arbitrary number of tabs and spaces) is the FQDN (fully
-qualified domain name) for that ip. The rest of the line is ignored by default
-(in the original /etc/hosts, it may contain information not needed by pdnsd).
-
-
-owner=string;
-Specifies the name of the host pdnsd runs on and that are specified in dns
-answers (specifically, nameserver records). Must be specified before any file
-entries.
-Names are interpreted as absolute domain names (i.e. pdnsd assumes they end in
-the root domain). You need to specify domain names in dotted notation (example
-venera.isi.edu.).
-Previous versions of pdnsd required that domain names given in the
-configuration file ended in a dot, but since version 1.1.8b1-par8, pdnsd
-automatically assumes a dot at the end if it is missing.
-
-ttl=timespec;
-Specifies the ttl (time to live) for all resource records in this section after
-this entry. This may be redefined. The default is 86400 seconds (=1 day).
-
-file=string;
-The string specifies a file name. For every file entry in a source section,
-pdnsd will try to load the given file as described above. Failure is indicated
-only when the file cannot be opened, malformed entries will be ignored.
-
-serve_aliases=(on|off);
-If this is turned on pdnsd will serve the aliases given in a hosts-style file.
-These are the third entry in a line of a hosts-style file, which usually give a
-"short name" for the host. This may be used to support broken clients without a
-proper domain-search option. If no aliases are given in a line of the file,
-pdnsd behaves as without this option for this line.
-This feature was suggested by Bert Frederiks.
-It is off by default.
-
-authrec=(on|off);
-If this is turned on, pdnsd will create authoritative local records with the
-data from the hosts file. Please see the description of the option of the same
-name in the rr section for a closer description of what this means. Please note
-that this only has an effect for files sourced with file options subsequent to
-this option.
-This is on by default.
-
-
-2.1.6 include Section
-
-A configuration file may include other configuration files. However, only the
-top-level configuration file may contain global and server sections, thus
-include files are effectively limited to sections that add local definitions to
-the cache.
-Include sections currently only have one type of option, which may be given
-multiple times within a single section.
-
-
-file=string;
-The string specifies a file name. For every file option in an include section,
-pdnsd will parse the given file as described above. The file may contain
-include sections itself, but as a precaution pdnsd checks that a certain
-maximum depth is not exceeded to guard against the possibility of infinite
-recursion.
-
-
-3 pdnsd-ctl
-
-pdnsd-ctl allows you to configure pdnsd at run time. To make this work, you
-have to start pdnsd with the -s option (or use the status_ctl option in the
-config file). You also should make sure that you have appropriate permissions
-on the control socket (use the ctl_perms option to make this sure) and of your
-pdnsd cache directory (pdnsd keeps its socket there). Please make sure the
-pdnsd cache directory is not writeable for untrusted users!
-
-pdnsd-ctl accepts two command-line options starting with a dash.
--c may be used to specify the cache directory (and takes this as argument). The
-default for this setting is the pdnsd default cache directory (specified at
-compile time). The cache directory for pdnsd-ctl must be the same pdnsd uses!
--q can be used to make the output of pdnsd-ctl less verbose.
-
-The following table lists the commands that pdnsd-ctl supports. The command
-must always be the first command-line option (not starting with a dash), the
-arguments to the command must follow in the given order.
-In the following table, keywords are in a normal font, while placeholders are
-in italics.
-Alternatives are specified like (alt1|alt2|alt3). Optional arguments are placed
-between square brackets [].
-
-Command Arguments Description
-
-help Print a command summary.
-
-version Print version and license info.
-
-status Print a description of pdnsd's cache status, thread status
- and configuration. Also shows which remote name servers
- are assumed to be available.
-
-server (index|label) (up| Set the status of the server with the given index or label
- down|retest) [dns1[, (where the given label matches the one given with the
- dns2[,...]]] label option in the respective server section in the
- config file) to up or down, or force a retest. The index
- is assigned in the order of definition in pdnsd.conf
- starting with 0. Use the status command to view the
- indices and labels. You can specify all instead of an
- index or label to perform the action for all servers
- registered with pdnsd. Example:
- pdnsd-ctl server 0 retest
- An optional third argument consisting of a list of IP
- addresses (separated by commas or white-space characters)
- can be given. This list will replace the previous list of
- addresses of name servers used by pdnsd in the specified
- section of the config file. For example in the /etc/ppp/
- ip-up script called by pppd you could place the following
- line:
- pdnsd-ctl server isplabel up $DNS1,$DNS2
- If white space is used to separate addresses the list will
- have to be quoted. Spurious commas and white-space
- characters are ignored. The last argument may also be an
- empty string, in which case the existing IP addresses are
- removed and the corresponding server section becomes
- inactive.
-
-record name (delete| Delete or invalidate the records of the given domain name
- invalidate) if it is in the cache. Invalidation means that the records
- are marked as timed out, and will be reloaded if possible
- (if purge_cache is set to on, they will be deleted in any
- case).
- For local records (i.e., records that were given in the
- config file using a rr section, records read from a
- hosts-style file and records added using pdnsd-ctl),
- invalidation has no effect. Deletion will work, though.
- Example:
- pdnsd-ctl record localhost. delete
-
-source fn owner [ttl] [(on Load a hosts-style file. Works like using the pdnsd source
- |off)] [noauth] configuration section. owner and ttl are used as in the
- source section. ttl has a default of 900 (it does not need
- to be specified). The next to last argument corresponds to
- the serve_aliases option, and is off by default (i.e. if
- it is not specified). noauth is used to make the domains
- non-authoritative - please see the description of the
- authrec config file options for a description of what that
- means. fn is the filename. The file must be readable by
- pdnsd! Example:
- pdnsd-ctl source /etc/hosts localhost. 900 off
-
-add a addr name [ttl]
- [noauth]
- Add a record of the given type to the pdnsd cache,
- replacing existing records for the same name and type. The
-add aaaa addr name [ttl 2nd argument corresponds to the value of the option in the
- ] [noauth] rr section that is named like the first argument: a is a
- record for hostname-to-address mapping, aaaa is the same
- thing for IPv6 addresses, and ptr is for
-add ptr host name [ttl] address-to-hostname mapping. See the documentation for the
- [noauth] rr section for more details. In case of A and AAAA
- records, the addr argument may be a list of IP addresses,
- separated by commas or white space, causing multiple
-add cname host name [ addresses to be defined for the same name. The ttl is
- ttl] [noauth] optional, the default is 900 seconds. noauth is used to
- make the domains non-authoritative - please see the
- description of the authrec config file options for a
-add mx host name pref description of what that means. If you want no other
- [ttl] [noauth] record than the newly added in the cache, do
- pdnsd-ctl record name delete before adding records. This
- is also better when overwriting local records. Example:
-add ns host name [ttl] pdnsd-ctl add a 127.0.0.1 localhost. 900
- [noauth]
-
-
-neg name [type] [ttl] Add a negatively cached record to pdnsd's cache, replacing
- existing records for the same name and type. If no type is
- given, the whole domain is cached negatively. For
- negatively cached records, errors are immediately returned
- on a query, without querying other servers first. The ttl
- is optional, the default is 900 seconds.
- You can get a list of all types you can pass to this
- command using pdnsd-ctl list-rrtypes. The type is treated
- case-sensitive! Example:
- pdnsd-ctl neg foo.bar A 900
- pdnsd-ctl neg foo.baz 900
-
-config [filename] Reload pdnsd's configuration file.
- The config file must be owned by the uid that pdnsd had
- when it was started, and be readable by pdnsd's run_as
- uid. If no file name is specified, the config file used at
- start-up is reloaded.
- Note that some configuration changes, like the port or IP
- address pdnsd listens on, cannot be made this way and you
- will receive an error message. In these cases, you will
- have to restart pdnsd instead.
-
-include filename Parse the given file as an include file, see the
- documentation on include sections for a description what
- this file may contain.
- This command is useful for adding definitions to the cache
- without reconfiguring pdnsd.
-
-eval string Parse the given string as if it were part of pdnsd's
- configuration file. The string should hold one or more
- complete configuration sections. However, global and
- server sections are not allowed, just as in include files.
- If multiple strings are given, they will be joined using
- newline chars and parsed together.
- This command is useful for adding records interactively to
- the cache that cannot be defined using the "pdnsd-ctl add"
- command, (e.g. soa records).
-
-empty-cache [[+|-]name ...] If no arguments are provided, the cache will be completely
- emptied, freeing all existing entries. Note that this also
- removes local records, as defined by the config file. To
- restore local records, run "pdnsd-ctl config" or
- "pdnsd-ctl include filename" immediately afterwards.
- The "pdnsd-ctl empty-cache" command now accepts additional
- arguments; these are interpreted as include/exclude names.
- If an argument starts with a '+' the name will be
- included. If an argument starts with a '-' it will be
- excluded. If an argument does not begin with '+' or '-', a
- '+' is assumed. If the domain name of a cache entry ends
- in one of the names in the list, the first match will
- determine what happens. If the matching name is to be
- included, the cache entry is deleted, otherwise not. If
- there are no matches, the default action is not to delete.
- Note that if you want to delete exactly one name and no
- others, you should use "pdnsd-ctl record name delete",
- this is also much more efficient.
- Examples:
- pdnsd-ctl empty-cache
- This command will remove all cache entries.
-
- pdnsd-ctl empty-cache microsoft.com msft.net
- This will remove all entries ending in microsoft.com or
- msft.net.
-
- pdnsd-ctl empty-cache -localdomain -168.192.in-addr.arpa .
- This will remove all entries except those ending in
- localdomain or 168.192.in-addr.arpa. Note that '.' is the
- root domain which matches any domain name.
-
-dump [name] Print information stored in the cache about name. If name
- begins with a dot and is not the root domain, information
- about the names in the cache ending in name (including
- name without the leading dot) will be printed. If name is
- not specified, information about all the names in the
- cache will be printed.
- For each RR record the time and date that this record has
- been added to the cache will be printed in the form mm/dd
- HH:MM:SS (locally defined records are printed without a
- time stamp). After that the type of record is printed with
- the data. For the more common types of RR records the data
- will be printed in human readable form, the remaining ones
- in a hexadecimal representation.
- This command is mainly useful for diagnostic purposes.
- Note that if you pipe the output of this command through
- an application that reads only part of the output and then
- blocks (such as more or less), pdnsd will not be able to
- add new entries to the cache until the pipe is closed. It
- is preferable to capture the output in a file in such a
- case.
-
-list-rrtypes List available rr types for the neg command. Note that
- those are only used for the neg command, not for add!
-
-
-
-4 contrib/
-
-The contrib directory in the pdnsd distribution contains useful
-user-contributed scripts.
-So far, there are scripts contributed by Marko Stolle and Paul Rombouts that
-make pdnsd usable in a DHCP setup. Please take a look into the README file in
-the contrib directory for further information.
-
-
-5 Problems...
-
-If you have problems with configuring or running pdnsd, be sure to read the FAQ
-. If this does not help you, pdnsd crashes or you find bugs, please mail one of
-the authors.
-Note added by Paul A. Rombouts: Thomas Moestl no longer maintains the code. I
-have revised the code and added new features. See README.par and the ChangeLog
-in the source directory (or /usr/share/doc/pdnsd- if you have
-installed a binary package) for more details. If you have questions about my
-modifications, you can find my email address at the end of README.par.
-
-
-6 Hacking
-
-Here comes some information you might find useful for hacking pdnsd.
-
-6.1 Source files
-
-Makefile.am, autoconf/automake/autoheader scripts. Makefile.am's are in
-configure.in, most subdirectories.
-acconfig.h
-
-pdnsd.spec.in A template from which configure generates a spec file for
- building rpm's for various distributions.
-
-version Contains only the program version string. Needed for
- several templates.
-
-src/rc/* rc (start-up) scripts for various linux distributions.
-
- The pdnsd cache subsystem(s) as defined in src/cache.h.
-src/cache.c This is the "traditional" pdnsd system which keeps the
- cache in memory and uses hash tables for accesses. Sourav
- K. Mandal is working on a system using gdbm.
-
-src/pdnsd-ctl/* Contains the code for pdnsd-ctl, a program that allows you
- to control pdnsd at run time.
-
- The lex/flex source file for the config file lexer. This is
-src/conf-lex.l.in a template because there might be inserted "%option
- yylineno" for proper flex support. (obsolete, superseded by
- src/conf-parser.c)
-
- This is automatically generated by configure from
-src/conf-lex.l conf-lex.l.in. It may be overwritten in any make, so never
- modify this, but conf-lex.l.in instead! (obsolete,
- superseded by src/conf-parser.c)
-
-src/conf-parse.y The yacc/bison source of the config file parser. (obsolete,
- superseded by src/conf-parser.c)
-
-src/conf-parser.c, The config file parser written purely in C (versions
-src/conf-parser.h, 1.1.10-par and later).
-src/conf-keywords.h
-
-src/conff.c, src/ The configuration handler functions and their prototypes.
-conff.h The parser is called from here.
-
-src/consts.h Some constants used by the parser, config file handler
- functions and in the server status thread, among others.
-
- Define dns message structures, constants, and some common
-src/dns.c, src/dns.h dns data handlers. dns.h contains gcc-specific code (in
- praticular, "__attribute__((packed))").
-
-src/dns_answer.c, Define functions that answer incoming dns queries.
-src/dns_answer.h
-
-src/dns_query.c, src Define functions to manage outgoing dns queries.
-/dns_query.h
-
-src/error.c, src/ Functions for error output to stderr or the syslog, and
-error.h debug output to stderr or pdnsd.debug.
-
-src/hash.c, src/ Contains the code for storing and looking up cache entries
-hash.h in the hash table.
-
-src/helpers.c, src/ Define miscellaneous helper functions.
-helpers.h
-
-src/icmp.c, src/ Define a function for performing a ping test. This contains
-icmp.h OS-specific code.
-
-src/main.c Contains main(), which holds the command line parser,
- performs initialisations and signal handling.
-
- Contains the code for the executable make_hashconvtable,
-src/ which is only run once, during build time, to generate the
-make_hashconvtable.c file hashconvtable.h, used by src/hash.c (versions
- 1.1.10-par and later). (obsolete since version 1.2)
-
- A perl script for generating src/rr_types.h, a C header
-src/ file containing macro definitions and tables needed for
-make_rr_types_h.pl handling the RR types known to pdnsd, from the text file
- src/rr_types.in.
-
-src/rr_types.c, src/ These define tables and macros needed for handling the RR
-rr_types.h, src/ types known to pdnsd. Since version 1.2.9, rr_types.h is an
-rr_types.in automatically generated file, see make_rr_types_h.pl.
-
-src/netdev.c, src/ Define functions for network device handling. OS-specific.
-netdev.h
-
-src/servers.c, src/ Define functions for the server status thread that performs
-servers.h the periodical uptests.
-
-src/status.c, src/ Define functions for the status control thread. This is
-status.h pdnsd's interface to pdnsd-ctl.
-
-
--------------------------------------------------------------------------------
-
-Copyright (C) 2000, 2001 Thomas Moestl
-Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2012 Paul A. Rombouts
-
-Last revised: 19 April 2012 by Paul A. Rombouts
-
diff --git a/jsocksAndroid/build.gradle b/jsocksAndroid/build.gradle
new file mode 100644
index 00000000..f2901a84
--- /dev/null
+++ b/jsocksAndroid/build.gradle
@@ -0,0 +1,18 @@
+apply plugin: 'com.android.library'
+
+android {
+ compileSdkVersion 23
+ buildToolsVersion "23.0.2"
+
+ defaultConfig {
+ minSdkVersion 8
+ targetSdkVersion 21
+ }
+
+ buildTypes {
+ release {
+ minifyEnabled false
+ proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
+ }
+ }
+}
diff --git a/jsocksAndroid/src/main/AndroidManifest.xml b/jsocksAndroid/src/main/AndroidManifest.xml
new file mode 100644
index 00000000..7351fd23
--- /dev/null
+++ b/jsocksAndroid/src/main/AndroidManifest.xml
@@ -0,0 +1,11 @@
+
+
+
+
+
+
diff --git a/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/main/SOCKS.java b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/main/SOCKS.java
new file mode 100644
index 00000000..9174c7ea
--- /dev/null
+++ b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/main/SOCKS.java
@@ -0,0 +1,267 @@
+package com.runjva.sourceforge.jsocks.main;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.Hashtable;
+import java.util.Properties;
+import java.util.StringTokenizer;
+
+import android.util.Log;
+
+import com.runjva.sourceforge.jsocks.protocol.InetRange;
+import com.runjva.sourceforge.jsocks.protocol.ProxyServer;
+import com.runjva.sourceforge.jsocks.protocol.SocksProxyBase;
+import com.runjva.sourceforge.jsocks.server.IdentAuthenticator;
+
+public class SOCKS {
+
+ private static final int DEFAULT_LISTENING_PORT = 1080;
+
+ static public void usage() {
+ System.out.println("Usage: java SOCKS [inifile1 inifile2 ...]\n"
+ + "If none inifile is given, uses socks.properties.\n");
+ }
+
+ static public void main(String[] args) {
+
+ String[] file_names;
+ int port = DEFAULT_LISTENING_PORT;
+ String logFile = null;
+ String host = null;
+
+ final IdentAuthenticator auth = new IdentAuthenticator();
+
+ InetAddress localIP = null;
+
+ if (args.length == 0) {
+ file_names = new String[] { "socks.properties" };
+ } else {
+ file_names = args;
+ }
+
+ inform("Loading properties");
+ for (int i = 0; i < file_names.length; ++i) {
+
+ inform("Reading file " + file_names[i]);
+
+ final Properties pr = loadProperties(file_names[i]);
+ if (pr == null) {
+ System.err.println("Loading of properties from "
+ + file_names[i] + "failed.");
+ usage();
+ return;
+ }
+ if (!addAuth(auth, pr)) {
+ System.err.println("Error in file " + file_names[i] + ".");
+ usage();
+ return;
+ }
+ // First file should contain all global settings,
+ // like port and host and log.
+ if (i == 0) {
+ final String port_s = (String) pr.get("port");
+ if (port_s != null) {
+ try {
+ port = Integer.parseInt(port_s);
+ } catch (final NumberFormatException nfe) {
+ System.err.println("Can't parse port: " + port_s);
+ return;
+ }
+ }
+
+ serverInit(pr);
+ logFile = (String) pr.get("log");
+ host = (String) pr.get("host");
+ }
+
+ // inform("Props:"+pr);
+ }
+
+ if (logFile != null) {
+ System.err.println("log property not supported anymore.");
+ }
+ if (host != null) {
+ try {
+ localIP = InetAddress.getByName(host);
+ } catch (final UnknownHostException uhe) {
+ System.err.println("Can't resolve local ip: " + host);
+ return;
+ }
+ }
+
+ inform("Using Ident Authentication scheme: " + auth);
+ final ProxyServer server = new ProxyServer(auth);
+ server.start(port, 5, localIP);
+ }
+
+ static Properties loadProperties(String file_name) {
+
+ final Properties pr = new Properties();
+
+ try {
+ final InputStream fin = new FileInputStream(file_name);
+ pr.load(fin);
+ fin.close();
+ } catch (final IOException ioe) {
+ return null;
+ }
+ return pr;
+ }
+
+ static boolean addAuth(IdentAuthenticator ident, Properties pr) {
+
+ InetRange irange;
+
+ final String range = (String) pr.get("range");
+ if (range == null) {
+ return false;
+ }
+ irange = parseInetRange(range);
+
+ final String users = (String) pr.get("users");
+
+ if (users == null) {
+ ident.add(irange, null);
+ return true;
+ }
+
+ final Hashtable uhash = new Hashtable();
+
+ final StringTokenizer st = new StringTokenizer(users, ";");
+ while (st.hasMoreTokens()) {
+ uhash.put(st.nextToken(), "");
+ }
+
+ ident.add(irange, uhash);
+ return true;
+ }
+
+ /**
+ * Does server initialisation.
+ */
+ static void serverInit(Properties props) {
+ int val;
+ val = readInt(props, "iddleTimeout");
+ if (val >= 0) {
+ ProxyServer.setIddleTimeout(val);
+ inform("Setting iddle timeout to " + val + " ms.");
+ }
+ val = readInt(props, "acceptTimeout");
+ if (val >= 0) {
+ ProxyServer.setAcceptTimeout(val);
+ inform("Setting accept timeout to " + val + " ms.");
+ }
+ val = readInt(props, "udpTimeout");
+ if (val >= 0) {
+ ProxyServer.setUDPTimeout(val);
+ inform("Setting udp timeout to " + val + " ms.");
+ }
+
+ val = readInt(props, "datagramSize");
+ if (val >= 0) {
+ ProxyServer.setDatagramSize(val);
+ inform("Setting datagram size to " + val + " bytes.");
+ }
+
+ proxyInit(props);
+
+ }
+
+ /**
+ * Initialises proxy, if any specified.
+ */
+ static void proxyInit(Properties props) {
+ String proxy_list;
+ SocksProxyBase proxy = null;
+ StringTokenizer st;
+
+ proxy_list = (String) props.get("proxy");
+ if (proxy_list == null) {
+ return;
+ }
+
+ st = new StringTokenizer(proxy_list, ";");
+ while (st.hasMoreTokens()) {
+ final String proxy_entry = st.nextToken();
+
+ final SocksProxyBase p = SocksProxyBase.parseProxy(proxy_entry);
+
+ if (p == null) {
+ exit("Can't parse proxy entry:" + proxy_entry);
+ }
+
+ inform("Adding Proxy:" + p);
+
+ if (proxy != null) {
+ p.setChainProxy(proxy);
+ }
+
+ proxy = p;
+
+ }
+ if (proxy == null) {
+ return; // Empty list
+ }
+
+ final String direct_hosts = (String) props.get("directHosts");
+ if (direct_hosts != null) {
+ final InetRange ir = parseInetRange(direct_hosts);
+ inform("Setting direct hosts:" + ir);
+ proxy.setDirect(ir);
+ }
+
+ ProxyServer.setProxy(proxy);
+ }
+
+ /**
+ * Inits range from the string of semicolon separated ranges.
+ */
+ static InetRange parseInetRange(String source) {
+ final InetRange irange = new InetRange();
+
+ final StringTokenizer st = new StringTokenizer(source, ";");
+ while (st.hasMoreTokens()) {
+ irange.add(st.nextToken());
+ }
+
+ return irange;
+ }
+
+ /**
+ * Integer representaion of the property named name, or -1 if one is not
+ * found.
+ */
+ static int readInt(Properties props, String name) {
+ int result = -1;
+ final String val = (String) props.get(name);
+ if (val == null) {
+ return -1;
+ }
+ final StringTokenizer st = new StringTokenizer(val);
+ if (!st.hasMoreElements()) {
+ return -1;
+ }
+ try {
+ result = Integer.parseInt(st.nextToken());
+ } catch (final NumberFormatException nfe) {
+ inform("Bad value for " + name + ":" + val);
+ }
+ return result;
+ }
+
+ // Display functions
+ // /////////////////
+
+ static void inform(String s) {
+ Log.i("SOCKS",s);
+ }
+
+ static void exit(String msg) {
+ System.err.println("Error:" + msg);
+ System.err.println("Aborting operation");
+ System.exit(0);
+ }
+}
diff --git a/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/Authentication.java b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/Authentication.java
new file mode 100644
index 00000000..7bc58d9d
--- /dev/null
+++ b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/Authentication.java
@@ -0,0 +1,35 @@
+package com.runjva.sourceforge.jsocks.protocol;
+
+/**
+ * The Authentication interface provides for performing method specific
+ * authentication for SOCKS5 connections.
+ */
+public interface Authentication {
+ /**
+ * This method is called when SOCKS5 server have selected a particular
+ * authentication method, for whch an implementaion have been registered.
+ *
+ *
+ * This method should return an array {inputstream,outputstream
+ * [,UDPEncapsulation]}. The reason for that is that SOCKS5 protocol allows
+ * to have method specific encapsulation of data on the socket for purposes
+ * of integrity or security. And this encapsulation should be performed by
+ * those streams returned from the method. It is also possible to
+ * encapsulate datagrams. If authentication method supports such
+ * encapsulation an instance of the UDPEncapsulation interface should be
+ * returned as third element of the array, otherwise either null should be
+ * returned as third element, or array should contain only 2 elements.
+ *
+ * @param methodId
+ * Authentication method selected by the server.
+ * @param proxySocket
+ * Socket used to conect to the proxy.
+ * @return Two or three element array containing Input/Output streams which
+ * should be used on this connection. Third argument is optional and
+ * should contain an instance of UDPEncapsulation. It should be
+ * provided if the authentication method used requires any
+ * encapsulation to be done on the datagrams.
+ */
+ Object[] doSocksAuthentication(int methodId, java.net.Socket proxySocket)
+ throws java.io.IOException;
+}
diff --git a/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/AuthenticationNone.java b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/AuthenticationNone.java
new file mode 100644
index 00000000..e6821545
--- /dev/null
+++ b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/AuthenticationNone.java
@@ -0,0 +1,22 @@
+package com.runjva.sourceforge.jsocks.protocol;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+
+/**
+ * SOCKS5 none authentication. Dummy class does almost nothing.
+ */
+public class AuthenticationNone implements Authentication {
+
+ public Object[] doSocksAuthentication(final int methodId,
+ final java.net.Socket proxySocket) throws java.io.IOException {
+
+ if (methodId != 0) {
+ return null;
+ }
+
+ InputStream in = proxySocket.getInputStream();
+ OutputStream out = proxySocket.getOutputStream();
+ return new Object[] { in, out };
+ }
+}
diff --git a/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/InetRange.java b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/InetRange.java
new file mode 100644
index 00000000..fae13587
--- /dev/null
+++ b/jsocksAndroid/src/main/java/com/runjva/sourceforge/jsocks/protocol/InetRange.java
@@ -0,0 +1,492 @@
+package com.runjva.sourceforge.jsocks.protocol;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+/**
+ * Class InetRange provides the means of defining the range of inetaddresses.
+ * It's used by Proxy class to store and look up addresses of machines, that
+ * should be contacted directly rather then through the proxy.
+ *
+ * InetRange provides several methods to add either standalone addresses, or
+ * ranges (e.g. 100.200.300.0:100.200.300.255, which covers all addresses on on
+ * someones local network). It also provides methods for checking wether given
+ * address is in this range. Any number of ranges and standalone addresses can
+ * be added to the range.
+ */
+public class InetRange implements Cloneable {
+
+ Hashtable host_names;
+ Vector