mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-13 02:51:50 +00:00
Code Issues Releases Wiki Activity
openmptcprouter-feeds/shadowsocks-rust/files/shadowsocks-rust.init

495 lines
16 KiB
Text
Raw Normal View History

Add Shadowsocks-rust
2023-09-29 12:59:32 +00:00
#!/bin/sh /etc/rc.common
#
# Copyright (C) 2017-2019 Yousong Zhou <yszhou4tech@gmail.com>
# Copyright (C) 2019-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
USE_PROCD=1
EXTRA_COMMANDS="rules_up rules_down rules_exist"
START=91
ss_confdir=/var/etc/shadowsocks-rust
ss_bindir=/usr/bin
ss_mkjson_server_conf() {
local cfgserver
config_get cfgserver "$cfg" server
[ -n "$cfgserver" ] || return 1
eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
validate_server_section "$cfgserver" || return 1
[ "$disabled" = 0 ] || return 1
ss_mkjson_server_conf_ "$cfgserver"
}
ss_mkjson_server_conf_() {
[ -n "$server_port" ] || return 1
[ -z "$method" ] || json_add_string method "$method"
[ -z "$server" ] || json_add_string server "$server"
json_add_int server_port "$server_port"
[ -z "$password" ] || {
#password="$(echo $password | sed 's/+/-/g; s/\//_/g;')"
json_add_string password "$password"
}
[ -z "$password" ] && return 1
[ -z "$plugin" ] || json_add_string plugin "$plugin"
[ -z "$plugin_opts" ] || json_add_string plugin_opts "$plugin_opts"
if [ "$obfs" = 1 ]; then
if [ "$obfs_plugin" = "obfs" ]; then
obfs_options="obfs=$obfs_type"
[ -z "$obfs_host" ] || obfs_options="$obfs_options;obfs-host=$obfs_host"
[ -z "$obfs_uri" ] || obfs_options="$obfs_options;obfs-uri=$obfs_uri"
[ "$fast_open" = 1 ] && obfs_options="$obfs_options;fast-open"
[ "$mptcp" = 1 ] && obfs_options="$obfs_options;mptcp"
[ -z "$timeout" ] || obfs_options="$obfs_options;t=$timeout"
json_add_string plugin "/usr/bin/obfs-local"
json_add_string plugin_opts "$obfs_options"
fi
if [ "$obfs_plugin" = "v2ray" ]; then
obfs_options="loglevel=default"
[ "$obfs_type" = "tls" ] && obfs_options="tls"
[ -z "$obfs_host" ] || obfs_options="$obfs_options;host=$obfs_host"
[ -z "$obfs_uri" ] || obfs_options="$obfs_options;path=$obfs_uri"
[ "$fast_open" = 1 ] && obfs_options="$obfs_options;fast-open"
json_add_string plugin "/usr/bin/v2ray-plugin"
json_add_string plugin_opts "$obfs_options"
fi
fi
}
ss_mkjson_ss_local_conf() {
ss_mkjson_server_conf
}
ss_mkjson_ss_redir_conf() {
ss_mkjson_server_conf
}
ss_mkjson_ss_server_conf() {
ss_mkjson_server_conf_
}
ss_mkjson_ss_tunnel_conf() {
ss_mkjson_server_conf || return 1
[ -n "$tunnel_address" ] || return 1
json_add_string tunnel_address "$tunnel_address"
}
ss_xxx() {
local cfg="$1"
local cfgtype="$2"
local bin="$ss_bindir/sslocal"
local confjson="$ss_confdir/$cfgtype.$cfg.json"
[ -x "$bin" ] || return
eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
"validate_${cfgtype}_section" "$cfg" || return
[ "$disabled" = 0 ] || return
json_init
ss_mkjson_${cfgtype}_conf || return
json_add_boolean use_syslog 1
json_add_boolean ipv6_first "$ipv6_first"
json_add_boolean fast_open "$fast_open"
json_add_boolean reuse_port "$reuse_port"
json_add_boolean no_delay "$no_delay"
json_add_boolean mptcp "$mptcp"
[ "$cfgtype" != "ss_local" ] && json_add_string protocol "${cfgtype/ss_/}"
[ -z "$local_address" ] || json_add_string local_address "$local_address"
[ -z "$local_port" ] || json_add_int local_port "$local_port"
[ -z "$mode" ] || json_add_string mode "$mode"
[ -z "$mtu" ] || json_add_int mtu "$mtu"
[ -z "$timeout" ] || json_add_int timeout "$timeout"
[ -z "$user" ] || json_add_string user "$user"
json_dump -i >"$confjson"
procd_open_instance "$cfgtype.$cfg"
procd_set_param command "$bin" -c "$confjson"
[ "$verbose" = 0 ] || procd_append_param command -v
[ -z "$bind_address" ] || procd_append_param command -b "$bind_address"
procd_set_param file "$confjson"
procd_set_param limits nofile="512000 512000"
procd_set_param respawn
procd_close_instance
ss_rules_cb
}
ss_rules_restart() {
local cfg="$1"
local cfgtype="$2"
eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
"validate_${cfgtype}_section" "$cfg" || return 1
ss_rules_cb
}
ss_rules_cb() {
local cfgserver server
if [ "$cfgtype" = ss_redir ]; then
config_get cfgserver "$cfg" server
config_get server "$cfgserver" server
ss_redir_servers="$ss_redir_servers $server"
if [ "$mode" = "tcp_only" -o "$mode" = "tcp_and_udp" ]; then
eval "ss_rules_redir_tcp_$cfg=$local_port"
eval "ss_rules6_redir_tcp_$cfg=$local_port"
fi
if [ "$mode" = "udp_only" -o "$mode" = "tcp_and_udp" ]; then
eval "ss_rules_redir_udp_$cfg=$local_port"
eval "ss_rules6_redir_udp_$cfg=$local_port"
fi
fi
}
ss_redir_ports() {
port=$(uci -q get shadowsocks-rust.$1.local_port)
server=$(uci -q get shadowsocks-rust.$1.server)
disabled=$(uci -q get shadowsocks-rust.$1.disabled)
if [ "$disabled" != "1" ] && ([ "$server" = "$2" ] || [ "$2" = "" ]); then
if [ "$port" -lt "$min_ss_redir_ports" ]; then
min_ss_redir_ports=$port
fi
if [ "$port" -gt "$max_ss_redir_ports" ]; then
max_ss_redir_ports=$port
fi
fi
}
ss_rules() {
local cfg="$1"
local bin="$ss_bindir/ssr-rules"
local bin6="$ss_bindir/ssr-rules6"
local cfgtype
local cfgrulesserver
local local_port_tcp local_port_udp
local local_port_tcp6 local_port_udp6
local args
local rule_name
if [ "$cfg" = "ss_rules" ]; then
rule_name="def"
else
rule_name="$(echo $cfg | sed 's/_rule//' | cut -c -7)"
fi
[ -x "$bin" ] || return 1
#"$bin" -f
[ -x "$bin6" ] || return 1
#"$bin6" -f
config_get cfgtype "$cfg" TYPE
[ "$cfgtype" = ss_rules ] || return 1
config_get cfgrulesserver "$cfg" server
eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
validate_ss_rules_section "$cfg" || return 1
[ "$disabled" != "1" ] || return 0
[ "$(uci -q get shadowsocks-rust.${cfgrulesserver}.disabled)" != "1" ] || return 0
if [ "$ss_rules_redir_tcp_$redir_tcp" = "all" ]; then
min_ss_redir_ports="65535"
max_ss_redir_ports="0"
config_load shadowsocks-rust
config_foreach ss_redir_ports ss_redir $cfgrulesserver
if [ "$min_ss_redir_ports" != "$max_ss_redir_ports" ]; then
all_ss_redir_ports=$min_ss_redir_ports-$max_ss_redir_ports
else
all_ss_redir_ports=$min_ss_redir_ports
fi
local_port_tcp="$all_ss_redir_ports"
if [ "$ss_rules_redir_udp_$redir_udp" = "all" ] || [ "$ss_rules_redir_udp_$redir_udp" = "hi1" ]; then
local_port_udp="$min_ss_redir_ports"
fi
#eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
local_port_tcp6="$all_ss_redir_ports"
if [ "$ss_rules_redir_udp_$redir_udp" = "all" ] || [ "$ss_rules_redir_udp_$redir_udp" = "hi1" ]; then
local_port_udp6="$min_ss_redir_ports"
fi
#eval local_port_udp6="\$ss_rules6_redir_udp_$redir_udp"
else
eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
eval local_port_tcp6="\$ss_rules6_redir_tcp_$redir_tcp"
eval local_port_udp6="\$ss_rules6_redir_udp_$redir_udp"
fi
[ -n "$local_port_tcp" -o -n "$local_port_udp" ] || return 1
ss_redir_servers4="$(echo "$ss_redir_servers" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u)"
ss_redir_servers6="$(echo "$ss_redir_servers" | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}' | sort -u)"
[ -z "$ss_redir_servers4" ] && [ -z "$ss_redir_servers6" ] && {
ss_redir_servers4="$ss_redir_servers"
ss_redir_servers6="$ss_redir_servers"
}
#ss_redir_servers="$(echo "$ss_redir_servers" | tr ' ' '\n' | sort -u)"
dst_ips_bypass4="$(echo "$dst_ips_bypass" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u)"
dst_ips_forward4="$(echo "$dst_ips_forward" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u)"
src_ips_bypass4="$(echo "$src_ips_bypass" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u)"
src_ips_forward4="$(echo "$src_ips_forward" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u)"
src_ips_checkdst4="$(echo "$src_ips_checkdst" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u)"
dst_ips_bypass6="$(echo "$dst_ips_bypass" | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}' | sort -u)"
dst_ips_forward6="$(echo "$dst_ips_forward" | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}' | sort -u)"
src_ips_bypass6="$(echo "$src_ips_bypass" | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}' | sort -u)"
src_ips_forward6="$(echo "$src_ips_forward" | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}' | sort -u)"
src_ips_checkdst6="$(echo "$src_ips_checkdst" | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}' | sort -u)"
[ -z "$dst_ips_bypass4" ] && [ -z "$dst_ips_bypass6" ] && {
dst_ips_bypass4="$dst_ips_bypass"
dst_ips_bypass6="$dst_ips_bypass"
}
[ -z "$dst_ips_forward4" ] && [ -z "$dst_ips_forward6" ] && {
dst_ips_forward4="$dst_ips_forward"
dst_ips_forward6="$dst_ips_forward"
}
[ -z "$src_ips_bypass4" ] && [ -z "$src_ips_bypass6" ] && {
src_ips_bypass4="$src_ips_bypass"
src_ips_bypass6="$src_ips_bypass"
}
[ -z "$src_ips_forward4" ] && [ -z "$src_ips_forward6" ] && {
src_ips_forward4="$src_ips_forward"
src_ips_forward6="$src_ips_forward"
}
[ -z "$src_ips_checkdst4" ] && [ -z "$src_ips_checkdst6" ] && {
src_ips_checkdst4="$src_ips_checkdst"
src_ips_checkdst6="$src_ips_checkdst"
}
[ "$dst_forward_recentrst" = 0 ] || args="$args --dst-forward-recentrst"
ss_rules_call
ss_rules_call6
}
ss_rules_call() {
"$bin" "$@" \
-s "$ss_redir_servers4" \
${local_port_tcp:+-l "$local_port_tcp"} \
${local_port_udp:+-L "$local_port_udp"} \
${src_default:+--src-default "$src_default"} \
${dst_default:+--dst-default "$dst_default"} \
${local_default:+--local-default "$local_default"} \
${dst_ips_bypass_file:+--dst-bypass-file "$dst_ips_bypass_file"} \
${dst_ips_forward_file:+--dst-forward-file "$dst_ips_forward_file"} \
${dst_ips_bypass4:+--dst-bypass "$dst_ips_bypass4"} \
${dst_ips_forward4:+--dst-forward "$dst_ips_forward4"} \
${src_ips_bypass4:+--src-bypass "$src_ips_bypass4"} \
${src_ips_forward4:+--src-forward "$src_ips_forward4"} \
${src_ips_checkdst4:+--src-checkdst "$src_ips_checkdst4"} \
${ifnames:+--ifnames "$ifnames"} \
${ipt_args:+--ipt-extra "$ipt_args"} \
${cfg:+--rule-name "$rule_name"} \
$args \
|| "$bin" "$@" -f
}
ss_rules_call6() {
"$bin6" "$@" \
-s "$ss_redir_servers6" \
${local_port_tcp:+-l "$local_port_tcp6"} \
${local_port_udp:+-L "$local_port_udp6"} \
${src_default:+--src-default "$src_default"} \
${dst_default:+--dst-default "$dst_default"} \
${local_default:+--local-default "$local_default"} \
${dst_ips_bypass_file:+--dst-bypass-file "$dst_ips_bypass_file"} \
${dst_ips_forward_file:+--dst-forward-file "$dst_ips_forward_file"} \
${dst_ips_bypass6:+--dst-bypass "$dst_ips_bypass6"} \
${dst_ips_forward6:+--dst-forward "$dst_ips_forward6"} \
${src_ips_bypass6:+--src-bypass "$src_ips_bypass6"} \
${src_ips_forward6:+--src-forward "$src_ips_forward6"} \
${src_ips_checkdst6:+--src-checkdst "$src_ips_checkdst6"} \
${ifnames:+--ifnames "$ifnames"} \
${ipt_args:+--ipt-extra "$ipt_args"} \
${cfg:+--rule-name "$rule_name"} \
$args \
|| "$bin6" "$@" -f
}
start_service() {
local cfgtype
mkdir -p "$ss_confdir"
config_load shadowsocks-rust
for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
config_foreach ss_xxx "$cfgtype" "$cfgtype"
done
# Add rule to match traffic marked by firewall for bypass
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
rules_up
[ -f /etc/firewall.gre-tunnel ] && sh /etc/firewall.gre-tunnel > /dev/null 2>&1
}
stop_service() {
rules_down
rm -rf "$ss_confdir"
}
reload_service() {
restart "$@"
}
rules_exist() {
[ -n "$(iptables-save 2>/dev/null | grep 'A ssr')" ] && return 0
return 1
}
server_state() {
config_get disabled "$1" disabled "0"
[ "$disabled" = "0" ] && enabled="1"
config_get password "$1" password
[ -n "$password" ] && passkey=$password
}
rules_up() {
rules_exist && {
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
return 0
}
[ "$(uci -q get shadowsocks-rust.ss_rules.disabled)" = "1" ] && return 0
enabled="0"
passkey=""
config_load shadowsocks-rust
config_foreach server_state server
[ "$enabled" = "0" ] && return
[ -z "$passkey" ] && return
logger -t "Shadowsocks-rust" "Rules UP"
for cfgtype in ss_redir; do
config_foreach ss_rules_restart "$cfgtype" "$cfgtype"
done
config_foreach ss_rules ss_rules
[ -z "$(iptables-save 2>/dev/null | grep :ssr)" ] && logger -t "Shadowsocks-rust" "Rules not applied"
[ -f /etc/init.d/omr-bypass ] && [ -z "$(pgrep -f omr-bypass)" ] && {
logger -t "Shadowsocks-rust" "Reload omr-bypass rules"
/etc/init.d/omr-bypass reload_rules
}
[ -f /bin/blocklanfw ] && /bin/blocklanfw 2>&1 >/dev/null
}
rules_down() {
rules_exist || return 0
logger -t "Shadowsocks-rust" "Rules DOWN"
local bin="$ss_bindir/ssr-rules"
[ -x "$bin" ] && {
"$bin" -f >/dev/null 2>&1
}
local bin6="$ss_bindir/ssr-rules6"
[ -x "$bin6" ] && {
"$bin6" -f >/dev/null 2>&1
}
}
service_triggers() {
procd_add_reload_interface_trigger wan*
procd_add_reload_trigger shadowsocks-rust
procd_open_validate
validate_server_section
validate_ss_local_section
validate_ss_redir_section
validate_ss_rules_section
validate_ss_server_section
validate_ss_tunnel_section
procd_close_validate
}
ss_validate_mklocal() {
local tuple opts
shift 2
for tuple in "$@"; do
opts="${tuple%%:*} $opts"
done
[ -z "$opts" ] || echo "local $opts"
}
ss_validate() {
uci_validate_section shadowsocks-rust "$@"
}
validate_common_server_options_() {
local cfgtype="$1"; shift
local cfg="$1"; shift
local func="$1"; shift
local stream_methods='"none", "plain", "chacha20-ietf-poly1305"'
local aead_methods='"aes-128-gcm", "aes-256-gcm","2022-blake3-aes-128-gcm", "2022-blake3-aes-256-gcm", "chacha20-ietf-poly1305", "2022-blake3-chacha20-poly1305","2022-blake3-chacha8-poly1305"'
"${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
'disabled:bool:0' \
'server:host' \
'server_port:port' \
'password:string' \
"method:or($stream_methods, $aead_methods)" \
'plugin:string' \
'plugin_opts:string' \
'obfs:bool:0' \
'obfs_plugin:or("v2ray","obfs"):v2ray' \
'obfs_type:or("http","tls"):http'
}
validate_common_client_options_() {
validate_common_options_ "$@" \
'server:uci("shadowsocks-rust", "@server")' \
'local_address:host:0.0.0.0' \
'local_port:port'
}
validate_common_options_() {
local cfgtype="$1"; shift
local cfg="$1"; shift
local func="$1"; shift
"${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
'disabled:bool:0' \
'fast_open:bool:0' \
'ipv6_first:bool:0' \
'no_delay:bool:0' \
'mptcp:bool:0' \
'reuse_port:bool:0' \
'verbose:bool:0' \
'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
'mtu:uinteger' \
'timeout:uinteger' \
'user:string'
}
validate_server_section() {
validate_common_server_options_ server "$1" "$2"
}
validate_ss_local_section() {
validate_common_client_options_ ss_local "$1" "$2"
}
validate_ss_redir_section() {
validate_common_client_options_ ss_redir "$1" "$2"
}
validate_ss_rules_section() {
"${2:-ss_validate}" ss_rules "$1" \
'disabled:bool:0' \
'redir_tcp:or(uci("shadowsocks-rust", "@ss_redir"),"all")' \
'redir_udp:or(uci("shadowsocks-rust", "@ss_redir"),"all")' \
'src_ips_bypass:or(ipaddr,cidr)' \
'src_ips_forward:or(ipaddr,cidr)' \
'src_ips_checkdst:or(ipaddr,cidr)' \
'dst_ips_bypass_file:file' \
'dst_ips_bypass:or(ipaddr,cidr)' \
'dst_ips_forward_file:file' \
'dst_ips_forward:or(ipaddr,cidr)' \
'src_default:or("bypass", "forward", "checkdst"):checkdst' \
'dst_default:or("bypass", "forward"):bypass' \
'local_default:or("bypass", "forward", "checkdst"):bypass' \
'dst_forward_recentrst:bool:0' \
'ifnames:maxlength(15)' \
'ipt_args:string'
}
validate_ss_server_section() {
validate_common_server_options_ ss_server "$1" \
validate_common_options_ \
"$2" \
'bind_address:ipaddr'
}
validate_ss_tunnel_section() {
validate_common_client_options_ ss_tunnel "$1" \
"$2" \
'tunnel_address:regex(".+\:[0-9]+")'
}
Reference in a new issue Copy permalink