You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

314 lines
7.8 KiB

  1. #!/bin/sh /etc/rc.common
  2. #
  3. # Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
  4. #
  5. # This is free software, licensed under the GNU General Public License v3.
  6. # See /LICENSE for more information.
  7. #
  8. USE_PROCD=1
  9. START=99
  10. ss_confdir=/var/etc/shadowsocks-libev
  11. ss_bindir=/usr/bin
  12. q='"'
  13. ss_mkjson() {
  14. echo "{" >"$confjson"
  15. if ss_mkjson_ "$@" >>$confjson; then
  16. sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson"
  17. echo "}" >>"$confjson"
  18. else
  19. rm -f "$confjson"
  20. return 1
  21. fi
  22. }
  23. ss_mkjson_() {
  24. local func
  25. for func in "$@"; do
  26. "$func" || return 1
  27. done
  28. }
  29. ss_mkjson_server_conf() {
  30. local cfgserver
  31. config_get cfgserver "$cfg" server
  32. [ -n "$cfgserver" ] || return 1
  33. eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
  34. validate_server_section "$cfgserver" || return 1
  35. [ "$disabled" = 0 ] || return 1
  36. ss_mkjson_server_conf_ "$cfgserver"
  37. }
  38. ss_mkjson_server_conf_() {
  39. [ -n "$server_port" ] || return 1
  40. password="${password//\"/\\\"}"
  41. cat <<-EOF
  42. ${server:+${q}server${q}: ${q}$server${q},}
  43. "server_port": $server_port,
  44. ${method:+${q}method${q}: ${q}$method${q},}
  45. ${key:+${q}key${q}: ${q}$key${q},}
  46. ${password:+${q}password${q}: ${q}$password${q},}
  47. EOF
  48. }
  49. ss_mkjson_common_conf() {
  50. [ "$ipv6_first" = 0 ] && ipv6_first=false || ipv6_first=true
  51. [ "$fast_open" = 0 ] && fast_open=false || fast_open=true
  52. [ "$reuse_port" = 0 ] && reuse_port=false || reuse_port=true
  53. cat <<-EOF
  54. "use_syslog": true,
  55. "ipv6_first": $ipv6_first,
  56. "fast_open": $fast_open,
  57. "reuse_port": $reuse_port,
  58. ${local_address:+${q}local_address${q}: ${q}$local_address${q},}
  59. ${local_port:+${q}local_port${q}: $local_port,}
  60. ${mode:+${q}mode${q}: ${q}$mode${q},}
  61. ${mtu:+${q}mtu${q}: $mtu,}
  62. ${timeout:+${q}timeout${q}: $timeout,}
  63. ${user:+${q}user${q}: ${q}$user${q},}
  64. EOF
  65. }
  66. ss_mkjson_ss_local_conf() {
  67. ss_mkjson_server_conf
  68. }
  69. ss_mkjson_ss_redir_conf() {
  70. ss_mkjson_server_conf
  71. }
  72. ss_mkjson_ss_server_conf() {
  73. ss_mkjson_server_conf_
  74. }
  75. ss_mkjson_ss_tunnel_conf() {
  76. ss_mkjson_server_conf || return 1
  77. [ -n "$tunnel_address" ] || return 1
  78. cat <<-EOF
  79. ${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},}
  80. EOF
  81. }
  82. ss_xxx() {
  83. local cfg="$1"
  84. local cfgtype="$2"
  85. local bin="$ss_bindir/${cfgtype/_/-}"
  86. local confjson="$ss_confdir/$cfgtype.$cfg.json"
  87. [ -x "$bin" ] || return
  88. eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
  89. "validate_${cfgtype}_section" "$cfg" || return 1
  90. [ "$disabled" = 0 ] || return
  91. if ss_mkjson \
  92. ss_mkjson_common_conf \
  93. ss_mkjson_${cfgtype}_conf \
  94. ; then
  95. procd_open_instance "$cfgtype.$cfg"
  96. procd_set_param command "$bin" -c "$confjson"
  97. [ "$verbose" = 0 ] || procd_append_param command -v
  98. [ "$no_delay" = 0 ] || procd_append_param command --no-delay
  99. [ -z "$bind_address" ] || procd_append_param command -b "$bind_address"
  100. procd_set_param file "$confjson"
  101. procd_set_param respawn
  102. procd_close_instance
  103. ss_rules_cb
  104. fi
  105. }
  106. ss_rules_cb() {
  107. local cfgserver server
  108. if [ "$cfgtype" = ss_redir ]; then
  109. config_get cfgserver "$cfg" server
  110. config_get server "$cfgserver" server
  111. ss_redir_servers="$ss_redir_servers $server"
  112. if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
  113. eval "ss_rules_redir_tcp_$cfg=$local_port"
  114. fi
  115. if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
  116. eval "ss_rules_redir_udp_$cfg=$local_port"
  117. fi
  118. fi
  119. }
  120. ss_rules() {
  121. local cfg="ss_rules"
  122. local bin="$ss_bindir/ss-rules"
  123. local cfgtype
  124. local local_port_tcp local_port_udp
  125. local args
  126. [ -x "$bin" ] || return 1
  127. config_get cfgtype "$cfg" TYPE
  128. [ "$cfgtype" = ss_rules ] || return 1
  129. eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
  130. validate_ss_rules_section "$cfg" || return 1
  131. [ "$disabled" = 0 ] || return 1
  132. eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
  133. eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
  134. [ -n "$local_port_tcp" -o -n "$local_port_udp" ] || return 1
  135. ss_redir_servers="$(echo "$ss_redir_servers" | tr ' ' '\n' | sort -u)"
  136. [ "$dst_forward_recentrst" = 0 ] || args="$args --dst-forward-recentrst"
  137. ss_rules_call
  138. ss_rules_call -6
  139. }
  140. ss_rules_call() {
  141. "$bin" "$@" \
  142. -s "$ss_redir_servers" \
  143. -l "$local_port_tcp" \
  144. -L "$local_port_udp" \
  145. --src-default "$src_default" \
  146. --dst-default "$dst_default" \
  147. --local-default "$local_default" \
  148. --dst-bypass-file "$dst_ips_bypass_file" \
  149. --dst-forward-file "$dst_ips_forward_file" \
  150. --dst-bypass "$dst_ips_bypass" \
  151. --dst-forward "$dst_ips_forward" \
  152. --src-bypass "$src_ips_bypass" \
  153. --src-forward "$src_ips_forward" \
  154. --src-checkdst "$src_ips_checkdst" \
  155. --ifnames "$ifnames" \
  156. --ipt-extra "$ipt_args" \
  157. $args \
  158. || "$bin" "$@" -f
  159. }
  160. start_service() {
  161. local cfgtype
  162. mkdir -p "$ss_confdir"
  163. config_load shadowsocks-libev
  164. for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
  165. config_foreach ss_xxx "$cfgtype" "$cfgtype"
  166. done
  167. ss_rules
  168. }
  169. stop_service() {
  170. local bin="$ss_bindir/ss-rules"
  171. [ -x "$bin" ] && "$bin" -f
  172. rm -rf "$ss_confdir"
  173. }
  174. service_triggers() {
  175. procd_add_reload_interface_trigger wan
  176. procd_add_reload_trigger shadowsocks-libev
  177. procd_open_validate
  178. validate_server_section
  179. validate_ss_local_section
  180. validate_ss_redir_section
  181. validate_ss_rules_section
  182. validate_ss_server_section
  183. validate_ss_tunnel_section
  184. procd_close_validate
  185. }
  186. ss_validate_mklocal() {
  187. local tuple opts
  188. shift 2
  189. for tuple in "$@"; do
  190. opts="${tuple%%:*} $opts"
  191. done
  192. [ -z "$opts" ] || echo "local $opts"
  193. }
  194. ss_validate() {
  195. uci_validate_section shadowsocks-libev "$@"
  196. }
  197. validate_common_server_options_() {
  198. local cfgtype="$1"; shift
  199. local cfg="$1"; shift
  200. local func="$1"; shift
  201. local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
  202. local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305"'
  203. "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
  204. 'disabled:bool:0' \
  205. 'server:host' \
  206. 'server_port:port' \
  207. 'password:string' \
  208. 'key:string' \
  209. "method:or($stream_methods, $aead_methods)"
  210. }
  211. validate_common_client_options_() {
  212. validate_common_options_ "$@" \
  213. 'server:uci("shadowsocks-libev", "@server")' \
  214. 'local_address:host:0.0.0.0' \
  215. 'local_port:port'
  216. }
  217. validate_common_options_() {
  218. local cfgtype="$1"; shift
  219. local cfg="$1"; shift
  220. local func="$1"; shift
  221. "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
  222. 'disabled:bool:0' \
  223. 'fast_open:bool:0' \
  224. 'ipv6_first:bool:0' \
  225. 'no_delay:bool:0' \
  226. 'reuse_port:bool:0' \
  227. 'verbose:bool:0' \
  228. 'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
  229. 'mtu:uinteger' \
  230. 'timeout:uinteger' \
  231. 'user:string'
  232. }
  233. validate_server_section() {
  234. validate_common_server_options_ server "$1" "$2"
  235. }
  236. validate_ss_local_section() {
  237. validate_common_client_options_ ss_local "$1" "$2"
  238. }
  239. validate_ss_redir_section() {
  240. validate_common_client_options_ ss_redir "$1" "$2"
  241. }
  242. validate_ss_rules_section() {
  243. "${2:-ss_validate}" ss_rules "$1" \
  244. 'disabled:bool:0' \
  245. 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
  246. 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
  247. 'src_ips_bypass:or(ipaddr,cidr)' \
  248. 'src_ips_forward:or(ipaddr,cidr)' \
  249. 'src_ips_checkdst:or(ipaddr,cidr)' \
  250. 'dst_ips_bypass_file:file' \
  251. 'dst_ips_bypass:or(ipaddr,cidr)' \
  252. 'dst_ips_forward_file:file' \
  253. 'dst_ips_forward:or(ipaddr,cidr)' \
  254. 'src_default:or("bypass", "forward", "checkdst"):checkdst' \
  255. 'dst_default:or("bypass", "forward"):bypass' \
  256. 'local_default:or("bypass", "forward", "checkdst"):bypass' \
  257. 'dst_forward_recentrst:bool:0' \
  258. 'ifnames:maxlength(15)' \
  259. 'ipt_args:string'
  260. }
  261. validate_ss_server_section() {
  262. validate_common_server_options_ ss_server "$1" \
  263. validate_common_options_ \
  264. "$2" \
  265. 'bind_address:ipaddr'
  266. }
  267. validate_ss_tunnel_section() {
  268. validate_common_client_options_ ss_tunnel "$1" \
  269. "$2" \
  270. 'tunnel_address:regex(".+\:[0-9]+")'
  271. }