You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

309 lines
7.8 KiB

  1. #!/bin/sh /etc/rc.common
  2. #
  3. # Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
  4. #
  5. # This is free software, licensed under the GNU General Public License v3.
  6. # See /LICENSE for more information.
  7. #
  8. USE_PROCD=1
  9. START=99
  10. ss_confdir=/var/etc/shadowsocks-libev
  11. ss_bindir=/usr/bin
  12. q='"'
  13. ss_mkjson() {
  14. echo "{" >"$confjson"
  15. if ss_mkjson_ "$@" >>$confjson; then
  16. sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson"
  17. echo "}" >>"$confjson"
  18. else
  19. rm -f "$confjson"
  20. return 1
  21. fi
  22. }
  23. ss_mkjson_() {
  24. local func
  25. for func in "$@"; do
  26. "$func" || return 1
  27. done
  28. }
  29. ss_mkjson_server_conf() {
  30. local cfgserver
  31. config_get cfgserver "$cfg" server
  32. [ -n "$cfgserver" ] || return 1
  33. eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
  34. validate_server_section "$cfgserver" || return 1
  35. [ "$disabled" = 0 ] || return 1
  36. ss_mkjson_server_conf_ "$cfgserver"
  37. }
  38. ss_mkjson_server_conf_() {
  39. [ -n "$server_port" ] || return 1
  40. password="${password//\"/\\\"}"
  41. cat <<-EOF
  42. ${server:+${q}server${q}: ${q}$server${q},}
  43. "server_port": $server_port,
  44. ${method:+${q}method${q}: ${q}$method${q},}
  45. ${key:+${q}key${q}: ${q}$key${q},}
  46. ${password:+${q}password${q}: ${q}$password${q},}
  47. EOF
  48. }
  49. ss_mkjson_common_conf() {
  50. [ "$ipv6_first" = 0 ] && ipv6_first=false || ipv6_first=true
  51. [ "$fast_open" = 0 ] && fast_open=false || fast_open=true
  52. [ "$reuse_port" = 0 ] && reuse_port=false || reuse_port=true
  53. cat <<-EOF
  54. "use_syslog": true,
  55. "ipv6_first": $ipv6_first,
  56. "fast_open": $fast_open,
  57. "reuse_port": $reuse_port,
  58. ${local_address:+${q}local_address${q}: ${q}$local_address${q},}
  59. ${local_port:+${q}local_port${q}: $local_port,}
  60. ${mode:+${q}mode${q}: ${q}$mode${q},}
  61. ${mtu:+${q}mtu${q}: $mtu,}
  62. ${timeout:+${q}timeout${q}: $timeout,}
  63. ${user:+${q}user${q}: ${q}$user${q},}
  64. EOF
  65. }
  66. ss_mkjson_ss_local_conf() {
  67. ss_mkjson_server_conf
  68. }
  69. ss_mkjson_ss_redir_conf() {
  70. ss_mkjson_server_conf
  71. }
  72. ss_mkjson_ss_server_conf() {
  73. ss_mkjson_server_conf_
  74. }
  75. ss_mkjson_ss_tunnel_conf() {
  76. ss_mkjson_server_conf || return 1
  77. [ -n "$tunnel_address" ] || return 1
  78. cat <<-EOF
  79. ${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},}
  80. EOF
  81. }
  82. ss_xxx() {
  83. local cfg="$1"
  84. local cfgtype="$2"
  85. local bin="$ss_bindir/${cfgtype/_/-}"
  86. local confjson="$ss_confdir/$cfgtype.$cfg.json"
  87. [ -x "$bin" ] || return
  88. eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
  89. "validate_${cfgtype}_section" "$cfg" || return 1
  90. [ "$disabled" = 0 ] || return
  91. if ss_mkjson \
  92. ss_mkjson_common_conf \
  93. ss_mkjson_${cfgtype}_conf \
  94. ; then
  95. procd_open_instance "$cfgtype.$cfg"
  96. procd_set_param command "$bin" -c "$confjson"
  97. [ "$verbose" = 0 ] || procd_append_param command -v
  98. [ "$no_delay" = 0 ] || procd_append_param command --no-delay
  99. [ -z "$bind_address" ] || procd_append_param command -b "$bind_address"
  100. procd_set_param file "$confjson"
  101. procd_set_param respawn
  102. procd_close_instance
  103. ss_rules_cb
  104. fi
  105. }
  106. ss_rules_cb() {
  107. local cfgserver server
  108. if [ "$cfgtype" = ss_redir ]; then
  109. config_get cfgserver "$cfg" server
  110. config_get server "$cfgserver" server
  111. ss_redir_servers="$ss_redir_servers $server"
  112. if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
  113. eval "ss_rules_redir_tcp_$cfg=$local_port"
  114. fi
  115. if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
  116. eval "ss_rules_redir_udp_$cfg=$local_port"
  117. fi
  118. fi
  119. }
  120. ss_rules() {
  121. local cfg="ss_rules"
  122. local bin="$ss_bindir/ss-rules"
  123. local cfgtype
  124. local local_port_tcp local_port_udp
  125. local args
  126. [ -x "$bin" ] || return 1
  127. config_get cfgtype "$cfg" TYPE
  128. [ "$cfgtype" = ss_rules ] || return 1
  129. eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
  130. validate_ss_rules_section "$cfg" || return 1
  131. [ "$disabled" = 0 ] || return 1
  132. eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
  133. eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
  134. [ -n "$local_port_tcp" -o -n "$local_port_udp" ] || return 1
  135. ss_redir_servers="$(echo "$ss_redir_servers" | tr ' ' '\n' | sort -u)"
  136. [ "$dst_forward_recentrst" = 0 ] || args="$args --dst-forward-recentrst"
  137. "$bin" \
  138. -s "$ss_redir_servers" \
  139. -l "$local_port_tcp" \
  140. -L "$local_port_udp" \
  141. --src-default "$src_default" \
  142. --dst-default "$dst_default" \
  143. --local-default "$local_default" \
  144. --dst-bypass-file "$dst_ips_bypass_file" \
  145. --dst-forward-file "$dst_ips_forward_file" \
  146. --dst-bypass "$dst_ips_bypass" \
  147. --dst-forward "$dst_ips_forward" \
  148. --src-bypass "$src_ips_bypass" \
  149. --src-forward "$src_ips_forward" \
  150. --src-checkdst "$src_ips_checkdst" \
  151. --ifnames "$ifnames" \
  152. --ipt-extra "$ipt_args" \
  153. $args \
  154. || "$bin" -f
  155. }
  156. start_service() {
  157. local cfgtype
  158. mkdir -p "$ss_confdir"
  159. config_load shadowsocks-libev
  160. for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
  161. config_foreach ss_xxx "$cfgtype" "$cfgtype"
  162. done
  163. ss_rules
  164. }
  165. stop_service() {
  166. local bin="$ss_bindir/ss-rules"
  167. [ -x "$bin" ] && "$bin" -f
  168. rm -rf "$ss_confdir"
  169. }
  170. service_triggers() {
  171. procd_add_reload_interface_trigger wan
  172. procd_add_reload_trigger shadowsocks-libev
  173. procd_open_validate
  174. validate_server_section
  175. validate_ss_local_section
  176. validate_ss_redir_section
  177. validate_ss_rules_section
  178. validate_ss_server_section
  179. validate_ss_tunnel_section
  180. procd_close_validate
  181. }
  182. ss_validate_mklocal() {
  183. local tuple opts
  184. shift 2
  185. for tuple in "$@"; do
  186. opts="${tuple%%:*} $opts"
  187. done
  188. [ -z "$opts" ] || echo "local $opts"
  189. }
  190. ss_validate() {
  191. uci_validate_section shadowsocks-libev "$@"
  192. }
  193. validate_common_server_options_() {
  194. local cfgtype="$1"; shift
  195. local cfg="$1"; shift
  196. local func="$1"; shift
  197. local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
  198. local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm", "chacha20-ietf-poly1305", "xchacha20-ietf-poly1305"'
  199. "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
  200. 'disabled:bool:0' \
  201. 'server:host' \
  202. 'server_port:port' \
  203. 'password:string' \
  204. 'key:string' \
  205. "method:or($stream_methods, $aead_methods)"
  206. }
  207. validate_common_client_options_() {
  208. validate_common_options_ "$@" \
  209. 'server:uci("shadowsocks-libev", "@server")' \
  210. 'local_address:host:0.0.0.0' \
  211. 'local_port:port'
  212. }
  213. validate_common_options_() {
  214. local cfgtype="$1"; shift
  215. local cfg="$1"; shift
  216. local func="$1"; shift
  217. "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
  218. 'disabled:bool:0' \
  219. 'fast_open:bool:0' \
  220. 'ipv6_first:bool:0' \
  221. 'no_delay:bool:0' \
  222. 'reuse_port:bool:0' \
  223. 'verbose:bool:0' \
  224. 'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
  225. 'mtu:uinteger' \
  226. 'timeout:uinteger' \
  227. 'user:string'
  228. }
  229. validate_server_section() {
  230. validate_common_server_options_ server "$1" "$2"
  231. }
  232. validate_ss_local_section() {
  233. validate_common_client_options_ ss_local "$1" "$2"
  234. }
  235. validate_ss_redir_section() {
  236. validate_common_client_options_ ss_redir "$1" "$2"
  237. }
  238. validate_ss_rules_section() {
  239. "${2:-ss_validate}" ss_rules "$1" \
  240. 'disabled:bool:0' \
  241. 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
  242. 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
  243. 'src_ips_bypass:or(ip4addr,cidr4)' \
  244. 'src_ips_forward:or(ip4addr,cidr4)' \
  245. 'src_ips_checkdst:or(ip4addr,cidr4)' \
  246. 'dst_ips_bypass_file:file' \
  247. 'dst_ips_bypass:or(ip4addr,cidr4)' \
  248. 'dst_ips_forward_file:file' \
  249. 'dst_ips_forward:or(ip4addr,cidr4)' \
  250. 'src_default:or("bypass", "forward", "checkdst"):checkdst' \
  251. 'dst_default:or("bypass", "forward"):bypass' \
  252. 'local_default:or("bypass", "forward", "checkdst"):bypass' \
  253. 'dst_forward_recentrst:bool:0' \
  254. 'ifnames:maxlength(15)' \
  255. 'ipt_args:string'
  256. }
  257. validate_ss_server_section() {
  258. validate_common_server_options_ ss_server "$1" \
  259. validate_common_options_ \
  260. "$2" \
  261. 'bind_address:ipaddr'
  262. }
  263. validate_ss_tunnel_section() {
  264. validate_common_client_options_ ss_tunnel "$1" \
  265. "$2" \
  266. 'tunnel_address:regex(".+\:[0-9]+")'
  267. }