openwrt-packages-dist/net/simple-adblock/files/simple-adblock.init

#!/bin/sh /etc/rc.common
# Copyright 2017-2019 Stan Grishin (stangri@melmac.net)
# shellcheck disable=SC2039
# shellcheck disable=SC1091
PKG_VERSION=

export START=94
export USE_PROCD=1
export LC_ALL=C

export EXTRA_COMMANDS="check dl killcache status"
export EXTRA_HELP="	check	Checks if specified domain is found in current blacklist
	dl	Force-redownloads all the list
	status	Shows the service last-run status"

readonly packageName="simple-adblock"
readonly serviceName="$packageName $PKG_VERSION"
readonly addnhostsFile="/var/run/${packageName}.addnhosts"
readonly addnhostsCache="/var/run/${packageName}.addnhosts.cache"
readonly addnhostsGzip="/etc/${packageName}.addnhosts.gz"
readonly addnhostsOutputFilter='s|^|127.0.0.1 |;s|$||'
readonly addnhostsOutputFilterIPv6='s|^|:: |;s|$||'
readonly dnsmasqFile="/var/dnsmasq.d/${packageName}"
readonly dnsmasqCache="/var/run/${packageName}.dnsmasq.cache"
readonly dnsmasqGzip="/etc/${packageName}.dnsmasq.gz"
readonly dnsmasqOutputFilter='s|^|local=/|;s|$|/|'
readonly serversFile="/var/run/${packageName}.servers"
readonly serversCache="/var/run/${packageName}.servers.cache"
readonly serversGzip="/etc/${packageName}.servers.gz"
readonly serversOutputFilter='s|^|server=/|;s|$|/|'
readonly unboundFile="/var/lib/unbound/adb_list.${packageName}"
readonly unboundCache="/var/run/${packageName}.unbound.cache"
readonly unboundGzip="/etc/${packageName}.unbound.gz"
readonly unboundOutputFilter='s|^|local-zone: "|;s|$|" static|'
readonly A_TMP="/var/${packageName}.hosts.a.tmp"
readonly B_TMP="/var/${packageName}.hosts.b.tmp"
readonly PIDFile="/var/run/${packageName}.pid"
readonly jsonFile="/var/run/${packageName}.json"
readonly hostsFilter='/localhost/d;/^#/d;/^[^0-9]/d;s/^0\.0\.0\.0.//;s/^127\.0\.0\.1.//;s/[[:space:]]*#.*$//;s/[[:cntrl:]]$//;s/[[:space:]]//g;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;'
readonly domainsFilter='/^#/d;s/[[:space:]]*#.*$//;s/[[:space:]]*$//;s/[[:cntrl:]]$//;/[[:space:]]/d;/[`~!@#\$%\^&\*()=+;:"'\'',<>?/\|[{}]/d;/]/d;/\./!d;/^$/d;/[^[:alnum:]_.-]/d;'
readonly checkmark='\xe2\x9c\x93'
readonly xmark='\xe2\x9c\x97'
readonly _OK_='\033[0;32m\xe2\x9c\x93\033[0m'
readonly _FAIL_='\033[0;31m\xe2\x9c\x97\033[0m'
readonly __OK__='\033[0;32m[\xe2\x9c\x93]\033[0m'
readonly __FAIL__='\033[0;31m[\xe2\x9c\x97]\033[0m'
readonly _ERROR_='\033[0;31mERROR\033[0m'
readonly statusSuccess='Success'
readonly statusFail='Fail'
readonly statusDownloading='Downloading'
readonly statusReloading='Reloading'
readonly statusRestarting='Restarting'
readonly statusStarting='Starting'
readonly statusForceReloading='Force-Reloading'
readonly statusProcessing='Processing'
readonly statusStopped='Stopped'
readonly sharedMemoryError="/dev/shm/$packageName-error"

create_lock() { [ -e "$PIDFile" ] && return 1; touch "$PIDFile"; }
remove_lock() { [ -e "$PIDFile" ] && rm -f "$PIDFile"; }
trap remove_lock EXIT
output_ok() { output 1 "$_OK_"; output 2 "$__OK__\\n"; }
output_okn() { output 1 "$_OK_\\n"; output 2 "$__OK__\\n"; }
output_fail() { output 1 "$_FAIL_\\n"; output 2 "$__FAIL__\\n"; }
output_failn() { output 1 "$_FAIL_"; output 2 "$__FAIL__\\n"; }
str_replace() { echo "$1" | sed -e "s/$2/$3/g"; }
str_contains() { [ "$1" != "$(str_replace "$1" "$2" "")" ]; }
readonly sharedMemoryOutput="/dev/shm/$packageName-output"
output() {
# Can take a single parameter (text) to be output at any verbosity
# Or target verbosity level and text to be output at specifc verbosity
	local msg memmsg
	if [ $# -ne 1 ]; then
		if [ $((verbosity & $1)) -gt 0 ] || [ "$verbosity" = "$1" ]; then shift; else return 0; fi
	fi
	[ -t 1 ] && printf "%b" "$1"
	msg="$(printf "%s" "$(str_replace "$1" "$serviceName " "service ")" | sed 's|\\033\[[0-9]\?;\?[0-9]\?[0-9]\?m||g')";
	if [ "$(printf "%b" "$msg" | wc -l)" -gt 0 ]; then
		[ -s "$sharedMemoryOutput" ] && memmsg="$(cat "$sharedMemoryOutput")"
		logger -t "${packageName:-service} [$$]" "$(printf "%b" "${memmsg}${msg}")"
		rm -f "$sharedMemoryOutput"
	else
		printf "%b" "$msg" >> "$sharedMemoryOutput"
	fi
}
led_on(){ if [ -n "${1}" ] && [ -e "${1}/trigger" ]; then echo "default-on" > "${1}/trigger" 2>&1; fi; }
led_off(){ if [ -n "${1}" ] &&  [ -e "${1}/trigger" ]; then echo "none" > "${1}/trigger" 2>&1; fi; }

export serviceEnabled
export forceDNS
export parallelDL
export debug
export allowNonAscii
export compressedCache     
export targetDNS
export bootDelay
export dlTimeout
export curlRetry
export verbosity
export led
export whitelist_domains
export blacklist_domains
export whitelist_domains_urls
export blacklist_domains_urls
export blacklist_hosts_urls
export wan_if wan_gw wanphysdev dl_command serviceStatus dl_flag
export outputFilter outputFilterIPv6 outputFile outputGzip outputCache ipv6Enabled

load_package_config() {
	config_load "$packageName"
	config_get_bool serviceEnabled        "config" "enabled" 1
	config_get_bool forceDNS              "config" "force_dns" 1
	config_get_bool parallelDL            "config" "parallel_downloads" 1
	config_get_bool debug                 "config" "debug" 0
	config_get_bool allowNonAscii         "config" "allow_non_ascii" 0
	config_get_bool compressedCache       "config" "compressed_cache" 0
	config_get_bool ipv6Enabled           "config" "ipv6_enabled" 0
	config_get bootDelay                  "config" "boot_delay" "120"
	config_get dlTimeout                  "config" "download_timeout" "20"
	config_get curlRetry                  "config" "curl_retry" "3"
	config_get verbosity                  "config" "verbosity" "2"
	config_get led        	              "config" "led"
	config_get targetDNS                  "config" "dns" "dnsmasq.servers"
	config_get whitelist_domains          "config" "whitelist_domain"
	config_get blacklist_domains          "config" "blacklist_domain"
	config_get whitelist_domains_urls     "config" "whitelist_domains_url"
	config_get blacklist_domains_urls     "config" "blacklist_domains_url"
	config_get blacklist_hosts_urls       "config" "blacklist_hosts_url"

	if [ "$targetDNS" != "dnsmasq.addnhosts" ] && [ "$targetDNS" != "dnsmasq.conf" ] && \
		 [ "$targetDNS" != "dnsmasq.servers" ] && [ "$targetDNS" != "unbound.adb_list" ]; then
		targetDNS="dnsmasq.servers"
	fi

	case "$targetDNS" in
		dnsmasq.addnhosts)
			outputFilter="$addnhostsOutputFilter"
			outputFile="$addnhostsFile"
			outputCache="$addnhostsCache"
			outputGzip="$addnhostsGzip"
			[ "$ipv6Enabled" -gt 0 ] && outputFilterIPv6="$addnhostsOutputFilterIPv6"
			rm -f "$dnsmasqFile" "$dnsmasqCache" "$dnsmasqGzip"
			rm -f "$serversFile" "$serversCache" "$serversGzip"
			rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
			;;
		dnsmasq.conf)
			outputFilter="$dnsmasqOutputFilter"
			outputFile="$dnsmasqFile"
			outputCache="$dnsmasqCache"
			outputGzip="$dnsmasqGzip"
			rm -f "$addnhostsFile" "$addnhostsCache" "$addnhostsGzip"
			rm -f "$serversFile" "$serversCache" "$serversGzip"
			rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
			;;
		dnsmasq.servers)
			outputFilter="$serversOutputFilter"
			outputFile="$serversFile"
			outputCache="$serversCache"
			outputGzip="$serversGzip"
			rm -f "$dnsmasqFile" "$dnsmasqCache" "$dnsmasqGzip"
			rm -f "$addnhostsFile" "$addnhostsCache" "$addnhostsGzip"
			rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
			;;
		unbound.adb_list)
			outputFilter="$unboundOutputFilter"
			outputFile="$unboundFile"
			outputCache="$unboundCache"
			outputGzip="$unboundGzip"
			rm -f "$dnsmasqFile" "$dnsmasqCache" "$dnsmasqGzip"
			rm -f "$addnhostsFile" "$addnhostsCache" "$addnhostsGzip"
			rm -f "$serversFile" "$serversCache" "$serversGzip"
			;;
	esac
	if [ -z "${verbosity##*[!0-9]*}" ] || [ "$verbosity" -lt 0 ] || [ "$verbosity" -gt 2 ]; then
		verbosity=1
	fi
	. /lib/functions/network.sh
	. /usr/share/libubox/jshn.sh
	# Prefer curl because it supports the file: scheme.
	if [ -x /usr/bin/curl ] ; then
		dl_command="curl --insecure --retry $curlRetry --connect-timeout $dlTimeout --silent"
		dl_flag="-o"
	else
		dl_command="wget --no-check-certificate --timeout $dlTimeout -q"
		dl_flag="-O"
	fi
	led="${led:+/sys/class/leds/$led}"
}

is_enabled() {
	load_package_config

	if [ "$debug" -ne 0 ]; then
		exec 1>>/tmp/simple-adblock.log
		exec 2>&1
		set -x
	fi

	if [ "$serviceEnabled" -eq 0 ]; then
		case "$1" in
			on_start)
				output "$packageName is currently disabled.\\n"
				output "Run the following commands before starting service again:\\n"
				output "uci set ${packageName}.config.enabled='1'; uci commit $packageName;\\n"
				;;
		esac
		return 1
	fi

	[ ! -d "${outputFile%/*}" ] && mkdir -p "${outputFile%/*}"
	[ ! -d "${outputCache%/*}" ] && mkdir -p "${outputFile%/*}"
	[ ! -d "${outputGzip%/*}" ] && mkdir -p "${outputFile%/*}"
	cacheOps 'testGzip' && return 0
	network_flush_cache; network_find_wan wan_if; network_get_gateway wan_gw "$wan_if";
	[ -n "$wan_gw" ] && return 0
	output "$_ERROR_: $serviceName failed to discover WAN gateway.\\n"; return 1;
}

dnsmasq_kill() { killall -q -HUP dnsmasq; }
dnsmasq_restart() { /etc/init.d/dnsmasq restart >/dev/null 2>&1; }
unbound_restart() { /etc/init.d/unbound restart >/dev/null 2>&1; }
reload_resolver() {
	local param output_text
	case $1 in
		on_start)
			if [ ! -s "$outputFile" ]; then
				tmpfs set status "$statusFail"
				tmpfs add error "Error: Failed to create $outputFile file."
				output "$_ERROR_: $serviceName failed to create its data file!\\n"
				return 1
			fi
			case "$targetDNS" in
				dnsmasq.addnhosts)
					uci -q del_list dhcp.@dnsmasq[0].addnhosts="$addnhostsFile"
					uci add_list dhcp.@dnsmasq[0].addnhosts="$addnhostsFile"
					if [ -n "$(uci changes dhcp)" ]; then
						uci commit dhcp
						param=dnsmasq_restart
						output_text="Restarting DNSMASQ"
					else
						param=dnsmasq_kill
						output_text="Reloading DNSMASQ"
					fi
					;;
				dnsmasq.conf)
					param=dnsmasq_restart
					output_text="Restarting DNSMASQ"
					;;
				dnsmasq.servers)
					if [ "$(uci -q get dhcp.@dnsmasq[0].serversfile)" != "$serversFile" ]; then
						uci set dhcp.@dnsmasq[0].serversfile="$serversFile"
						uci commit dhcp
						param=dnsmasq_restart
						output_text="Restarting DNSMASQ"
					else
						param=dnsmasq_kill
						output_text="Reloading DNSMASQ"
					fi
					;;
				unbound.adb_list)
					param=unbound_restart
					output_text="Restarting Unbound"
					;;
			esac
			output 1 "$output_text "
			output 2 "$output_text "
			tmpfs set message "$output_text"
			if eval "$param"; then
				tmpfs set status "$statusSuccess"
				led_on "$led"
				output_okn
			else 
				output_fail
				tmpfs set status "$statusFail"
				tmpfs add error "Error: $output_text error."
				output "$_ERROR_: $serviceName $output_text error!\\n"
				return 1
			fi
			;;
		on_stop)
			cacheOps 'create'
			case "$targetDNS" in
				dnsmasq.addnhosts | dnsmasq.servers)
					if [ -n "$(uci changes dhcp)" ]; then 
						uci -q commit dhcp
						param=dnsmasq_restart
					else
						param=dnsmasq_kill
					fi
					;;
				dnsmasq.conf)
					param=dnsmasq_restart
					;;
				unbound.adb_list)
					param=unbound_restart
					;;
			esac
			eval "$param"
			return $?
			;;
		quiet)
			case "$targetDNS" in
				dnsmasq.addnhosts | dnsmasq.servers | dnsmasq.conf)
					param=dnsmasq_restart
					;;
				unbound.adb_list)
					param=unbound_restart
					;;
			esac
			eval "$param"
			return $?
			;;
	esac
}

tmpfs() {
	local action="$1" instance="$2" value="$3" 
	local status message error stats 
	local readReload readRestart curReload curRestart ret
	if [ -s "$jsonFile" ]; then
		status="$(jsonfilter -i $jsonFile -l1 -e "@['data']['status']")"
		message="$(jsonfilter -i $jsonFile -l1 -e "@['data']['message']")"
		error="$(jsonfilter -i $jsonFile -l1 -e "@['data']['error']")"
		stats="$(jsonfilter -i $jsonFile -l1 -e "@['data']['stats']")"
		readReload="$(jsonfilter -i $jsonFile -l1 -e "@['data']['reload']")"
		readRestart="$(jsonfilter -i $jsonFile -l1 -e "@['data']['restart']")"
	fi
	case "$action" in
		get)
			case "$instance" in
				status)
					echo "$status"; return;;
				message) 
					echo "$message"; return;;
				error) 
					echo "$error"; return;;
				stats) 
					echo "$stats"; return;;
				triggers)
					curReload="$allowNonAscii $parallelDL $debug $dlTimeout $whitelist_domains $blacklist_domains $whitelist_domains_urls $blacklist_domains_urls $blacklist_hosts_urls $targetDNS"
					curRestart="$compressedCache $forceDNS $led"
					if [ "$curReload" != "$readReload" ]; then
						ret="download"
					elif [ "$curRestart" != "$readRestart" ]; then
						ret="restart"
					fi
					echo "$ret"
					return;;
			esac
			;;
		add)
			case "$instance" in
				status)
					[ -n "$status" ] && status="$status $value" || status="$value";;
				message) 
					[ -n "$message" ] && message="${message} ${value}" || message="$value";;
				error) 
					[ -n "$error" ] && error="$error $value" || error="$value";;
				stats) 
					[ -n "$stats" ] && stats="$stats $value" || stats="$value";;
			esac
			;;
		del)
			case "$instance" in
				status)
					unset status;;
				message) 
					unset message;;
				error) 
					unset error;;
				stats) 
					unset stats;;
				triggers) 
					unset readReload; unset readRestart;;
			esac
			;;
		set)
			case "$instance" in
				status)
					status="$value";;
				message) 
					message="$value";;
				error) 
					error="$value";;
				stats) 
					stats="$value";;
				triggers) 
					readReload="$allowNonAscii $parallelDL $debug $dlTimeout $whitelist_domains $blacklist_domains $whitelist_domains_urls $blacklist_domains_urls $blacklist_hosts_urls $targetDNS"
					readRestart="$compressedCache $forceDNS $led"
					;;
			esac
			;;
	esac
  json_init
  json_add_object "data"
  json_add_string version "$PKG_VERSION"
  json_add_string status "$status"
  json_add_string message "$message"
  json_add_string error "$error"
  json_add_string stats "$stats"
  json_add_string reload "$readReload"
  json_add_string restart "$readRestart"
  json_close_object
  json_dump > "$jsonFile"
	sync
}

cacheOps() {
	local R_TMP
	case "$1" in
		create|backup)
			[ -f "$outputFile" ] && mv "$outputFile" "$outputCache" >/dev/null 2>/dev/null
			return $?
			;;
		restore|use)
			[ -f "$outputCache" ] && mv "$outputCache" "$outputFile" >/dev/null 2>/dev/null
			return $?
			;;
		test)
			[ -s "$outputCache" ]
			return $?
			;;
		testGzip)
			[ -s "$outputGzip" ] && gzip -t -c "$outputGzip"
			return $?
			;;
		createGzip)
			R_TMP="$(mktemp -u -q -t ${packageName}_tmp.XXXXXXXX)"
			if gzip < "$outputFile" > "$R_TMP"; then
				if mv "$R_TMP" "$outputGzip"; then
					rm -f "$R_TMP"
					return 0
				else
					rm -f "$R_TMP"
					return 1
				fi
			else
				return 1
			fi
			;;
		expand|unpack|expandGzip|unpackGzip)
			[ -s "$outputGzip" ] && gzip -dc < "$outputGzip" > "$outputCache"
			return $?
			;;
	esac
}

is_chaos_calmer() { ubus -S call system board | grep -q "Chaos Calmer"; }

remove_fw3_redirect() {
	local name
	config_get name "$1" "name"
# shellcheck disable=SC2154
	if [ -n "$name" ] && str_contains "$name" "simple-adblock"; then
		uci -q del "firewall.$1"
	fi
}

fw3_setup() {
	config_load "firewall"
	config_foreach remove_fw3_redirect "redirect"
	if [ "$1" = "start" ]; then
		uci -q add firewall redirect >/dev/null 2>&1
		uci -q set firewall.@redirect[-1].name="simple_adblock_dns_hijack"
		uci -q set firewall.@redirect[-1].target="DNAT"
		uci -q set firewall.@redirect[-1].src="lan"
		uci -q set firewall.@redirect[-1].proto="tcpudp"
		uci -q set firewall.@redirect[-1].src_dport="53"
		uci -q set firewall.@redirect[-1].dest_port="53"
		uci -q set firewall.@redirect[-1].dest_ip="$2"
		uci -q set firewall.@redirect[-1].reflection="0"
	fi
	if [ -n "$(uci changes firewall)" ]; then
		uci -q commit firewall
		/etc/init.d/firewall restart >/dev/null 2>&1
	fi
}

process_url() {
	local label type D_TMP R_TMP
	if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ]; then return 1; fi
	label="${1##*//}"; label="${label%%/*}";
	if [ "$2" = "hosts" ]; then
		label="Hosts:   $label"; filter="$hostsFilter";
	else
		label="Domains: $label"; filter="$domainsFilter";
	fi
	if [ "$3" = "blocked" ]; then
		type="Blocked"; D_TMP="$B_TMP";
	else
		type="Allowed"; D_TMP="$A_TMP";
	fi
	while [ -z "$R_TMP" ] || [ -e "$R_TMP" ]; do
		R_TMP="$(mktemp -u -q -t ${packageName}_tmp.XXXXXXXX)"
	done
	if ! $dl_command "$1" $dl_flag "$R_TMP" 2>/dev/null || [ ! -s "$R_TMP" ]; then
		output 1 "$_FAIL_"
		output 2 "[DL] $type $label $__FAIL__\\n"
		printf "%b" "Error: downloading '${1}'.\\n" >> "$sharedMemoryError"
	else
		sed -i "$filter" "$R_TMP"
		if [ ! -s "$R_TMP" ]; then
			output 1 "$_FAIL_"
			output 2 "[DL] $type $label $__FAIL__\\n"
			printf "%b" "Error: parsing '${1}'.\\n" >> "$sharedMemoryError"
		else
			cat "${R_TMP}" >> "$D_TMP"
			output 1 "$_OK_"
			output 2 "[DL] $type $label $__OK__\\n"
		fi
	fi
	rm -f "$R_TMP"
	return 0
}

download_lists() {
	local hf w_filter j=0 R_TMP

	tmpfs set message "${statusDownloading}..."
	rm -f "$A_TMP" "$B_TMP" "$outputFile" "$outputCache" "$outputGzip"
	if [ "$(awk '/^MemFree/ {print int($2/1000)}' "/proc/meminfo")" -lt 32 ]; then
		output 3 "Low free memory, restarting resolver... "
		if reload_resolver 'quiet'; then
			output_okn
		else 
			output_fail
		fi
	fi
	touch $A_TMP; touch $B_TMP;
	output 1 "Downloading lists "
	rm -f "$sharedMemoryError"
	if [ -n "$blacklist_hosts_urls" ]; then
		for hf in ${blacklist_hosts_urls}; do
			if [ "$parallelDL" -gt 0 ]; then
				process_url "$hf" "hosts" "blocked" &
			else
				process_url "$hf" "hosts" "blocked"
			fi
		done
	fi
	if [ -n "$blacklist_domains_urls" ]; then
		for hf in ${blacklist_domains_urls}; do
			if [ "$parallelDL" -gt 0 ]; then
				process_url "$hf" "domains" "blocked" &
			else
				process_url "$hf" "domains" "blocked"
			fi
		done
	fi
	if [ -n "$whitelist_domains_urls" ]; then
		for hf in ${whitelist_domains_urls}; do
			if [ "$parallelDL" -gt 0 ]; then
				process_url "$hf" "domains" "allowed" &
			else
				process_url "$hf" "domains" "allowed"
			fi
		done
	fi
	wait
	[ -s "$sharedMemoryError" ] && tmpfs add error "$(cat "$sharedMemoryError")"
	rm -f "$sharedMemoryError"
	output 1 "\\n"

	[ -n "$blacklist_domains" ] && for hf in ${blacklist_domains}; do echo "$hf" | sed "$domainsFilter" >> $B_TMP; done
	whitelist_domains="${whitelist_domains}
$(cat $A_TMP)"
	[ -n "$whitelist_domains" ] && for hf in ${whitelist_domains}; do hf=$(echo "$hf" | sed 's/\./\\./g'); w_filter="$w_filter/^${hf}$/d;/\\.${hf}$/d;"; done

	[ ! -s "$B_TMP" ] && return 1

	output 1 "Processing downloads "
	output 2 "Sorting combined list "
	tmpfs set message "$statusProcessing: sorting combined list"
	if [ "$allowNonAscii" -gt 0 ]; then
		if sort "$B_TMP" | uniq > "$A_TMP"; then
			output_ok
		else
			output_failn
			tmpfs add error "Error: Sorting error."
		fi
	else
		if sort "$B_TMP" | uniq | grep -E -v '[^a-zA-Z0-9=/.-]' > "$A_TMP"; then
			output_ok
		else
			output_failn
			tmpfs add error "Error: Sorting error."
		fi
	fi

	if [ "$targetDNS" = "dnsmasq.conf" ] || \
	   [ "$targetDNS" = "dnsmasq.servers" ] || \
		 [ "$targetDNS" = "unbound.adb_list" ]; then
		# TLD optimization written by Dirk Brenken (dev@brenken.org)
		output 2 "Optimizing combined list "
		tmpfs set message "$statusProcessing: optimizing combined list"
		if awk -F "." '{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "$A_TMP" > "$B_TMP"; then
			if sort "$B_TMP" > "$A_TMP"; then
				if awk '{if(NR=1){tld=$NF};while(getline){if($NF!~tld"\\."){print tld;tld=$NF}}print tld}' "$A_TMP" > "$B_TMP"; then
					if awk -F "." '{for(f=NF;f>1;f--)printf "%s.",$f;print $1}' "$B_TMP" > "$A_TMP"; then
						if sort "$A_TMP" | uniq > "$B_TMP"; then
							output_ok
						else
							output_failn
							tmpfs add error "Error: Data file optimization."
							mv "$A_TMP" "$B_TMP"
						fi
					else
						output_failn
						tmpfs add error "Error: Data file optimization."
					fi
				else
					output_failn
					tmpfs add error "Error: Data file optimization."
					mv "$A_TMP" "$B_TMP"
				fi
			else
				output_failn
				tmpfs add error "Error: Data file optimization."
			fi
		else
			output_failn
			tmpfs add error "Error: Data file optimization."
			mv "$A_TMP" "$B_TMP"
		fi
	else
		mv "$A_TMP" "$B_TMP"
	fi

	output 2 "Whitelisting domains "
	tmpfs set message "$statusProcessing: whitelisting domains"
	if sed -i "$w_filter" "$B_TMP"; then
		output_ok
	else
		output_failn
		tmpfs add error "Error: Whitelist processing."
	fi

	output 2 "Formatting merged file "
	tmpfs set message "$statusProcessing: formatting merged file"
	if [ -z "$outputFilterIPv6" ]; then
		if sed "$outputFilter" "$B_TMP" > "$A_TMP"; then
			output_ok
		else
			output_failn
			tmpfs add error "Error: Data file formatting."
		fi
	else
		if sed "$outputFilter" "$B_TMP" > "$A_TMP" && \
		   sed "$outputFilterIPv6" "$B_TMP" >> "$A_TMP"; then
			output_ok
		else
			output_failn
			tmpfs add error "Error: Data file formatting."
		fi
	fi

	case "$targetDNS" in
		dnsmasq.addnhosts)
			output 2 "Creating DNSMASQ addnhosts file "
			tmpfs set message "$statusProcessing: creating DNSMASQ addnhosts file"
			;;
		dnsmasq.conf)
			output 2 "Creating DNSMASQ config file "
			tmpfs set message "$statusProcessing: creating DNSMASQ config file"
			;;
		dnsmasq.servers)
			output 2 "Creating DNSMASQ servers file "
			tmpfs set message "$statusProcessing: creating DNSMASQ servers file"
			;;
		unbound.adb_list)
			output 2 "Creating Unbound adb_list file "
			tmpfs set message "$statusProcessing: creating Unbound adb_list file"
			;;
	esac
	if mv "$A_TMP" "$outputFile"; then
		output_ok
	else
		output_failn
		tmpfs add error "Error: moving data file '${A_TMP}' to '${outputFile}'."
	fi
	if [ "$compressedCache" -gt 0 ]; then
		output 2 "Creating compressed cache "
		tmpfs set message "$statusProcessing: creating compressed cache"
		if cacheOps 'createGzip'; then
			output_ok
		else
			output_failn
			tmpfs add error "Error: creating compressed cache."
		fi
	else
		rm -f "$outputGzip"
	fi
	output 2 "Removing temporary files "
	tmpfs set message "$statusProcessing: removing temporary files"
	rm -f "/tmp/${packageName}_tmp.*" "$A_TMP" "$B_TMP" "$outputCache" || j=1
	if [ $j -eq 0 ]; then
		output_ok
	else
		output_failn
		tmpfs add error "Error: removing temporary files."
	fi
	output 1 "\\n"
}

boot() { 
	load_package_config
	if create_lock; then
		sleep "$bootDelay"
		remove_lock
		rc_procd start_service && rc_procd service_triggers
	fi
}

start_service() {
	is_enabled 'on_start' || return 1
	local ip action status error message stats
	if create_lock; then
		procd_open_instance "main"
		procd_set_param command /bin/true
		procd_set_param stdout 1
		procd_set_param stderr 1
		network_get_ipaddr ip "lan"
# shellcheck disable=SC2154
		if [ "$forceDNS" -ne 0 ] && [ -n "$ip" ]; then
			if is_chaos_calmer; then
				fw3_setup "start" "$ip"
			else
				procd_open_data
				json_add_array firewall
				json_add_object ""
				json_add_string type redirect
				json_add_string target "DNAT"
				json_add_string src "lan"
				json_add_string dest "lan"
				json_add_string proto "tcpudp"
				json_add_string src_dport "53"
				json_add_string dest_port "53"
				json_add_string dest_ip "$ip"
				json_add_string name "simple-adblock-dns-hijack"
				json_add_string reflection "0"
				json_close_object
				json_close_array
				procd_close_data
			fi
		fi
		procd_close_instance

		status="$(tmpfs get status)"
		error="$(tmpfs get error)"
		message="$(tmpfs get message)"
		stats="$(tmpfs get stats)"
		action="$(tmpfs get triggers)"

		case "$1" in
			download) action="download";;
			restart|*)
				if [ "$1" != "restart" ] && [ -s "$outputFile" ] && [ -n "$status" ]; then
					status
					exit 0
				elif [ ! -s "$outputFile" ] && ! cacheOps 'test' && ! cacheOps 'testGzip'; then
					action="download"
				elif cacheOps 'test' || cacheOps 'testGzip'; then
					action="start"
				fi
				if [ -n "$error" ]; then 
					action="download"
				fi
				action="${action:-$1}"
			;;
		esac

		tmpfs del status
		tmpfs del error
		tmpfs del message
		tmpfs del stats
		tmpfs set triggers

		case $action in
			download)
				if [ -s "$outputFile" ] || cacheOps 'test' || cacheOps 'testGzip'; then
					output 0 "Force-reloading $serviceName... "
					output 3 "Force-reloading $serviceName...\\n"
					tmpfs set status "$statusForceReloading"
				else
					output 0 "Starting $serviceName... "
					output 3 "Starting $serviceName...\\n"
					tmpfs set status "$statusStarting"
				fi
				download_lists
				reload_resolver 'on_start'
			;;
			restart|start)
				if [ "$action" = "restart" ]; then
					output 0 "Restarting $serviceName... "
					output 3 "Restarting $serviceName...\\n"
					tmpfs set status "$statusRestarting"
				else
					output 0 "Starting $serviceName... "
					output 3 "Starting $serviceName...\\n"
					tmpfs set status "$statusStarting"
				fi
				if cacheOps 'testGzip' && ! cacheOps 'test' && [ ! -s "$outputFile" ]; then
					output 3 "Found compressed cache file, unpacking it "
					tmpfs set message "found compressed cache file, unpacking it."
					if cacheOps 'unpackGzip'; then
						output_okn
					else
						output_fail
						output "$_ERROR_: $serviceName failed to unpack compressed cache!\\n"
						tmpfs add error "Error: Failed to unpack compressed cache."
						return 1
					fi
				fi
				if cacheOps 'test' && [ ! -s "$outputFile" ]; then
					output 3 "Found cache file, reusing it "
					tmpfs set message "found cache file, reusing it."
					if cacheOps 'restore'; then 
						output_okn
					else 
						output_fail
						tmpfs add error "Error: moving '$outputCache' to '$outputFile'."
					fi
				fi
				reload_resolver 'on_start'
			;;
		esac

		if [ -s "$outputFile" ] && [ "$(tmpfs get status)" != "$statusFail" ]; then
			output 0 "$__OK__\\n";
			c="$(wc -l < "$outputFile")"
			output 3 "$serviceName is blocking $c domains "; output_okn
			tmpfs del message
			tmpfs set status "$statusSuccess: $c domains blocked (with ${targetDNS})."
			error="$(tmpfs get error)"
			if [ -n "$error" ]; then
				output "$(str_replace "$error" "Error:" "$_ERROR_:")\\n"
			fi
		else
			output 0 "$__FAIL__\\n";
			tmpfs set status "$statusFail"
			tmpfs add error "Error: Failed to create blocklist."
		fi
		remove_lock
	else
		output 3 "$serviceName: another instance is starting up "; output_fail
		return 0
	fi
}

service_started() { procd_set_config_changed firewall; }
service_stopped() { procd_set_config_changed firewall; }
restart_service() { rc_procd start_service "restart"; }
reload_service() { restart_service; }
restart() { restart_service; }
reload() { restart_service; }
dl() { rc_procd start_service "download"; }

killcache() {
	rm -f "$addnhostsCache" "$addnhostsGzip"
	rm -f "$dnsmasqCache" "$dnsmasqGzip"
	rm -f "$serversCache" "$serversGzip"
	rm -f "$unboundCache" "$unboundGzip"
	return 0
}

status() {
	local status="$(tmpfs get status)" error="$(tmpfs get error)" message="$(tmpfs get message)"
	if [ -n "$status" ] && [ -n "$message" ]; then 
		status="${status}: $message"
	fi
	[ -n "$status" ] && output "$serviceName $status\\n"
	[ -n "$error" ] && output "$error\\n"
}

stop_service() {
	load_package_config
	if is_chaos_calmer; then
		fw3_setup 'stop'
	fi
	if [ -s "$outputFile" ]; then
		output "Stopping $serviceName... "
		tmpfs del triggers
		if reload_resolver 'on_stop'; then
			led_off "$led"
			output 0 "$__OK__\\n"; output_okn
			tmpfs set status "$statusStopped"
			tmpfs del message
		else 
			output 0 "$__FAIL__\\n"; output_fail
			tmpfs set status "$statusFail"
			tmpfs add error "Error: error stopping $serviceName."
			output "$_ERROR_:  error stopping $serviceName!\\n"
		fi
	fi
}

check() {
	load_package_config
	local string="$1"
	if [ ! -f "$outputFile" ]; then
		echo "No blacklist ('$outputFile') found."
	elif [ -z "$string" ]; then
		echo "Usage: /etc/init.d/${packageName} check domain"
	elif grep -m1 -q "$string" "$outputFile"; then
		echo "Found $(grep -c "$string" "$outputFile") matches for '$string' in '$outputFile':"
		case "$targetDNS" in
			dnsmasq.addnhosts)
				grep "$string" "$outputFile" | sed 's|^127.0.0.1 ||;s|^:: ||;';;
			dnsmasq.conf)
				grep "$string" "$outputFile" | sed 's|local=/||;s|/$||;';;
			dnsmasq.servers)
				grep "$string" "$outputFile" | sed 's|server=/||;s|/$||;';;
			unbound.adb_list)
				grep "$string" "$outputFile" | sed 's|^local-zone: "||;s|" static$||;';;
		esac
	else
		echo "The $string is not found in current blacklist ('$outputFile')."
	fi
}