#!/bin/sh /etc/rc.common
|
|
#
|
|
# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v3.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
USE_PROCD=1
|
|
START=99
|
|
|
|
ss_confdir=/var/etc/shadowsocks-libev
|
|
ss_bindir=/usr/bin
|
|
q='"'
|
|
|
|
ss_mkjson() {
|
|
echo "{" >"$confjson"
|
|
if ss_mkjson_ "$@" >>$confjson; then
|
|
sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson"
|
|
echo "}" >>"$confjson"
|
|
else
|
|
rm -f "$confjson"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
ss_mkjson_() {
|
|
local func
|
|
|
|
for func in "$@"; do
|
|
if ! "$func"; then
|
|
return 1
|
|
fi
|
|
done
|
|
}
|
|
|
|
ss_mkjson_server_conf() {
|
|
local cfgserver
|
|
|
|
config_get cfgserver "$cfg" server
|
|
[ -n "$cfgserver" ] || return 1
|
|
eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
|
|
validate_server_section "$cfgserver" || return 1
|
|
[ "$disabled" = 0 ] || return 1
|
|
ss_mkjson_server_conf_ "$cfgserver"
|
|
}
|
|
|
|
ss_mkjson_server_conf_() {
|
|
[ -n "$server_port" ] || return 1
|
|
password="${password//\"/\\\"}"
|
|
cat <<-EOF
|
|
${server:+${q}server${q}: ${q}$server${q},}
|
|
"server_port": $server_port,
|
|
${method:+${q}method${q}: ${q}$method${q},}
|
|
${key:+${q}key${q}: ${q}$key${q},}
|
|
${password:+${q}password${q}: ${q}$password${q},}
|
|
EOF
|
|
}
|
|
|
|
ss_mkjson_common_conf() {
|
|
[ "$ipv6_first" = 0 ] && ipv6_first=false || ipv6_first=true
|
|
[ "$fast_open" = 0 ] && fast_open=false || fast_open=true
|
|
[ "$reuse_port" = 0 ] && reuse_port=false || reuse_port=true
|
|
cat <<-EOF
|
|
"use_syslog": true,
|
|
"ipv6_first": $ipv6_first,
|
|
"fast_open": $fast_open,
|
|
"reuse_port": $reuse_port,
|
|
${local_address:+${q}local_address${q}: ${q}$local_address${q},}
|
|
${local_port:+${q}local_port${q}: $local_port,}
|
|
${mode:+${q}mode${q}: ${q}$mode${q},}
|
|
${mtu:+${q}mtu${q}: $mtu,}
|
|
${timeout:+${q}timeout${q}: $timeout,}
|
|
${user:+${q}user${q}: ${q}$user${q},}
|
|
EOF
|
|
}
|
|
|
|
ss_mkjson_ss_local_conf() {
|
|
ss_mkjson_server_conf
|
|
}
|
|
|
|
ss_mkjson_ss_redir_conf() {
|
|
ss_mkjson_server_conf || return 1
|
|
[ "$disable_sni" = 0 ] && disable_sni=false || disable_sni=true
|
|
cat <<-EOF
|
|
${q}disable_sni${q}: $disable_sni,
|
|
EOF
|
|
}
|
|
|
|
ss_mkjson_ss_server_conf() {
|
|
ss_mkjson_server_conf_
|
|
}
|
|
|
|
ss_mkjson_ss_tunnel_conf() {
|
|
ss_mkjson_server_conf || return 1
|
|
[ -n "$tunnel_address" ] || return 1
|
|
cat <<-EOF
|
|
${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},}
|
|
EOF
|
|
}
|
|
|
|
ss_xxx() {
|
|
local cfg="$1"
|
|
local cfgtype="$2"
|
|
local bin="$ss_bindir/${cfgtype/_/-}"
|
|
local confjson="$ss_confdir/$cfgtype.$cfg.json"
|
|
|
|
[ -x "$bin" ] || return
|
|
eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
|
|
"validate_${cfgtype}_section" "$cfg"
|
|
[ "$disabled" = 0 ] || return
|
|
|
|
if ss_mkjson \
|
|
ss_mkjson_common_conf \
|
|
ss_mkjson_${cfgtype}_conf \
|
|
; then
|
|
procd_open_instance "$cfgtype.$cfg"
|
|
procd_set_param command "$bin" -c "$confjson"
|
|
[ "$verbose" = 0 ] || procd_append_param command -v
|
|
[ -z "$bind_address" ] || procd_append_param command -b "$bind_address"
|
|
[ -z "$manager_address" ] || procd_append_param command --manager-address "$manager_address"
|
|
procd_set_param file "$confjson"
|
|
procd_set_param respawn
|
|
procd_close_instance
|
|
ss_rules_cb "$cfg"
|
|
fi
|
|
}
|
|
|
|
ss_rules_cb() {
|
|
local cfgserver
|
|
local server
|
|
|
|
[ "$cfgtype" != ss_server ] || return
|
|
config_get cfgserver "$cfg" server
|
|
config_get server "$cfgserver" server
|
|
|
|
ss_rules_servers="$ss_rules_servers $server"
|
|
if [ "$cfgtype" = ss_redir ]; then
|
|
if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
|
|
eval "ss_rules_redir_tcp_$cfg=$local_port"
|
|
fi
|
|
if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
|
|
eval "ss_rules_redir_udp_$cfg=$local_port"
|
|
eval "ss_rules_redir_server_udp_$cfg=$server"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
ss_rules() {
|
|
local cfg="ss_rules"
|
|
local bin="$ss_bindir/ss-rules"
|
|
local cfgtype
|
|
local args local_port_tcp local_port_udp server_udp
|
|
local i a_args d_args
|
|
|
|
[ -x "$bin" ] || return 1
|
|
config_get cfgtype "$cfg" TYPE
|
|
[ "$cfgtype" = ss_rules ] || return 1
|
|
|
|
eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
|
|
validate_ss_rules_section "$cfg"
|
|
[ "$disabled" = 0 ] || return 1
|
|
|
|
eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
|
|
eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
|
|
eval server_udp="\$ss_rules_redir_server_udp_$redir_udp"
|
|
[ -z "$local_port_udp" ] || args="$args -U"
|
|
case "$local_default" in
|
|
forward) args="$args -O" ;;
|
|
checkdst) args="$args -o" ;;
|
|
esac
|
|
case "$src_default" in
|
|
bypass) d_args=RETURN ;;
|
|
forward) d_args=SS_SPEC_WAN_FW ;;
|
|
checkdst) d_args=SS_SPEC_WAN_AC ;;
|
|
esac
|
|
ss_rules_servers="$(echo "$ss_rules_servers" | tr ' ' '\n' | sort -u)"
|
|
for i in $src_ips_bypass; do a_args="b,$i $a_args"; done
|
|
for i in $src_ips_forward; do a_args="g,$i $a_args"; done
|
|
for i in $src_ips_checkdst; do a_args="n,$i $a_args"; done
|
|
|
|
"$bin" \
|
|
-s "$ss_rules_servers" \
|
|
-l "$local_port_tcp" \
|
|
-S "$server_udp" \
|
|
-L "$local_port_udp" \
|
|
-B "$dst_ips_bypass_file" \
|
|
-W "$dst_ips_forward_file" \
|
|
-b "$dst_ips_bypass" \
|
|
-w "$dst_ips_forward" \
|
|
-e "$ipt_args" \
|
|
-a "$a_args" \
|
|
-d "$d_args" \
|
|
$args \
|
|
|| "$bin" -f
|
|
}
|
|
|
|
start_service() {
|
|
local cfgtype="$1"
|
|
|
|
mkdir -p "$ss_confdir"
|
|
config_load shadowsocks-libev
|
|
for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
|
|
config_foreach ss_xxx "$cfgtype" "$cfgtype"
|
|
done
|
|
ss_rules
|
|
}
|
|
|
|
stop_service() {
|
|
local bin="$ss_bindir/ss-rules"
|
|
|
|
[ -x "$bin" ] && "$bin" -f
|
|
rm -rf "$ss_confdir"
|
|
}
|
|
|
|
service_triggers() {
|
|
procd_add_reload_interface_trigger wan
|
|
procd_add_reload_trigger shadowsocks-libev
|
|
procd_open_validate
|
|
validate_server_section
|
|
validate_ss_local_section
|
|
validate_ss_redir_section
|
|
validate_ss_rules_section
|
|
validate_ss_server_section
|
|
validate_ss_tunnel_section
|
|
procd_close_validate
|
|
}
|
|
|
|
ss_validate_mklocal() {
|
|
local tuple opts
|
|
|
|
shift 2
|
|
for tuple in "$@"; do
|
|
opts="${tuple%%:*} $opts"
|
|
done
|
|
[ -z "$opts" ] || echo "local $opts"
|
|
}
|
|
|
|
ss_validate() {
|
|
uci_validate_section shadowsocks-libev "$@"
|
|
}
|
|
|
|
validate_common_server_options_() {
|
|
local cfgtype="$1"; shift
|
|
local cfg="$1"; shift
|
|
local func="$1"; shift
|
|
local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
|
|
local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm"'
|
|
|
|
"${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
|
|
'disabled:bool:0' \
|
|
'server:host' \
|
|
'server_port:port' \
|
|
'password:string' \
|
|
'key:string' \
|
|
"method:or($stream_methods, $aead_methods)"
|
|
}
|
|
|
|
validate_common_client_options_() {
|
|
validate_common_options_ "$@" \
|
|
'server:uci("shadowsocks-libev", "@server")' \
|
|
'local_address:host:0.0.0.0' \
|
|
'local_port:port'
|
|
}
|
|
|
|
validate_common_options_() {
|
|
local cfgtype="$1"; shift
|
|
local cfg="$1"; shift
|
|
local func="$1"; shift
|
|
|
|
"${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
|
|
'disabled:bool:0' \
|
|
'fast_open:bool:0' \
|
|
'ipv6_first:bool:0' \
|
|
'reuse_port:bool:0' \
|
|
'verbose:bool:0' \
|
|
'mode:or("tcp_only", "udp_only", "tcp_and_udp")' \
|
|
'mtu:uinteger' \
|
|
'timeout:uinteger' \
|
|
'user:string'
|
|
}
|
|
|
|
validate_server_section() {
|
|
validate_common_server_options_ server "$1" "${2}"
|
|
}
|
|
|
|
validate_ss_local_section() {
|
|
validate_common_client_options_ ss_local "$1" "${2}"
|
|
}
|
|
|
|
validate_ss_redir_section() {
|
|
validate_common_client_options_ ss_redir "$1" \
|
|
"${2}" \
|
|
'disable_sni:bool:0'
|
|
}
|
|
|
|
validate_ss_rules_section() {
|
|
"${2:-ss_validate}" ss_rules "$1" \
|
|
'disabled:bool:0' \
|
|
'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
|
|
'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
|
|
'src_ips_bypass:list(ipaddr)' \
|
|
'src_ips_forward:list(ipaddr)' \
|
|
'src_ips_checkdst:list(ipaddr)' \
|
|
'dst_ips_bypass_file:file' \
|
|
'dst_ips_bypass:list(ipaddr)' \
|
|
'dst_ips_forward_file:file' \
|
|
'dst_ips_forward:list(ipaddr)' \
|
|
'src_default:or("bypass", "forward", "checkdst")' \
|
|
'local_default:or("bypass", "forward", "checkdst")' \
|
|
'ipt_args:string'
|
|
}
|
|
|
|
validate_ss_server_section() {
|
|
validate_common_server_options_ ss_server "$1" \
|
|
validate_common_options_ \
|
|
"${2}" \
|
|
'bind_address:ipaddr' \
|
|
'manager_address:host'
|
|
}
|
|
|
|
validate_ss_tunnel_section() {
|
|
validate_common_client_options_ ss_tunnel "$1" \
|
|
"${2}" \
|
|
'tunnel_address:regex(".+\:[0-9]+")'
|
|
}
|