projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
cgi-io: fix stray semicolon
[feed/packages.git] / net / shadowsocks-libev / files / shadowsocks-libev.init
1 #!/bin/sh /etc/rc.common
2 #
3 # Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
4 #
5 # This is free software, licensed under the GNU General Public License v3.
6 # See /LICENSE for more information.
7 #
8
9 USE_PROCD=1
10 START=99
11
12 ss_confdir=/var/etc/shadowsocks-libev
13 ss_bindir=/usr/bin
14 q='"'
15
16 ss_mkjson() {
17 echo "{" >"$confjson"
18 if ss_mkjson_ "$@" >>$confjson; then
19 sed -i -e '/^\s*$/d' -e '2,$s/^/\t/' -e '$s/,$//' "$confjson"
20 echo "}" >>"$confjson"
21 else
22 rm -f "$confjson"
23 return 1
24 fi
25 }
26
27 ss_mkjson_() {
28 local func
29
30 for func in "$@"; do
31 if ! "$func"; then
32 return 1
33 fi
34 done
35 }
36
37 ss_mkjson_server_conf() {
38 local cfgserver
39
40 config_get cfgserver "$cfg" server
41 [ -n "$cfgserver" ] || return 1
42 eval "$(validate_server_section "$cfg" ss_validate_mklocal)"
43 validate_server_section "$cfgserver" || return 1
44 [ "$disabled" = 0 ] || return 1
45 ss_mkjson_server_conf_ "$cfgserver"
46 }
47
48 ss_mkjson_server_conf_() {
49 [ -n "$server_port" ] || return 1
50 password="${password//\"/\\\"}"
51 cat <<-EOF
52 ${server:+${q}server${q}: ${q}$server${q},}
53 "server_port": $server_port,
54 ${method:+${q}method${q}: ${q}$method${q},}
55 ${key:+${q}key${q}: ${q}$key${q},}
56 ${password:+${q}password${q}: ${q}$password${q},}
57 EOF
58 }
59
60 ss_mkjson_common_conf() {
61 [ "$ipv6_first" = 0 ] && ipv6_first=false || ipv6_first=true
62 [ "$fast_open" = 0 ] && fast_open=false || fast_open=true
63 [ "$reuse_port" = 0 ] && reuse_port=false || reuse_port=true
64 cat <<-EOF
65 "use_syslog": true,
66 "ipv6_first": $ipv6_first,
67 "fast_open": $fast_open,
68 "reuse_port": $reuse_port,
69 ${local_address:+${q}local_address${q}: ${q}$local_address${q},}
70 ${local_port:+${q}local_port${q}: $local_port,}
71 ${mode:+${q}mode${q}: ${q}$mode${q},}
72 ${mtu:+${q}mtu${q}: $mtu,}
73 ${timeout:+${q}timeout${q}: $timeout,}
74 ${user:+${q}user${q}: ${q}$user${q},}
75 EOF
76 }
77
78 ss_mkjson_ss_local_conf() {
79 ss_mkjson_server_conf
80 }
81
82 ss_mkjson_ss_redir_conf() {
83 ss_mkjson_server_conf || return 1
84 [ "$disable_sni" = 0 ] && disable_sni=false || disable_sni=true
85 cat <<-EOF
86 ${q}disable_sni${q}: $disable_sni,
87 EOF
88 }
89
90 ss_mkjson_ss_server_conf() {
91 ss_mkjson_server_conf_
92 }
93
94 ss_mkjson_ss_tunnel_conf() {
95 ss_mkjson_server_conf || return 1
96 [ -n "$tunnel_address" ] || return 1
97 cat <<-EOF
98 ${tunnel_address:+${q}tunnel_address${q}: ${q}$tunnel_address${q},}
99 EOF
100 }
101
102 ss_xxx() {
103 local cfg="$1"
104 local cfgtype="$2"
105 local bin="$ss_bindir/${cfgtype/_/-}"
106 local confjson="$ss_confdir/$cfgtype.$cfg.json"
107
108 [ -x "$bin" ] || return
109 eval "$("validate_${cfgtype}_section" "$cfg" ss_validate_mklocal)"
110 "validate_${cfgtype}_section" "$cfg"
111 [ "$disabled" = 0 ] || return
112
113 if ss_mkjson \
114 ss_mkjson_common_conf \
115 ss_mkjson_${cfgtype}_conf \
116 ; then
117 procd_open_instance "$cfgtype.$cfg"
118 procd_set_param command "$bin" -c "$confjson"
119 [ "$verbose" = 0 ] || procd_append_param command -v
120 [ -z "$bind_address" ] || procd_append_param command -b "$bind_address"
121 [ -z "$manager_address" ] || procd_append_param command --manager-address "$manager_address"
122 procd_set_param file "$confjson"
123 procd_set_param respawn
124 procd_close_instance
125 ss_rules_cb "$cfg"
126 fi
127 }
128
129 ss_rules_cb() {
130 local cfgserver
131 local server
132
133 [ "$cfgtype" != ss_server ] || return
134 config_get cfgserver "$cfg" server
135 config_get server "$cfgserver" server
136
137 ss_rules_servers="$ss_rules_servers $server"
138 if [ "$cfgtype" = ss_redir ]; then
139 if [ "$mode" = tcp_only -o "$mode" = "tcp_and_udp" ]; then
140 eval "ss_rules_redir_tcp_$cfg=$local_port"
141 fi
142 if [ "$mode" = udp_only -o "$mode" = "tcp_and_udp" ]; then
143 eval "ss_rules_redir_udp_$cfg=$local_port"
144 eval "ss_rules_redir_server_udp_$cfg=$server"
145 fi
146 fi
147 }
148
149 ss_rules() {
150 local cfg="ss_rules"
151 local bin="$ss_bindir/ss-rules"
152 local cfgtype
153 local args local_port_tcp local_port_udp server_udp
154 local i a_args d_args
155
156 [ -x "$bin" ] || return 1
157 config_get cfgtype "$cfg" TYPE
158 [ "$cfgtype" = ss_rules ] || return 1
159
160 eval "$(validate_ss_rules_section "$cfg" ss_validate_mklocal)"
161 validate_ss_rules_section "$cfg"
162 [ "$disabled" = 0 ] || return 1
163
164 eval local_port_tcp="\$ss_rules_redir_tcp_$redir_tcp"
165 eval local_port_udp="\$ss_rules_redir_udp_$redir_udp"
166 eval server_udp="\$ss_rules_redir_server_udp_$redir_udp"
167 [ -z "$local_port_udp" ] || args="$args -U"
168 case "$local_default" in
169 forward) args="$args -O" ;;
170 checkdst) args="$args -o" ;;
171 esac
172 case "$src_default" in
173 bypass) d_args=RETURN ;;
174 forward) d_args=SS_SPEC_WAN_FW ;;
175 checkdst) d_args=SS_SPEC_WAN_AC ;;
176 esac
177 ss_rules_servers="$(echo "$ss_rules_servers" | tr ' ' '\n' | sort -u)"
178 for i in $src_ips_bypass; do a_args="b,$i $a_args"; done
179 for i in $src_ips_forward; do a_args="g,$i $a_args"; done
180 for i in $src_ips_checkdst; do a_args="n,$i $a_args"; done
181
182 "$bin" \
183 -s "$ss_rules_servers" \
184 -l "$local_port_tcp" \
185 -S "$server_udp" \
186 -L "$local_port_udp" \
187 -B "$dst_ips_bypass_file" \
188 -W "$dst_ips_forward_file" \
189 -b "$dst_ips_bypass" \
190 -w "$dst_ips_forward" \
191 -e "$ipt_args" \
192 -a "$a_args" \
193 -d "$d_args" \
194 $args \
195 || "$bin" -f
196 }
197
198 start_service() {
199 local cfgtype="$1"
200
201 mkdir -p "$ss_confdir"
202 config_load shadowsocks-libev
203 for cfgtype in ss_local ss_redir ss_server ss_tunnel; do
204 config_foreach ss_xxx "$cfgtype" "$cfgtype"
205 done
206 ss_rules
207 }
208
209 stop_service() {
210 local bin="$ss_bindir/ss-rules"
211
212 [ -x "$bin" ] && "$bin" -f
213 rm -rf "$ss_confdir"
214 }
215
216 service_triggers() {
217 procd_add_reload_interface_trigger wan
218 procd_add_reload_trigger shadowsocks-libev
219 procd_open_validate
220 validate_server_section
221 validate_ss_local_section
222 validate_ss_redir_section
223 validate_ss_rules_section
224 validate_ss_server_section
225 validate_ss_tunnel_section
226 procd_close_validate
227 }
228
229 ss_validate_mklocal() {
230 local tuple opts
231
232 shift 2
233 for tuple in "$@"; do
234 opts="${tuple%%:*} $opts"
235 done
236 [ -z "$opts" ] || echo "local $opts"
237 }
238
239 ss_validate() {
240 uci_validate_section shadowsocks-libev "$@"
241 }
242
243 validate_common_server_options_() {
244 local cfgtype="$1"; shift
245 local cfg="$1"; shift
246 local func="$1"; shift
247 local stream_methods='"table", "rc4", "rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20", "chacha20-ietf"'
248 local aead_methods='"aes-128-gcm", "aes-192-gcm", "aes-256-gcm"'
249
250 "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
251 'disabled:bool:0' \
252 'server:host' \
253 'server_port:port' \
254 'password:string' \
255 'key:string' \
256 "method:or($stream_methods, $aead_methods)"
257 }
258
259 validate_common_client_options_() {
260 validate_common_options_ "$@" \
261 'server:uci("shadowsocks-libev", "@server")' \
262 'local_address:host:0.0.0.0' \
263 'local_port:port'
264 }
265
266 validate_common_options_() {
267 local cfgtype="$1"; shift
268 local cfg="$1"; shift
269 local func="$1"; shift
270
271 "${func:-ss_validate}" "$cfgtype" "$cfg" "$@" \
272 'disabled:bool:0' \
273 'fast_open:bool:0' \
274 'ipv6_first:bool:0' \
275 'reuse_port:bool:0' \
276 'verbose:bool:0' \
277 'mode:or("tcp_only", "udp_only", "tcp_and_udp"):tcp_only' \
278 'mtu:uinteger' \
279 'timeout:uinteger' \
280 'user:string'
281 }
282
283 validate_server_section() {
284 validate_common_server_options_ server "$1" "${2}"
285 }
286
287 validate_ss_local_section() {
288 validate_common_client_options_ ss_local "$1" "${2}"
289 }
290
291 validate_ss_redir_section() {
292 validate_common_client_options_ ss_redir "$1" \
293 "${2}" \
294 'disable_sni:bool:0'
295 }
296
297 validate_ss_rules_section() {
298 "${2:-ss_validate}" ss_rules "$1" \
299 'disabled:bool:0' \
300 'redir_tcp:uci("shadowsocks-libev", "@ss_redir")' \
301 'redir_udp:uci("shadowsocks-libev", "@ss_redir")' \
302 'src_ips_bypass:list(ipaddr)' \
303 'src_ips_forward:list(ipaddr)' \
304 'src_ips_checkdst:list(ipaddr)' \
305 'dst_ips_bypass_file:file' \
306 'dst_ips_bypass:list(ipaddr)' \
307 'dst_ips_forward_file:file' \
308 'dst_ips_forward:list(ipaddr)' \
309 'src_default:or("bypass", "forward", "checkdst")' \
310 'local_default:or("bypass", "forward", "checkdst")' \
311 'ipt_args:string'
312 }
313
314 validate_ss_server_section() {
315 validate_common_server_options_ ss_server "$1" \
316 validate_common_options_ \
317 "${2}" \
318 'bind_address:ipaddr' \
319 'manager_address:host'
320 }
321
322 validate_ss_tunnel_section() {
323 validate_common_client_options_ ss_tunnel "$1" \
324 "${2}" \
325 'tunnel_address:regex(".+\:[0-9]+")'
326 }
Mirror of packages feed